Answer the question
In order to leave comments, you need to log in
HPI Identity Leak Checker - who came across?
Perhaps my question will seem completely idiotic, but has anyone come across the "HPI Identity Leak Checker"?
I received an email saying "Congratulations: Your email address ****@gmail.com is not in the data we have. However, this does not guarantee that your personal information has not been stolen"
I did not make such a request Does that mean someone else did it? Or is it some new phishing project?
Answer the question
In order to leave comments, you need to log in
Yes, the request was made by someone else. HPI Identity Leak Checker does not immediately show, unlike, for example, https://haveibeenpwned.com/ , whether personal information associated with the mailbox has been stolen. Instead, HPI Identity Leak Checker sends an email.
Thus, if someone who is not related to your mailbox checks it in HPI Identity Leak Checker, then he will not know anything, and you will receive an email.
But, if this someone guesses to drive in your address on https://haveibeenpwned.com/ , information about the services from which your personal information was stolen (if any) will be available to him, and you will not receive any notification about this.
This can happen when someone tries to hack into your mailbox. In this case, he may try to find as much information about you on the network as possible. If information from some account linked to your mailbox was stolen, he can find it and use it for further hacking.
Example:
* you have mail [email protected] with password 123456!
* you registered on forum.cats.com with your e-mail and used the same password (123456!)
* hacker Vasya hacked into cats.com and posted a dump of the database with accounts and passwords on pastebin.com
* hacker Petya wants to hack your mail at [email protected]
* He drives your address into HPI Identity Leak Checker and sees nothing, you receive an email
* He types your address into https://haveibeenpwned.com/ and sees that your data was stolen from forum.cats.com
* Petya finds a database with your password on pastebin.com
* Since cats.com hashed passwords using MD5, Petya breaks the password hash and gets your password: 123456!
* Now, since you did not enable 2-factor authentication on gmail, and also used the same password on several services, Petya gets full access to your mail
(All names, including domain names, are fictitious, any matches are random)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question