myFICO® Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The day has come. Nightmare ensuing. Personal information BREACHED

tag
Get Access Now
Anonymous
Not applicable
‎10-04-2015 03:00 AM
‎10-04-2015 03:00 AM

The day has come. Nightmare ensuing. Personal information BREACHED

The day has come. Nightmare ensuing.  Personal information BREACHED.  AHHH!

 

Just got a myFICO email...

 

Alert - Your information was detected on a black market website

We have detected your personal information on a black market website to be bought or sold.

 

I logon to myFICO and see:

Alert Details

Record Creation Date: 10/3/2015

First Name: my nickname

Last Name: correct last name

Email Address: my correct personal email address

User Password: ●●●●●TzGO

 

CRAP!!!

 

I immediately changed my personal email password.  Hopefully we caught it quick enough to nip it in the bud.  And hopefully nothing else was breached!!!!!!

 

Is there anything i should do?  Maybe create a Lifelock account for redundant monitoring and protection (in addition to myFICO)?  It's bedtime and now i'm kinda freaked out.

Message 1 of 4
0 Kudos
3 REPLIES 3
Rebuilding69
Established Contributor
‎10-04-2015 05:23 AM
‎10-04-2015 05:23 AM

Re: The day has come. Nightmare ensuing. Personal information BREACHED

I got a message from McAfee Total Protection awhile back saying my password for one of my CC websites was on known black market websites. I immediately changed my email & that website passwords, and actually havent used that website since then(only phone transactions) & have been watching my CC statements & reports like a hawk.



Message 2 of 4
0 Kudos
Anonymous
Not applicable
‎10-04-2015 05:55 AM
‎10-04-2015 05:55 AM

Re: The day has come. Nightmare ensuing. Personal information BREACHED

Turn 2-factor security for your email. Some email providers provide 2-factor, such as Google. An example of a 2nd factor would be, after entering password, also responding to a TXT message to be allowed in. 2-factor security can be customized to be more convenient while still pretty secure, such as being required first time only on new devices and/or when a network change is detected.

 

Be aware though that using one's phone as the 2nd factor, while better than nothing is not as secure as using a totally separate device. However, for many, using a seperate device adds cost; inconvenience. Security is a tradeoff. 2-factor on the same device isn't ideal, but still better than 1-factor.

 

At mimimum, even if you check email from your phone, turn on 2-factor security with your email provider.

 

And be sure your email password is different from any other passwords you use elsewhere. While reusing passwords is frowned upon, doing so on less important sites often isn't a biggie. However, email is the most important on-line account many have - more important than banking, credit card, brokerage etc.

 

Many sites utilize email as a recovery mechanism. Email often holds the keys to the kingdom. So if a hacker breaks into one's email account, they can then discover one's account user names for on-line banking, credit cards, etc, and do password resets to potentially get into those other accounts too.

 

In short, turn on 2-factor for extra security. If you're using a "free" email service, security may be lacking no matter what you do. Not all, but some, such as Yahoo, in my view, have a poor track record. Google is among the better ones.

 

LifeLock probably won't catch much more than the current MyFICO monitoring you have. However, it's possible LifeLock may offer better services to assist in resolving id theft issues afterwards. Personally, I don't know enough about MyFICO nor LifeLock to say. Check review sites and BBB too for comments regarding MyFICO and LifeLock for problems people have run into. Maybe both are similar (if so, stick with what you have), or one is far superior over the other.

Message 3 of 4
TheConductor
Established Contributor
‎10-04-2015 07:41 AM
‎10-04-2015 07:41 AM

Re: The day has come. Nightmare ensuing. Personal information BREACHED

+1 to everything ronpa said.  

 

To which I will add, get and use a password manager. Having one (1Password, LastPass, KeePass, etc.) makes it super easy to generate and use different strong passwords for every site where you have an account. And having unique passwords minimizes the amount of damage someone can do when they only have one of your passwords.

 

I also recommend using 2-factor authentication for any financial sites (bank, brokerage, etc) in addition to email. 

 

And I strongly recommend that for any site which has security questions to enable recovering your password (first car owned, mother's maiden name, etc), you make up totally fictional answers to those questions and store them in your password manager. e.g. First Car Owned = Encyclopedia of Kazakhstan, Mother's Maiden Name = Groundhog Day Part 2: Electric Boogaloo.  It's so easy for attackers to get personal information these days that giving true answers to these questions just makes it easier for them to gain access to an account when they don't have the password.

Starting: EQ 622 (myFICO 7/7/12), EX 696 (TU FAKO 8/14/12), TU 621 (CK TransRisk 7/24/12), Total CL $1k on 2 TLs
Current: EQ 709 (CCT 2/4/15), EX 704 (CCT 2/4/15) , TU 702 (CCT 2/4/15), Total CL $110.3k on 14 TLs Goal: 740+ x3
My Wallet: Amex BCP $30k, Chase United Explorer $16k, Amex SPG $13.5k, Barclaycard Ring MC $12.5k, Chase CSP VS $12.2k, Discover it $10.5k, C1 Venture VS $6.5k, Chase Slate $3.5k, Amex Hilton Surpass $2k, Barclaycard Apple V $2k, Chase Freedom V $1100, BoA Cash Rewards V $500, Citi BestBuy $500
My Loans: Prosper $25k/36mo, Prosper $17k/36mo
My Business: Chase Ink VS $5k, Amex BRG NPSL (> 10k),
Message 4 of 4
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.