How can I be pwned if I'm not registered on the compromised site?Is it safe to check password against the HIBP Pwned Passwords API during account registration?Search on email domains using the Have I Been Pwned API?Why is breach-detection site “Have I Been Pwned” considered safe?Email pwned versus password not pwned
Caulking a corner instead of taping with joint compound?
Is there a frame of reference in which I was born before I was conceived?
Create chunks from an array
What is a term for a function that when called repeatedly, has the same effect as calling once?
What is the meaning of "notice to quit at once" and "Lotty points”
How to mitigate "bandwagon attacking" from players?
Practical reasons to have both a large police force and bounty hunting network?
Why do phishing e-mails use faked e-mail addresses instead of the real one?
How can I highlight parts in a screenshot
How do I deal with being envious of my own players?
3.5% Interest Student Loan or use all of my savings on Tuition?
Meaning of word ягоза
Why would the IRS ask for birth certificates or even audit a small tax return?
I've given my players a lot of magic items. Is it reasonable for me to give them harder encounters?
Why doesn't "adolescent" take any articles in "listen to adolescent agonising"?
Split a number into equal parts given the number of parts
Is there any relevance to Thor getting his hair cut other than comedic value?
Is there a math equivalent to the conditional ternary operator?
Why won't the strings command stop?
PTIJ: What dummy is the Gemara referring to?
Should we avoid writing fiction about historical events without extensive research?
How does signal strength relate to bandwidth?
I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?
Lock enemy's y-axis when using Vector3.MoveTowards to follow the player
How can I be pwned if I'm not registered on the compromised site?
Is it safe to check password against the HIBP Pwned Passwords API during account registration?Search on email domains using the Have I Been Pwned API?Why is breach-detection site “Have I Been Pwned” considered safe?Email pwned versus password not pwned
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
edited yesterday
Jasper
1032
asked 2 days ago
PureferretPureferret
1,27641415
|
show 4 more comments
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
edited yesterday
Jasper
1032
asked 2 days ago
PureferretPureferret
1,27641415
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
2 days ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
2 days ago
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
2 days ago
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
yesterday
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
yesterday
|
show 4 more comments
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
edited yesterday
Jasper
1032
asked 2 days ago
PureferretPureferret
1,27641415
I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).
I have no memory of signing up for that service.
When I go to recover the account (I might as well close/change password), I get this:
The two facts seem incongruous:
Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?
How do I find out the true situation, and what is the most secutre course of action?
have-i-been-pwned breach
have-i-been-pwned breach
edited yesterday
Jasper
1032
asked 2 days ago
PureferretPureferret
1,27641415
edited yesterday
Jasper
1032
asked 2 days ago
PureferretPureferret
1,27641415
edited yesterday
Jasper
1032
edited yesterday
Jasper
1032
edited yesterday
Jasper
1032
1032
asked 2 days ago
PureferretPureferret
1,27641415
asked 2 days ago
PureferretPureferret
1,27641415
asked 2 days ago
PureferretPureferret
1,27641415
1,27641415
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
2 days ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
2 days ago
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
2 days ago
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
yesterday
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
yesterday
|
show 4 more comments
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
2 days ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
2 days ago
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
2 days ago
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
yesterday
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
yesterday
6
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
2 days ago
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
2 days ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
2 days ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
2 days ago
1
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
2 days ago
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
2 days ago
1
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
yesterday
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
yesterday
1
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
yesterday
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
yesterday
|
show 4 more comments
3 Answers
3
active
oldest
votes
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
answered 2 days ago
AndrolGenhaldAndrolGenhald
11.4k52837
63
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
2 days ago
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
2 days ago
9
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
2 days ago
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
2 days ago
11
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
yesterday
|
show 6 more comments
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
answered 2 days ago
hairydresdenhairydresden
75818
12
Well spotted... Seems like an unusual approach?
– Pureferret
2 days ago
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 days ago
4
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
yesterday
7
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
yesterday
add a comment |
As much as all of the theories are tangible, the biggest possibility is that the creator of the website is having
a data issue, website X is meant to have ID X however has ID Y and thus is displaying data from ID Y. Why would anybody be signing up for services they won't be able to use with an email they cannot use either, they could just use random strings if it was a brute force attack.
Thus you've been been 'pwned' just not on the website it is incorrectly displaying.
