I got an email at the time of the breach from MFP to advise. Unfortunately HaveIBeenPwned can’t do anything to notify you until the email addresses (and breached data) are known to the public.
2 Likes
It’s up to the individual breached service to inform you that their servers have been breached and that your data may have been compromised.
What Have I Been Pwned? does is confirm that they have found a data dump that includes your data.
Because of the gap between a breach being known and the data being found in the wild (or otherwise sourced), that’s why it can take some time to appear on HIBP (and it may never, depending on the scale of the breach). Despite the delay, the system is working as designed.
When you get an email from a service saying your data may have been compromised, this is the point where you should change your password (and if you’ve used the same password elsewhere, change it across all those sites too).
I myself found HIBP most useful for alerting me to breaches where I wasn’t informed by the company at the time (or I missed it, for some reason), but that part is less called for now given the better reporting of breaches.
The other thing I find it useful for is an at-a-glance exposure reports. Couple of breaches? That email is OK. Pages and pages of breaches? Never mind passwords, time to burn that email down and use a new one instead.
tl;dr, HIBP isn’t perfect (nothing is), but it is working as designed.
2 Likes
Thank you all for the replies - I understand it a little better now. R-
3 Likes
Not a hack as such(More a spearphish) but
I have my own policy of actually never answering my moible phone to any number I don’t recognise. I just let it ring out. Scammers hardly ever let the phone ring past 5 full rings before they cut the call anyway. I’ve had two scam calls today, one from Liverpool and one from London. As I don’t know anyone in either city, I’m never going to answer it. Last week, I had a call pop up on my 'phone from Senegal, like I’m ever going to answer a scammer from there! Obviously if it is a member of family or a close friend, I will answer, but any other number, landline or mobile, I just ignore it and block it. I have also disabled my voicemail. Basically, if someone wants to get hold of me, then they can send me a text with their name and phone number or an email and I’ll decide whether or not to grace them with a response.
3 Likes
I think the thing about the case above is how targeted it was and especially how it used the banks own phone number(therefore you would plausibly believe it was the bank)
I have a similar policy that any phone number I don’t know I let it ring out and either they will leave a voice mail if its actually important or they won’t
Oh I agree, I can absolutely understand how many people might be taken in by that scenario. For myself, even if that situation had occurred, I still personally wouldn’t have answered it, I’d have called the bank direct myself using the number on the back of my card or awaited a secure in app message before making any decision to contact the caller.
As a direct result of the above story being posted, I’ve just removed the contact numbers of 4 banks from my phone contact list, deleted the contacts entirely. If my 2 active banks wish to contact me, they can do so through secure in app messaging.
2 Likes
I would try to a at least month+year as well : )
I always wonder why people don’t ring back their bank on their mobile (I know there was a fraud where they kept a landline active when the victim thought it was inactive) when they get telephone calls like this. I guess panic overtakes them. That is what I was told when working in a child protection department. Any Tom, Dick or Harry could call you and be anyone. Get a name and reference then always call back on a number you have sourced yourself from an official source.
4 Likes
Greater Manchester Police Federation (independent of the Police itself) recently got hacked, data of all cops in Manchester in undercover, specialist units, counter terrorism etc
Includes home address, family situations, worrying given current climate
WHAT HOW?! 
If someone in your area or group now disappears you know they were a fed 
1 Like
Looks like just the North American version, not UK
That we know…
EasyJet has admitted that a “highly sophisticated cyber-attack” has affected nine million customers.
It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details “accessed”.
The firm has informed the UK’s Information Commissioner’s Office and is continuing to investigate the breach.
1 Like