cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Email and password on sale on darkweb

FIXED
Nimblebimble
Newbie
Posts: 4
Thanks: 6
Registered: ‎03-01-2018

Email and password on sale on darkweb

‎03-01-2018 4:58 PM - edited ‎03-01-2018 5:00 PM

Experian have informed me that my email and password for plusnet is now freely available for people to buy on the darkweb.

 

i was wondering if someone could advise me how this could happen, I imagine there is some record of the login attempts made.

 

Being that my stuff is all up to date in regards to security, perhaps you've had someone gather this info from yourselves or is it an inside job ?

 

many thanks.

 

ps after the worse home move experience I had recently ,this just about kisses our business together good bye.

 

 

Message 1 of 13
(6,178 Views)
12 REPLIES 12
Jaggies
Aspiring Pro
Posts: 1,694
Thanks: 33
Fixes: 2
Registered: ‎29-06-2010

Re: Email and password on sale on darkweb

‎03-01-2018 7:38 PM

First thing I would do, assuming this is genuine, is change your password and make it as strong as you can.
Message 2 of 13
(6,132 Views)
0 Thanks
pjmarsh
Superuser
Superuser
Posts: 4,015
Thanks: 1,558
Fixes: 20
Registered: ‎06-04-2007

Re: Email and password on sale on darkweb

‎04-01-2018 9:27 AM

If I remember correctly, Experian where hacked a little while ago. At a total guess I suspect they are saying that your experian username (email address) and password where taken and are available, rather that your Plusnet details, though if that is a Plusnet email address and you use the same password for both then it would amount to the same thing.

 

It would definitely be safest and certainly wouldn't do any harm (other than take a bit of your time), to go through and change the passwords anywhere that you've used that same password.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 3 of 13
(6,082 Views)
Nimblebimble
Newbie
Posts: 4
Thanks: 6
Registered: ‎03-01-2018

Re: Email and password on sale on darkweb

‎04-01-2018 9:35 AM

Done straight away, but there seems to be some serious security issues with plusnet

 

some digging has revealed this article where someone has had full passwords relayed back to them, something which is very, very wrong.

 

https://www.grahamcluley.com/plusnet-isnt-acting-safely-password/

 

If true this is a huge flaw in the way plusnet store passwords, and has been since before 2015

 

to note today my plusnet router is now unconnected from broadband over night, yet we have no outages in the area.

 

Im now deeply concerned by plusnets activity, and will be taking this further.

 

 

 

 

 

Message 4 of 13
(6,073 Views)
0 Thanks
Nimblebimble
Newbie
Posts: 4
Thanks: 6
Registered: ‎03-01-2018

Re: Email and password on sale on darkweb

‎04-01-2018 9:38 AM

@pjmarsh

 

All changed, it's definitely plusnet webmail, I have three separate flags come up.

Message 5 of 13
(6,072 Views)
0 Thanks
Oldjim
Community Veteran
Posts: 38,460
Thanks: 1,028
Fixes: 63
Registered: ‎15-06-2007

Re: Email and password on sale on darkweb

‎04-01-2018 9:41 AM

https://community.plus.net/t5/Plusnet-Blogs/Webmail-Incident-Report/ba-p/1313738

 

Message 6 of 13
(6,063 Views)
Anonymous
Not applicable

Re: Email and password on sale on darkweb

‎04-01-2018 9:42 AM

@pjmarsh, wasn't that Equifax and not Experian?

http://www.bbc.co.uk/news/business-41575188

 

Message 7 of 13
(6,059 Views)
pjmarsh
Superuser
Superuser
Posts: 4,015
Thanks: 1,558
Fixes: 20
Registered: ‎06-04-2007

Re: Email and password on sale on darkweb

‎04-01-2018 9:49 AM

@Anonymous, ah yes you're right.  The Experian hack was a couple of years ago: https://www.theguardian.com/business/2015/oct/01/experian-hack-t-mobile-credit-checks-personal-information

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 8 of 13
(6,047 Views)
0 Thanks
Anonymous
Not applicable

Re: Email and password on sale on darkweb

‎04-01-2018 9:53 AM

Even then that hack was only in the USA and limited to T-Mobile Credit Checks, so I don't think this will be related to the OPs issue.

Message 9 of 13
(6,037 Views)
0 Thanks
Oldjim
Community Veteran
Posts: 38,460
Thanks: 1,028
Fixes: 63
Registered: ‎15-06-2007

Re: Email and password on sale on darkweb

‎04-01-2018 9:54 AM

this is a quick check - just put in your username https://haveibeenpwned.com/

Message 10 of 13
(6,036 Views)
0 Thanks
pjmarsh
Superuser
Superuser
Posts: 4,015
Thanks: 1,558
Fixes: 20
Registered: ‎06-04-2007

Re: Email and password on sale on darkweb

‎04-01-2018 9:56 AM

Yes @Anonymous.  As I said earlier I was just working from memory, so obviously mis-remembered the details

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 11 of 13
(6,031 Views)
MatthewWheeler
Plusnet Help Team
Plusnet Help Team
Posts: 8,747
Thanks: 1,374
Fixes: 463
Registered: ‎01-01-2012

Re: Email and password on sale on darkweb

Fix

‎04-01-2018 3:55 PM

We take the responsibility of protecting our customers’ data extremely seriously and as a result have thoroughly investigated these claims. We can guarantee that the compromise of your email address was absolutely not from Plusnet. With regards to the password, Experian shouldn’t be able to tell if it is compromised as this would mean they know it. Our security team would be happy to chat to you about online safety and we have messaged you separately to discuss how we can help you.

If this post resolved your issue please click the 'This fixed my problem' button
 Matthew Wheeler
 Plusnet Help Team
Message 12 of 13
(5,956 Views)
Nimblebimble
Newbie
Posts: 4
Thanks: 6
Registered: ‎03-01-2018

Re: Email and password on sale on darkweb

‎04-01-2018 5:14 PM

Hi Matthew 

 

Experian don't have knowledge of the password, judging from the report sent to me by them, neither does the person selling the information.

Yes, basic online security was observed, no reusing passwords, or storing on devices.

I would like to say a big huge thanks to those who spent time investigating this issue, along with the very knowledgeable gentleman who phoned me to clarify the issue, with the findings of the investigation.

 

Very hugely appreciated 

 

Message 13 of 13
(5,939 Views)