My password manager told me that my info was leaked, including IP address, address, email, personal information, and phone number, in a data breach of eye4fraud.com. However, I don't use eye4fraud, so it must have been a site that uses their services. I would like to change my login credentials on the site that shared my data with them (and stop using their service since they're sharing my info with a security company that was breached), but I don't know which site that was. I found this list of sites that use eye4fraud, but that list has over 1,600 entries. Other than reviewing every single sight on the list, is there a way of finding out which site that I use leaked my info?

  • akilou@sh.itjust.works
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Scammers are well aware of this trick and can easily strip out everything between the + and the @ on a huge database of email addresses. A better approach is to use Proton Pass or simplelogin, which creates a brand new email address that forwards to your real one. That way you can create a new email address for every site. Both services automatically append the site name and incluse a few random digits to the new email address. So if you want to make a new alias for your LLBean login, it'd create LLBean.gv4gk7.passmail.net which would forward all emails to your real email address.

    • Nurse_Robot@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Why would a scammer care if you figure out which 3rd party sold you out? I don't think the risk is worth paying for another subscription.

      • akilou@sh.itjust.works
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Because after you setup the filter to remove that plus sign label, your email address is worthless without removing it.

        • Nurse_Robot@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Why would it be worthless? It's still a valid, deliverable address to a real person (you). The only difference is the receiver knows which company sold their information AFAIK

          • akilou@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            No it's not, because the whole point of it is so you can filter them out. Which is exactly what you do when you realize you're getting email from someone you didn't give that address to, and at which point it becomes worthless. But stripping out the plusses is trivial and yields an un-filterable address.