Received over 1,000 "update your password" messages at 2am. Do I need to do anything?

[SKL]

Woke up to over 1,000 messages in my personal email, nearly all of which were links / codes to update my password, on sites I have not been on.  (There were multiple notices from each site, so say 50 sites x 20 emailed notices).  I also got one text with an Uber code that I didn't ask for.

The ones that included "my name" in the email referred to me as "null null."

Other than check my cash, credit cards, and paypal accounts more often, is there anything I should do?

Has this happened to any of you before?

[El...]

Wow. That's a lot! 

DH thinks someone who has emailed you before got hacked. He doesn't think you need to do anything, given the "null" name. He says you should report all the emails as phishing if you have that option (outlook has a little button).

[SKL]

Now I just went into walmart.com to look up an old order, and it said someone had tried to log in as me and made me change my password.

This is so weird.

[Ausmumof3]

Is it possible that someone has got some of your data from a data leak and is credential stuffing? If that’s likely I would consider changing any passwords where you have used the same password across multiple sites.

[Eos]

My cyber-security professional kid says "when in doubt, change 'em out!"  There's no reason not to other than hassle, especially with autopay stuff, but you'll never have to wish you had if hackers do get in.

Edited February 8 by Eos

[El...]

DH is rethinking. He'd probably start changing passwords.

[TravelingChris]

10 hours ago, SKL said:

Now I just went into walmart.com to look up an old order, and it said someone had tried to log in as me and made me change my password.

This is so weird.

No, it isn't weird.  Two points, we are in a sort of both hot and cold WWIII. You know the bad alliances - NK, China, Iran, Russia, etc.  Just this past week, Japan decided to start preparing for much less trade w China because of the relentless hacking they are waging. We are wel into the 21st century, and war is very different now.  Russia keeps trying to sow division and does plenty of hacking.  All of these countries are involved in fighting Ukraine, all were involved w October attack in Israel,and cyber warfare is part of the world now has been for a while,.There have been lots of warn8ngs recently aboutin rese in cyber warfare. And that does not even account for just plain criminals who are swatting al the time, sending in bomb threats from far-away, and plain stealing.

Which brings me to 5he second point, the AARP newspaper had an article by  a cyber security expert who had the same type of thing happen.  He first noticed something was wrong when his bank called or emailed  him replying to him about something he had never asked them about. It took him many months to get everything cleared up,  He played detective and Gothic $400 back but the time he had to take to clear it up and change all the passwords, etc was worth a lot more.  He said the criminals usually  hack through the router.

Just this last week, got a phishing text on cel phone about one of my bank accounts.  Yesterday,  Tunnel2TTowers called me because I was restarting donations due to change credit card and heir website was popping up w Philippine money as the choice of currency.  You could change it back to US dollars but it obviously was something their IT people need  to know. The women who called was so grateful that I actually reported it to them. I do tend to always tell companies and charities about  glitche's and hacking,spoo

 

I

[SKL]

Well there's no way I have time to inform each company of the password change stuff, particularly organizations I've never dealt with.  Two of them were actually US states I've never lived in.  😛

I guess it's time to completely change my tried and true password formula.  Sigh.

[Eos]

19 minutes ago, SKL said:

I guess it's time to completely change my tried and true password formula.  Sigh.

If you don't already use 2fa on the biggies, now is an excellent time to start, including your email.

[SKL]

Today, I went on one of my credit card websites and they offer a free service to scan and find out if my SSN is on any "dark websites."  Within a couple hours, I have an email saying my SSN has been found in a scan of "dark websites."  UGH I don't have time for this at all.

You can't change you SSN.  Of course they don't say which website they found this on.  They suggest I place a fraud alert on experion.com.  But won't that kill my credit?

Anyone know where these people are getting our SSNs?  I mean we have to enter it on certain sites.  I had to enter it for my kids' financial aid applications, for example.  I had to enter it in order to make tax payments on IRS.gov.  I probably had to enter it to get into some retirement accounts that I had to report for said financial aid applications.  Other than that, who would have it?  Maybe it was on some emailed document such as an application to open a bank account for business?  UGH.

[scholastica]

There have been breaches on credit bureaus, insurance companies, hospitals, etc. Lots of places that your SSN is recorded. Pretty much everyone’s data is on the dark web. 

[PeterPan]

4 hours ago, SKL said:

change my tried and true password formula. 

If you go into your phone where your passwords are saved, it may show you which have been compromised and let you tap to change. Also your phone may offer to create passwords for you.

[SKL]

2 minutes ago, PeterPan said:

If you go into your phone where your passwords are saved, it may show you which have been compromised and let you tap to change. Also your phone may offer to create passwords for you.

I don't save passwords on my phone.  But if I did, how would my phone know what has been compromised??

[PeterPan]

3 minutes ago, SKL said:

I don't save passwords on my phone.  But if I did, how would my phone know what has been compromised??

I'm not sure about android but apple phones save everything through their keychain system to save passwords securely across devices. Google does something similar and your phone may have the option. So then if you go into the settings for passwords it will notify you which are compromised. It might also do it on any tablet or other device you have them on if the operating system is up to date. Then it will notify you at the top what has been compromised and encourage you to change them. So it's all in the settings and should be happening on any apple device that has been updated. It can also generate strongpasswords for you.

[Heartstrings]

1 hour ago, SKL said:

Today, I went on one of my credit card websites and they offer a free service to scan and find out if my SSN is on any "dark websites."  Within a couple hours, I have an email saying my SSN has been found in a scan of "dark websites."  UGH I don't have time for this at all.

You can't change you SSN.  Of course they don't say which website they found this on.  They suggest I place a fraud alert on experion.com.  But won't that kill my credit?

Anyone know where these people are getting our SSNs?  I mean we have to enter it on certain sites.  I had to enter it for my kids' financial aid applications, for example.  I had to enter it in order to make tax payments on IRS.gov.  I probably had to enter it to get into some retirement accounts that I had to report for said financial aid applications.  Other than that, who would have it?  Maybe it was on some emailed document such as an application to open a bank account for business?  UGH.

The banks themselves get hacked all the time.  My mortgage company had a major hack a few months ago. Pretty much every corporation has been hacked. They hack the bank database and copy the whole thing, there is no need to find an emailed document, that's old school. Every loan you have ever had, every bank account, mortgage, credit card, financial aid application, tax filing software, investment accounts that send you tax documents, 401ks, health insurance, etc. has your info and they have been hacked. Including ones you took out decades ago. 

 

A fraud alert doesn't do anything to your credit score.  It's supposed to just tell anyone to look harder at any applications for new credit that come through.