Credit Wise says my "information was exposed on the Dark Web"... really?

I’ve had a few alerts from these guys when signing into, say, Adobe’s web site. Are these cases where password databases are hacked? Or is it usually unsecured website logins? The info that they showed had been exposed had the correct name but an old address. How freaked out should I be?

This is bullshit for a few reasons.

  1. “The Dark Web” is a nebulous and poorly defined concept. It does not have a objective meaning.

  2. Practically everyone’s address is available from indexing sites that pull the data from mortgage records.

  3. Between Facebook, data aggregators, and malicious hacking, we should all just assume our information is already compromised.

  4. I’ve never heard of Credit Wise, but I doubt they are informing you out of the goodness of their hearts. The message is almost definitely an advertisement designed to scare you into buying malware disguised as “security” software.

Well, Adobe was hacked a couple of years ago, and lost a bunch of sign-in passwords, which did turn up for sale. On the ‘dark web’. So a bunch of people who sign into the Adobe website would have had their Adobe sign-in details exposed “on the dark web” a couple of years ago. If that was you, you should have got a fake-looking message from Adobe at the time, and should have changed your password at the time.

Over the years, a /lot/ of people have had one of their passwords exposed, and should have changed the relevant password when they were notified about it.

You can go to Have I Been Pwned and put in your email.

Or, just search for your email and other info and you might find yourself.

it was informative

CreditWise is offered by Capital One Bank as a free service, including a “dark web scan”.

What’s in it for them I can’t say. Likely as a gateway to market paid services to you. Probably not for infecting you with malware, though.

It’s like a “free brake inspection” - there is no such thing. Nobody ever goes in to a mechanic for a “free brake inspection” and gets told “Everything’s fine!”

Capital One? Okay, then I’d treat with all the trustworthiness of a rapid badger.

Are slow badgers more trustworthy? :stuck_out_tongue:

And they are trying to sell you a strong password application of some kind.

I can run from a slow badger. :smiley:

Always treat credit card numbers like toilet paper and discard them the second you have any reason to believe they are soiled.

Just remember to call the number on the card to do so and never follow any link in an email or an incoming phone call.

Yes they do. I checked my email and I was shocked to see that I was the victim of 7 breaches. No worries. All they have is an email address. I have the email address of everyone who sends me an email.

One of my email addresses was hacked from Linked In. This explains why I get the occasional phishing email purportedly either from or about Linked In. Since I have disabled my account there I know that anything that looks like it’s from there is fake. There are a couple of other hacked sites that also result in (obvious, if one knows what to look for) phishing attempts. If that is the worst I can expect, the danger doesn’t seem so very deep.

If it was your credit card number that was compromised there is no value in paying for any services for protection. They simply provide no value.

There are exchanges that trade on stolen credit cards but the recourse is to just get a new number.

I don’t have to run faster than a badger,** ftg**. I just have to run faster than you.

Lemurs can certainly out climb badgers … if there are trees.


The LinkedIn spam. Tons of people get this whether you ever had an account or not. The other day I saw 4 of them in my spam box at the same time. Reporting that people had searched for me on LinkedIn 4, 1, 3 and 5 times in the past week. I guess we live in a multiverse now.

On LinkedIn, users can give it permission to scour their contact lists. That’s why you get spam even if you’ve never used it.