How can I be pwned if I'm not registered on the compromised site?












50















I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).



I have no memory of signing up for that service.



When I go to recover the account (I might as well close/change password), I get this:



reset password page for ShareThis, but with an error message that reads: 'No user with that Address. Need to Register?'



The two facts seem incongruous:



Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?



How do I find out the true situation, and what is the most secutre course of action?






have-i-been-pwned breach







share|improve this question




















  • 5





    Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?

    – kasperd
    23 hours ago











  • @kasperd yes, sorry if that is not clear from my question

    – Pureferret
    22 hours ago






  • 1





    On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.

    – kasperd
    22 hours ago











  • The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?

    – eckes
    20 hours ago






  • 1





    Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir

    – Ole Albers
    6 hours ago
















50















I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).



I have no memory of signing up for that service.



When I go to recover the account (I might as well close/change password), I get this:



reset password page for ShareThis, but with an error message that reads: 'No user with that Address. Need to Register?'



The two facts seem incongruous:



Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?



How do I find out the true situation, and what is the most secutre course of action?






have-i-been-pwned breach







share|improve this question




















  • 5





    Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?

    – kasperd
    23 hours ago











  • @kasperd yes, sorry if that is not clear from my question

    – Pureferret
    22 hours ago






  • 1





    On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.

    – kasperd
    22 hours ago











  • The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?

    – eckes
    20 hours ago






  • 1





    Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir

    – Ole Albers
    6 hours ago














50












50








50


6






I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).



I have no memory of signing up for that service.



When I go to recover the account (I might as well close/change password), I get this:



reset password page for ShareThis, but with an error message that reads: 'No user with that Address. Need to Register?'



The two facts seem incongruous:



Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?



How do I find out the true situation, and what is the most secutre course of action?






have-i-been-pwned breach







share|improve this question
















I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on).



I have no memory of signing up for that service.



When I go to recover the account (I might as well close/change password), I get this:



reset password page for ShareThis, but with an error message that reads: 'No user with that Address. Need to Register?'



The two facts seem incongruous:



Either I had an account and it was pwned, or I didn't have an account (and thus HIBP is in error)?



How do I find out the true situation, and what is the most secutre course of action?






have-i-been-pwned breach




have-i-been-pwned breach






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 1 hour ago









Jasper

1032




1032










asked yesterday









PureferretPureferret

1,18131314




1,18131314








  • 5





    Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?

    – kasperd
    23 hours ago











  • @kasperd yes, sorry if that is not clear from my question

    – Pureferret
    22 hours ago






  • 1





    On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.

    – kasperd
    22 hours ago











  • The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?

    – eckes
    20 hours ago






  • 1





    Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir

    – Ole Albers
    6 hours ago














  • 5





    Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?

    – kasperd
    23 hours ago











  • @kasperd yes, sorry if that is not clear from my question

    – Pureferret
    22 hours ago






  • 1





    On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.

    – kasperd
    22 hours ago











  • The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?

    – eckes
    20 hours ago






  • 1





    Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir

    – Ole Albers
    6 hours ago








5




5





Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?

– kasperd
23 hours ago





Just making sure I understand this correctly. What you are saying is that you are signed up on HaveIBeenPwned.com but not on the ShareThis website?

– kasperd
23 hours ago













@kasperd yes, sorry if that is not clear from my question

– Pureferret
22 hours ago





@kasperd yes, sorry if that is not clear from my question

– Pureferret
22 hours ago




1




1





On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.

– kasperd
22 hours ago





On my first reading of the question I thought you meant you were not signed up on HaveIBeenPwned.com in which case the answer to your question would have been that somebody was forging emails from HaveIBeenPwned.com in what might have been a phishing scam. After reading the answer and reading the question again, I realized I probably misunderstood the question the first time around.

– kasperd
22 hours ago













The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?

– eckes
20 hours ago





The dumps might also contain contact/invite database entries, so if somebody has uploaded an address book or you did „send this to a friend“ it all could be possible reasons. Does it say the dump contains a password?

– eckes
20 hours ago




1




1





Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir

– Ole Albers
6 hours ago





Just adding that I had the same issue with the "ShareThis" hack. That list might have that behavoir

– Ole Albers
6 hours ago










2 Answers
2






active

oldest

votes


















77














From the FAQ:




Why do I see my email address as breached on a service I never signed up to?



When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?




It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.






share|improve this answer



















  • 36





    One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.

    – DrakaSAN
    22 hours ago






  • 2





    @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.

    – bta
    21 hours ago






  • 3





    @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.

    – mtraceur
    16 hours ago






  • 1





    @mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.

    – Qwertie
    15 hours ago






  • 3





    @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.

    – Dubu
    5 hours ago



















46














Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:




ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.




https://www.sharethis.com/data-privacy-incident/






share|improve this answer





















  • 8





    Well spotted... Seems like an unusual approach?

    – Pureferret
    22 hours ago






  • 2





    @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.

