A bank where I have an auto loan has a credit reporting feature. The feature shows that I have several “Dark Web Alerts” for “Compromised Email Address”. The alerts list the breached sites, for example schmevite.com and schmafepress.com (and others). This doesn’t make sense. How was my email address breached at a website for party invitations and blogging?
I haven’t used either of those site in a long time. I assume my username is my email address. However, my email account not been breached (right?). The recommended action is to change my email password, but my email has not been breached, so why would I do that? Am I expected to change my email password every time some remote site that I’ve barely used is breached? Shouldn’t it be telling me to change my schmevite and schmafepress passwords?
NOTE: I have a different, and reasonably complex password for each site. The point being if someone has breached my scmevite or schmafepress password, which uses my email as the userid, why do I need to change my email password?
But then I have another of the Dark Web Alerts which says “Compromised Email Address”, but does not list a compromised website. Instead it says “Password: Exposed”. Now I’m really concerned. If someone gets into my email account, they can find all of my other passwords (including to financial sites) by requesting password changes.
But that alert was exposed on 4/18/20 and I haven’t lost my money yet. Should I be concerned about this? What do I do? (P.S. “Should I be concerned about this” is rhetorical — I am!).
Thanks for helping me understand.
Go to Source