I think this is the most probable cause.
answered 15 hours ago
Jack WilliamsJack Williams
112
New contributor
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I..I don't follow any of what you've said. Which wesite, why would it have Y and not X...how would the wrong infor get to HIBP?
– Pureferret
15 hours ago
You're telling me it's more logical for somebody to be putting in somebodies email for no reason, than for the person who coded the website to of made a real simple mistake? - X is a representative of anything, like N would be in maths. And if you're asking what website I'm talking about, the one the question is.. 'haveibeenpwned' I've just realised you've not read the question originally, which is why you're confused at my answer, to the question you've not read.
– Jack Williams
15 hours ago
Jack, I wrote the question. I don't know if you're saying the mistake is on HIBP, or the compromised website? Is ID an email address or like a database row ID?
– Pureferret
15 hours ago
Apologies - actually didn't notice that. Referring to 'haveibeenpwned' putting the wrong id's onto pieces of data, so when the ID is called (database row ID for example) it displays the wrong data.
– Jack Williams
14 hours ago
1
I doubt that it's just a mistake on HIBP's end.
– Ave
8 hours ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-the-compromised-site%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
answered 2 days ago
AndrolGenhaldAndrolGenhald
11.4k52837
63
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
2 days ago
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
2 days ago
9
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
2 days ago
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
2 days ago
11
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
yesterday
|
show 6 more comments
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
answered 2 days ago
AndrolGenhaldAndrolGenhald
11.4k52837
63
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
2 days ago
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
2 days ago
9
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
2 days ago
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
2 days ago
11
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
yesterday
|
show 6 more comments
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
answered 2 days ago
AndrolGenhaldAndrolGenhald
11.4k52837
From the FAQ:
Why do I see my email address as breached on a service I never signed up to?
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?
It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.
answered 2 days ago
AndrolGenhaldAndrolGenhald
11.4k52837
answered 2 days ago
AndrolGenhaldAndrolGenhald
11.4k52837
answered 2 days ago
AndrolGenhaldAndrolGenhald
11.4k52837
answered 2 days ago
AndrolGenhaldAndrolGenhald
11.4k52837
11.4k52837
63
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
2 days ago
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
2 days ago
9
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
2 days ago
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
2 days ago
11
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
yesterday
|
show 6 more comments
63
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
2 days ago
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
2 days ago
9
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
2 days ago
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
2 days ago
11
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
yesterday
63
63
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
2 days ago
One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.
– DrakaSAN
2 days ago
3
3
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
2 days ago
@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.
– bta
2 days ago
9
9
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
2 days ago
@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.
– mtraceur
2 days ago
2
2
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
2 days ago
@mckenzm Teach me your ways so that I can invoice or sue for unsolicited non-verification email too. We'll pincer maneuver them into no email, but that's probably for the best.
– mtraceur
2 days ago
11
11
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
yesterday
@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.
– Dubu
yesterday
|
show 6 more comments
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
answered 2 days ago
hairydresdenhairydresden
75818
12
Well spotted... Seems like an unusual approach?
– Pureferret
2 days ago
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 days ago
4
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
yesterday
7
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
yesterday
add a comment |
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
answered 2 days ago
hairydresdenhairydresden
75818
12
Well spotted... Seems like an unusual approach?
– Pureferret
2 days ago
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 days ago
4
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
yesterday
7
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
yesterday
add a comment |
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
answered 2 days ago
hairydresdenhairydresden
75818
Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:
ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.
https://www.sharethis.com/data-privacy-incident/
answered 2 days ago
hairydresdenhairydresden
75818
edited 2 days ago
answered 2 days ago
hairydresdenhairydresden
75818
answered 2 days ago
hairydresdenhairydresden
75818
answered 2 days ago
hairydresdenhairydresden
75818
75818
12
Well spotted... Seems like an unusual approach?
– Pureferret
2 days ago
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 days ago
4
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
yesterday
7
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
yesterday
add a comment |
12
Well spotted... Seems like an unusual approach?
– Pureferret
2 days ago
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 days ago
4
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
yesterday
7
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
yesterday
12
12
Well spotted... Seems like an unusual approach?
– Pureferret
2 days ago
Well spotted... Seems like an unusual approach?
– Pureferret
2 days ago
3
3
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 days ago
@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.
– hairydresden
2 days ago
4
4
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
yesterday
As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.
– Pureferret
yesterday
7
7
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
yesterday
On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.