    – hairydresden
    22 hours ago








  • 3





    As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.

    – Pureferret
    5 hours ago






  • 2





    On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.

    – Paul Johnson
    2 hours ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-the-compromised-site%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









77














From the FAQ:




Why do I see my email address as breached on a service I never signed up to?



When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?




It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.






share|improve this answer



















  • 36





    One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.

    – DrakaSAN
    22 hours ago






  • 2





    @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.

    – bta
    21 hours ago






  • 3





    @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.

    – mtraceur
    16 hours ago






  • 1





    @mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.

    – Qwertie
    15 hours ago






  • 3





    @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.

    – Dubu
    5 hours ago
















77














From the FAQ:




Why do I see my email address as breached on a service I never signed up to?



When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?




It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.






share|improve this answer



















  • 36





    One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.

    – DrakaSAN
    22 hours ago






  • 2





    @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.

    – bta
    21 hours ago






  • 3





    @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.

    – mtraceur
    16 hours ago






  • 1





    @mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.

    – Qwertie
    15 hours ago






  • 3





    @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.

    – Dubu
    5 hours ago














77












77








77







From the FAQ:




Why do I see my email address as breached on a service I never signed up to?



When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?




It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.






share|improve this answer













From the FAQ:




Why do I see my email address as breached on a service I never signed up to?



When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see Why am I in a data breach for a site I never signed up to?




It's likely some services allow signing up without confirming an email address, or that accounts that haven't confirmed email addresses are still stored indefinitely but cannot be logged in to, or any number of similar issues.







share|improve this answer












share|improve this answer



share|improve this answer










answered yesterday









AndrolGenhaldAndrolGenhald

11.2k42837




11.2k42837








  • 36





    One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.

    – DrakaSAN
    22 hours ago






  • 2





    @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.

    – bta
    21 hours ago






  • 3





    @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.

    – mtraceur
    16 hours ago






  • 1





    @mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.

    – Qwertie
    15 hours ago






  • 3





    @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.

    – Dubu
    5 hours ago














  • 36





    One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.

    – DrakaSAN
    22 hours ago






  • 2





    @Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.

    – bta
    21 hours ago






  • 3





    @Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.

    – mtraceur
    16 hours ago






  • 1





    @mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.

    – Qwertie
    15 hours ago






  • 3





    @user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.

    – Dubu
    5 hours ago








36




36





One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.

– DrakaSAN
22 hours ago





One other possibility is that, more simply, the database where your address was found was a mix of multiple data leaks, with the majority of the data belonging to ShareThis.

– DrakaSAN
22 hours ago




2




2





@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.

– bta
21 hours ago





@Pureferret The good part is that if you were included because (for instance) someone else mistakenly used your email address, then you don't have to worry about more sensitive information like passwords being leaked as well.

– bta
21 hours ago




3




3





@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.

– mtraceur
16 hours ago





@Pureferret This happens to me all the time. For some reason, some people keep registering accounts to various places with my primary email address. Sometimes I "forgot password" and lock them out, delete the accounts that way, or find contact information and tell them directly to stop using my email (within legal limits), usually I have to contact customer support for the service and demand that they disconnect my email from that account. There really needs to be some sort of public shaming for companies that do anything other than (re)send verification email to an unverified email.

– mtraceur
16 hours ago




1




1





@mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.

– Qwertie
15 hours ago





@mtraceur From what I have seen the lack of verification is not even the result of low skill developers, its an intentional business choice to reduce friction for signing up to a service.

– Qwertie
15 hours ago




3




3





@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.

– Dubu
5 hours ago





@user33040: Well, those addresses are identical to GMail. As are na.me.sur.name@gmail.com, n.a.m.e.s.u.r.n.a.m.e@gmail.com, etc.

– Dubu
5 hours ago













46














Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:




ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.




https://www.sharethis.com/data-privacy-incident/






share|improve this answer





















  • 8





    Well spotted... Seems like an unusual approach?

    – Pureferret
    22 hours ago






  • 2





    @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.

    – hairydresden
    22 hours ago








  • 3





    As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.

    – Pureferret
    5 hours ago






  • 2





    On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.

    – Paul Johnson
    2 hours ago
















46














Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:




ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.




https://www.sharethis.com/data-privacy-incident/






share|improve this answer





















  • 8





    Well spotted... Seems like an unusual approach?

    – Pureferret
    22 hours ago






  • 2





    @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.

    – hairydresden
    22 hours ago








  • 3





    As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.

    – Pureferret
    5 hours ago






  • 2





    On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.

    – Paul Johnson
    2 hours ago














46












46








46







Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:




ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.




https://www.sharethis.com/data-privacy-incident/






share|improve this answer















Adding on to what AndrolGenhald said, they have deactivated all accounts associated with the breach so theres a good chance it won't show up regardless:




ShareThis has already deactivated the ShareThis accounts potentially associated with this incident, so if you created an account prior to January 2017, you may no longer be able to log in.




https://www.sharethis.com/data-privacy-incident/







share|improve this answer














share|improve this answer



share|improve this answer








edited 21 hours ago

























answered 22 hours ago









hairydresdenhairydresden

57818




57818








  • 8





    Well spotted... Seems like an unusual approach?

