data breach, don't know which password
Hi, I've been notified that there was a data breach of my email and password - but the data breach was at a company where I do not have an account. I guess that is possible somehow, but how do I figure out which password they got, because all my passwords for different companies are different. If they got a password for some other company I should change it, but I don't know which one to change.
Solution choisie
Hello,
It's little bit complicated situation for you because data breaches can harm you in masssive way and a more thing which may disappoint you that all data breaches not announced to the public at a time, first companies investigate it. So, for your personal security me and Firefox monitor both can say only one thing change your passwords immediately... i know changing password of every account you have ever made is not possible but you can change passwords of those accounts which you use frequently.
Thanks !
Lire cette réponse dans son contexte 👍 1Toutes les réponses (9)
Hi becky14,
As you are saying that you don't have any account in that company, then the notification must be Spam. so, you should just ignore it because i never personally heard that some company sends you the data breach warning.
Thank You !
Hi Shashank, Thank you so much for your reply. I also thought it must be spam. But wondered because the email I got supposedly at least came from Firefox Monitor, and when I checked on Firefox Monitor's website the hacked company (PetFlow) is listed as having a breach as of today. Email I got came from "Firefox Monitor <breach-alerts@mozilla.com>"
Solution choisie
Hello,
It's little bit complicated situation for you because data breaches can harm you in masssive way and a more thing which may disappoint you that all data breaches not announced to the public at a time, first companies investigate it. So, for your personal security me and Firefox monitor both can say only one thing change your passwords immediately... i know changing password of every account you have ever made is not possible but you can change passwords of those accounts which you use frequently.
Thanks !
Thank you Shashank, I appreciate your time and advice.
Hi,
Is very important that you change your password of those accounts because the compannies don't annuncie before they investigate it.
Do it!
[removed link]
Modifié le
I have the same problem. I have received notices of data breaches from companies I have never heard of and do not have never had an account with, but Mozilla suggests I change the password for a company I've never had an account with. I'm confused by some of the answers above. Are you saying these companies are spam and can be ignored, or have these companies somehow gotten all of the different passwords I use for different websites? Thanks.
Hi Colleen, Firefox Monitor provides data about breaches on all kinds of sites: sites where you had an account, sites of data brokers that sells people's contact information, sites whose owners bought lists from data brokers, and so on.
If the breach was not a site where you directly had an account, they probably didn't leak your password or security questions/answers associated with your email address -- how would they have gotten them? Still, it's worth reading more about the breach if you have time. There may be additional information on the Monitor site as well as from Mozilla's data partner, https://haveibeenpwned.com/ about exactly what kinds of data leaked.
As of this moment, my Firefox Monitor dashboard - https://monitor.firefox.com/user/dashboard lists four sites which have been breached, on which I have accounts. No doubt there must be hundreds or thousands of other breaches taken place over the past few years, but they're not referenced on my dashboard because I don't have accounts with them. I'd assume your notifications were spam.
Tony98 said
I'd assume your notifications were spam.
That's not how it works. If someone has a breach and the leaked data includes your email address, you get a notification. Doesn't matter whether you have an account at the site/company that suffered the breach.