Advice Request 40+ Passwords Found in Data Breach - Help Me Understand What Actually Happened

[vaultedlogic]

Hey thank you so much for your help! Your explanation makes a lot of sense and hour tips helped a lot. I entered my email in hudson rock and it said "This username is not associated with a computer infected by an info-stealer." "0 Compromised Personal Services" "0 Compromised Corporate Services" and I checked my email on have I been pwned and it found my email in 4 really big data breaches, based on that, would it be safe to say this was more likely caused by data breaches than an actual device hack?

That explains things unfortunately... I've mentioned View attachment 288185

Hudson Rock's website provides that same message for every user name.

Hudson Rock is an "aggregator" of data and, unless your user name that you entered is absolutely unique, the website free feature provides an aggregated, generic tally of data and the generic "infected by an infostealer" is not necessarily accurate. It is also the same with compromised passwords - HudsonRock is aggregating the data that it scrapes and presenting it to you in an un-differentiated form.

Try entering "william@gmail.com" on the Hudson Rock website. 1,337+ "services" infected. That is because people all over the world use the username "william@gmail.com" without even having a "william@gmail.com" account, and those systems have been compromised in one way or another. There's other reasons too for the large "infected" numbers.

View attachment 288204

To be more sure, you need the Hudson Rock report that lists your specific device name (at the time of infection) and your exact public IP address. (You can try the "Hudson Rock Free Report" option at the top of the page.)

Enter your public IP address into HudsonRock's free online tools instead of your username. You will still receive an "aggregated" set of numbers of data collected across many, many data sources.

You need the Summary of Infections report (example):

Hudson Rock Announces First Comprehensive Infostealers AI Bot: CavalierGPT

Announcing the launch of CavalierGPT, the groundbreaking AI Bot that retrieves and curates data to empower cybersecurity researchers.

www.infostealers.com

It is wrong to conclude that whatever happened to your devices was due to a data breach. That is just a very imprecise guess. There is insufficient infos to make that determination. The only definitive, accurate answer can be determined by a forensic investigation of both the devices and cloud resources.

If it was a data breach, you don't know where the breach occurred, and therefore you need to close every single one of your online accounts and open new ones. Just changing logon credentials can be "not adequate." At the very least you should report that you think your data has been compromised and report it to every single online account that is valuable to you.

I tried all my emails only the infected email showed that it was compromised also the date is accurate on point and the device name too

 

[vaultedlogic]

Wrecker4923 has some great advice, follow it and you will go far in securing your digital identity!

Personally if your running Windows I would run a FRST scan and post it on this forum or another malware help forum. With your iPhone only Apple has the access to determine if you have been pwned, they lock it down very tight and don't let 3rd party tools high level access. Reset the device just to be sure, but a good tip is to shutdown or restart your mobile device once a day because most sophisticated mobile malware can't survive a reboot due to fear of getting caught. Now of course there is malware out there that survives a reboot but if your infected by it you have more to worry about.

Info stealers are most likely looking for crypto wallet and keys these days. All the best hacks are coming from that industry. If you have any holdings monitor your wallet.

Thanks for your advice! As soon as things happened I called a local malware place and they told there's nothing to worry about because in most cases they try to gain something financial only by looking for crypto wallets or amazon cards and all that.