    – Pureferret
    22 hours ago






  • 2





    @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.

    – hairydresden
    22 hours ago








  • 3





    As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.

    – Pureferret
    5 hours ago






  • 2





    On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.

    – Paul Johnson
    2 hours ago














  • 8





    Well spotted... Seems like an unusual approach?

    – Pureferret
    22 hours ago






  • 2





    @Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.

    – hairydresden
    22 hours ago








  • 3





    As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.

    – Pureferret
    5 hours ago






  • 2





    On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.

    – Paul Johnson
    2 hours ago








8




8





Well spotted... Seems like an unusual approach?

– Pureferret
22 hours ago





Well spotted... Seems like an unusual approach?

– Pureferret
22 hours ago




2




2





@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.

– hairydresden
22 hours ago







@Pureferret Unfortunately, I wouldn't know. I just got the email for our domain from HaveIBeenPwned today and was doing my reading on it.

– hairydresden
22 hours ago






3




3





As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.

– Pureferret
5 hours ago





As soon as the system lets me, I'll put a bounty on this. It's not the generic answer to these (useful for dupes) but it was helpful in this case.

– Pureferret
5 hours ago




2




2





On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.

– Paul Johnson
2 hours ago





On top of which, ShareThis might have expired the account after a period of inactivity anyway, regardless of a hack. A few months go I went through my passwords file to update some old insecure passwords on a bunch of unimportant sites and found that they had all expired my account for inactivity.

– Paul Johnson
2 hours ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204701%2fhow-can-i-be-pwned-if-im-not-registered-on-the-compromised-site%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Tabula Rosettana

Image
Tabula multilinguis Rosettana in Museo Britannico ostenditur. Tabula Rosettana, [1] etiam titulo OGIS 90 agnita, est stela decreto de rebus sacris in Aegypto anno 196 a.C.n. lato inscripta. Tabula iuxta Rosettam Aegypti, urbem in delta Nili et ad oram maris Mediterranei iacentem, anno 1799 a milite Francico reperta est. Inventio stelae, linguis duabus scripturisque tribus inscriptae, eruditis Instituti Aegypti statim nuntiata est; ibi enim iussu imperatoris Napoleonis eruditi omnium scientiarum (sub aegide Commissionis Scientiarum et Artium) properaverant cum expeditione Francica. Qua a Britannis mox debellata, tabula Rosettana Londinium missa hodie apud Museum Britannicum iacet. Textus Graecus cito lectus interpretationi textuum Aegyptiorum (in formis hieroglyphica et demotica expressorum) gradatim adiuvit. Denique textum plene interpretatus est Ioannes Franciscus Champollion. Ab opere eruditorum cumulativo coepit hodiernus scripturae hieroglyphicae linguaeque Aegyptiae a...
Read more

Chemia organometallica

Chemia Organometallica , disciplina quae partes chemiae organicae inorganicaeque complectitur; moleculas noscit quae vincula covalentes inter carbonium et metallum aut semimetallum continent. Index 1 Exempla 2 Proprietas chemicarum organometallicarum 3 Ramae chemiae organometallicae 4 Fons Exempla | Vitaminum B12 in corpore humano est chemica organometallica, sed non omnes moleculae metallum habentes sunt organometallicae, solum eae in quo vinculum inter carbonium et metallum est covalentum. Ergo, quamquam natriumacetatum (H 3 C-COONa, sal natrii acoris aceti) partem metallicum et partem organicam CH 3 habet, molecula ipsa non est metallorganica, quia vinculum natrii est ionicum et non est inter natrium et carbonium. Similiter chlorophyll et haemoglobinum non sunt chemicae metallorganicae. Etiam hodie, chemica Grignardi qui magnesium continent sunt potior pro synthesis moleculae organicae. Pro harum chemicarum inventa Victori Grignard Donatium No...
Read more

YA sci-fi/fantasy/horror book about a kid that has to overcome a lot of trials

Image
8 0 I'd like to make a disclaimer that I remember very little about this book or when I read it (I think I read it sometime in the late 90's or early 2000's), so it'll probably be difficult to figure out what it is, but it's bothered me on occasion for a few years. I want to say that it's from the 90's, but it could be later or much earlier than that. I really only remember bits and pieces of it, primarily the beginning. It starts out in the woods, where someone is running away from/stumbles upon a cult ritual. The cult members are wearing red cloaks, and I think that they catch the person and kill them. The main part of the book starts with a kid moving in to his uncle's(?) house. Aside from this I really can't remember much, but I think at one point the kid navigates a maze...
Read more