While reading about the things happening to the people caught up in the 2015 Ashley Madison breach, I decided to write about my own adventures with a pwned (compromised) email address. (No, I did not get caught in the A-M breach!)
This old Yahoo! email address was responsible for many IRC/Yahoo! Chat shenanigans. I received my first digital photos on this account (hey, pinkbutterflybaby!), and applied for my first job from this email address. Over the years it has become the address I give when a valid email is required, and a grrl.to address won’t suffice.
Starting around Feb 2019, I’ve had three interesting examples of this email address being used to sign up for various things.
The first (and most interesting one) was an early morning Instagram account creation –
I woke up to this login attempt and tried to get into the account with the password reset. That worked, and the account did not have any followers/posts. I felt like owning the account, so I changed the password to a secure one. Post this, I saw one attempt by the other person to login on that day, and then a few more attempts in the next few months. This one was fun (for me), as I now have two “desirable” Insta handle.
(My other insta handle is desired by a namesake. That person keeps trying to get into the account every few weeks by resetting the password. By the look of his friends who tag me in random pictures and comments, he is an annoyed teen.)
The second one was a more straightforward account creation –
The third one happened two days ago –
Outside of the first instance, the remaining account creations have been rather tame – simply more spam that I did not sign up for. However, it has been interesting to see the life of a pwned valid email address. I’m lucky in the fact that this address is not used for any major accounts. That said it probably has been tested against major sites, like Disney+ to attempt account takeovers. Given that many popular services have been publicly breached – and many have probably been breached, but not found out/revealed the details – it is a good idea to set up alerts for your email addresses on services like haveibeenpwned.com. Changing your passwords to strong passwords, and using a good password manager to secure and manage them will help keep your digital life secure for a long time.
Tushar Richabadas est Senior Product Marketing Manager, Applications and Cloud Security chez Barracuda. Auparavant, il était responsable des produits Web Application Firewall et Load Balancer ADC de Barracuda, et son travail portait plus particulièrement sur le cloud et l'automatisation. Tushar possède une expérience très variée, allant de la gestion des équipes chargées de tester les produits de mise en réseau, à la gestion du marketing technique chez HCL-Cisco. Il suit de près l'évolution rapide de la sécurité numérique et a à cœur de simplifier les choses pour tous dans ce domaine.