– Paul Johnson
yesterday
add a comment |
As much as all of the theories are tangible, the biggest possibility is that the creator of the website is having
a data issue, website X is meant to have ID X however has ID Y and thus is displaying data from ID Y. Why would anybody be signing up for services they won't be able to use with an email they cannot use either, they could just use random strings if it was a brute force attack.
Thus you've been been 'pwned' just not on the website it is incorrectly displaying.
I think this is the most probable cause.
answered 15 hours ago
Jack WilliamsJack Williams
112
New contributor
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I..I don't follow any of what you've said. Which wesite, why would it have Y and not X...how would the wrong infor get to HIBP?
– Pureferret
15 hours ago
You're telling me it's more logical for somebody to be putting in somebodies email for no reason, than for the person who coded the website to of made a real simple mistake? - X is a representative of anything, like N would be in maths. And if you're asking what website I'm talking about, the one the question is.. 'haveibeenpwned' I've just realised you've not read the question originally, which is why you're confused at my answer, to the question you've not read.
– Jack Williams
15 hours ago
Jack, I wrote the question. I don't know if you're saying the mistake is on HIBP, or the compromised website? Is ID an email address or like a database row ID?
– Pureferret
15 hours ago
Apologies - actually didn't notice that. Referring to 'haveibeenpwned' putting the wrong id's onto pieces of data, so when the ID is called (database row ID for example) it displays the wrong data.
– Jack Williams
14 hours ago
1
I doubt that it's just a mistake on HIBP's end.
– Ave
8 hours ago
add a comment |
As much as all of the theories are tangible, the biggest possibility is that the creator of the website is having
a data issue, website X is meant to have ID X however has ID Y and thus is displaying data from ID Y. Why would anybody be signing up for services they won't be able to use with an email they cannot use either, they could just use random strings if it was a brute force attack.
Thus you've been been 'pwned' just not on the website it is incorrectly displaying.
I think this is the most probable cause.
answered 15 hours ago
Jack WilliamsJack Williams
112
New contributor
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I..I don't follow any of what you've said. Which wesite, why would it have Y and not X...how would the wrong infor get to HIBP?
– Pureferret
15 hours ago
You're telling me it's more logical for somebody to be putting in somebodies email for no reason, than for the person who coded the website to of made a real simple mistake? - X is a representative of anything, like N would be in maths. And if you're asking what website I'm talking about, the one the question is.. 'haveibeenpwned' I've just realised you've not read the question originally, which is why you're confused at my answer, to the question you've not read.
– Jack Williams
15 hours ago
Jack, I wrote the question. I don't know if you're saying the mistake is on HIBP, or the compromised website? Is ID an email address or like a database row ID?
– Pureferret
15 hours ago
Apologies - actually didn't notice that. Referring to 'haveibeenpwned' putting the wrong id's onto pieces of data, so when the ID is called (database row ID for example) it displays the wrong data.
– Jack Williams
14 hours ago
1
I doubt that it's just a mistake on HIBP's end.
– Ave
8 hours ago
add a comment |
As much as all of the theories are tangible, the biggest possibility is that the creator of the website is having
a data issue, website X is meant to have ID X however has ID Y and thus is displaying data from ID Y. Why would anybody be signing up for services they won't be able to use with an email they cannot use either, they could just use random strings if it was a brute force attack.
Thus you've been been 'pwned' just not on the website it is incorrectly displaying.
I think this is the most probable cause.
answered 15 hours ago
Jack WilliamsJack Williams
112
New contributor
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
As much as all of the theories are tangible, the biggest possibility is that the creator of the website is having
a data issue, website X is meant to have ID X however has ID Y and thus is displaying data from ID Y. Why would anybody be signing up for services they won't be able to use with an email they cannot use either, they could just use random strings if it was a brute force attack.
Thus you've been been 'pwned' just not on the website it is incorrectly displaying.
I think this is the most probable cause.
answered 15 hours ago
Jack WilliamsJack Williams
112
New contributor
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 15 hours ago
Jack WilliamsJack Williams
112
New contributor
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 15 hours ago
Jack WilliamsJack Williams
112
answered 15 hours ago
Jack WilliamsJack Williams
112
112
New contributor
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Jack Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I..I don't follow any of what you've said. Which wesite, why would it have Y and not X...how would the wrong infor get to HIBP?
– Pureferret
15 hours ago
You're telling me it's more logical for somebody to be putting in somebodies email for no reason, than for the person who coded the website to of made a real simple mistake? - X is a representative of anything, like N would be in maths. And if you're asking what website I'm talking about, the one the question is.. 'haveibeenpwned' I've just realised you've not read the question originally, which is why you're confused at my answer, to the question you've not read.
– Jack Williams
15 hours ago
Jack, I wrote the question. I don't know if you're saying the mistake is on HIBP, or the compromised website? Is ID an email address or like a database row ID?
– Pureferret
15 hours ago
Apologies - actually didn't notice that. Referring to 'haveibeenpwned' putting the wrong id's onto pieces of data, so when the ID is called (database row ID for example) it displays the wrong data.
– Jack Williams
14 hours ago
1
I doubt that it's just a mistake on HIBP's end.
– Ave
8 hours ago
add a comment |
1
I..I don't follow any of what you've said. Which wesite, why would it have Y and not X...how would the wrong infor get to HIBP?
– Pureferret
15 hours ago
You're telling me it's more logical for somebody to be putting in somebodies email for no reason, than for the person who coded the website to of made a real simple mistake? - X is a representative of anything, like N would be in maths. And if you're asking what website I'm talking about, the one the question is.. 'haveibeenpwned' I've just realised you've not read the question originally, which is why you're confused at my answer, to the question you've not read.
– Jack Williams
15 hours ago
Jack, I wrote the question. I don't know if you're saying the mistake is on HIBP, or the compromised website? Is ID an email address or like a database row ID?
– Pureferret
15 hours ago
Apologies - actually didn't notice that. Referring to 'haveibeenpwned' putting the wrong id's onto pieces of data, so when the ID is called (database row ID for example) it displays the wrong data.
– Jack Williams
14 hours ago
1
I doubt that it's just a mistake on HIBP's end.
– Ave
8 hours ago
1
1
I..I don't follow any of what you've said. Which wesite, why would it have Y and not X...how would the wrong infor get to HIBP?
– Pureferret
15 hours ago
I..I don't follow any of what you've said. Which wesite, why would it have Y and not X...how would the wrong infor get to HIBP?
– Pureferret
15 hours ago
You're telling me it's more logical for somebody to be putting in somebodies email for no reason, than for the person who coded the website to of made a real simple mistake? - X is a representative of anything, like N would be in maths. And if you're asking what website I'm talking about, the one the question is.. 'haveibeenpwned' I've just realised you've not read the question originally, which is why you're confused at my answer, to the question you've not read.
– Jack Williams
15 hours ago
You're telling me it's more logical for somebody to be putting in somebodies email for no reason, than for the person who coded the website to of made a real simple mistake? - X is a representative of anything, like N would be in maths. And if you're asking what website I'm talking about, the one the question is.. 'haveibeenpwned' I've just realised you've not read the question originally, which is why you're confused at my answer, to the question you've not read.
– Jack Williams
15 hours ago
Jack, I wrote the question. I don't know if you're saying the mistake is on HIBP, or the compromised website? Is ID an email address or like a database row ID?
– Pureferret
15 hours ago
Jack, I wrote the question. I don't know if you're saying the mistake is on HIBP, or the compromised website? Is ID an email address or like a database row ID?
– Pureferret
15 hours ago
Apologies - actually didn't notice that. Referring to 'haveibeenpwned' putting the wrong id's onto pieces of data, so when the ID is called (database row ID for example) it displays the wrong data.
– Jack Williams
14 hours ago
Apologies - actually didn't notice that. Referring to 'haveibeenpwned' putting the wrong id's onto pieces of data, so when the ID is called (database row ID for example) it displays the wrong data.
– Jack Williams
14 hours ago
1
1
I doubt that it's just a mistake on HIBP's end.
– Ave
8 hours ago
I doubt that it's just a mistake on HIBP's end.
– Ave
8 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-the-compromised-site%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
6
Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?
– kasperd
2 days ago
@kasperd yes, sorry if that is not clear from my question
– Pureferret
2 days ago
1
On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.
– kasperd
2 days ago
1
Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir
– Ole Albers
yesterday
1
@Pureferret depends on the kind of information aside from your email address that was included in that site's profile/settings. If you're not familiar with the site and can't even login using the email address reported, you're probably safe. This was just an extremely edge case that popped into my head.
– TylerH
yesterday