I created an account here on RR in 2014 using a unique email address I generated in my own email server/domain for exclusive use as RR login; I have been inactive here most of that time. In the last couple of months I have received a large number of phishing/scam emails sent to that unique email address (it took a while to track which site I created the email address for). This is usually a sign that the site has had the email/login list exposed.
RR email/login list stolen?
- Thread starter george895
- Start date
Good job. I have a disposable login for this site as well. I hope no one gets scammed.
Were you a paid member? Were you using the same browser on other sites? It could be cookies leaking out your info.
This has been discussed several times over the years, here are two posts...
Apple Notice Password Compromise on Radio Reference
Recently I received the below notice from iOS. Saying both my PW‘s were hacked on RR. It would seem reasonable to suspect my email was taken as well. I submitted a RR ticket to change my email via support as I can’t do this on UI. I promptly got a reply, “ticket closed”. However nothing has...
radioreference.com hacked
i believe radioreference.com has been breached/hacked where account and password information has been stolen. i normally ignore such emails below but this one actually contained my password. i have changed my password. -ted, kdj0ju ---------- Forwarded message --------- From: Date: Mon...
BinaryMode
Blondie Once Said To Call Her But Never Answerd
Many years ago this site was breached because the passwords were hashed using the weak MD5 algorithm. Maybe that's why.
When you see a password breach notice like that it means the password database and God knows what else was uploaded to a hacker forum or pastebin.
The haveibeenpwned website is a great one stop website to use for monitoring an e-mail and whether it's been caught up in a breach. Also, learn how to use an e-mail alias so that way you can continue to use the same domain, but the first part is always unique to different websites so that tracking such breaches are easier to manage.
And I just want to point out that some of these so-called breach reporting websites are pulling data on customers and saying they are protecting you, while I bet they sell your Info to some data broker or use your Info. for marketing et al. Such is the case with MasterCard. I like to read all the legalize with credit cards and it says there in black and white I need to sign up for MasterCard's breach protection what ever service which is free to me as a MasterCard holder. So I sign up and they have input boxes for EVERYTHING! Right down to my gamer tag. I only provided the bare minimum of Info for adequate breach monitoring as I know full on well what's really going on. And despite me being caught up in many database breaches, I get monthly e-mails saying all is good. HA!
Aliases:
Here's how to do it in Protonmail: How to create and use an additional address (alias) | Proton
An AI response on this technique:
Edit-
By far the best security practice is to use different e-mail addresses for different things. Like financial stuff to one e-mail address and other stuff to another e-mail address. I've actually read this years ago in the book Internet Privacy For Dummies . LOL
When you see a password breach notice like that it means the password database and God knows what else was uploaded to a hacker forum or pastebin.
The haveibeenpwned website is a great one stop website to use for monitoring an e-mail and whether it's been caught up in a breach. Also, learn how to use an e-mail alias so that way you can continue to use the same domain, but the first part is always unique to different websites so that tracking such breaches are easier to manage.
And I just want to point out that some of these so-called breach reporting websites are pulling data on customers and saying they are protecting you, while I bet they sell your Info to some data broker or use your Info. for marketing et al. Such is the case with MasterCard. I like to read all the legalize with credit cards and it says there in black and white I need to sign up for MasterCard's breach protection what ever service which is free to me as a MasterCard holder. So I sign up and they have input boxes for EVERYTHING! Right down to my gamer tag. I only provided the bare minimum of Info for adequate breach monitoring as I know full on well what's really going on. And despite me being caught up in many database breaches, I get monthly e-mails saying all is good. HA!
Aliases:
Here's how to do it in Protonmail: How to create and use an additional address (alias) | Proton
An AI response on this technique:
Edit-
By far the best security practice is to use different e-mail addresses for different things. Like financial stuff to one e-mail address and other stuff to another e-mail address. I've actually read this years ago in the book Internet Privacy For Dummies . LOL
Last edited:
BinaryMode
Blondie Once Said To Call Her But Never Answerd
Edit 2- Ran out of editing time.
Tip: Use a good password manager (I like and recommend Bitwarden as of this post) and with all passwords add about 5 characters to the end or beginning of the password that only YOU know. So if the password manager is ever compromised they (the hacker/s) will STILL not have your password.
Example:
A password for example.com may be FUDchocolate123. That's what would be in your password manager. But you append "You1$" at the end when you enter the password at the website login page for FUDchocolate123You1$ as the real password. Again, if the password manager were to ever get stolen, and even though they have your passwords, they don't know about the "You1$" part of the password. Heck, most people can easily remember seven numbers, so maybe use seven numbers and add a symbol. 1234567&. Do NOT use a phone number or something like that.
I'm very computer savvy so stuff like this interests me and it's what I do. Hope that helps in the future for anyone reading this.
Tip: Use a good password manager (I like and recommend Bitwarden as of this post) and with all passwords add about 5 characters to the end or beginning of the password that only YOU know. So if the password manager is ever compromised they (the hacker/s) will STILL not have your password.
Example:
A password for example.com may be FUDchocolate123. That's what would be in your password manager. But you append "You1$" at the end when you enter the password at the website login page for FUDchocolate123You1$ as the real password. Again, if the password manager were to ever get stolen, and even though they have your passwords, they don't know about the "You1$" part of the password. Heck, most people can easily remember seven numbers, so maybe use seven numbers and add a symbol. 1234567&. Do NOT use a phone number or something like that.
I'm very computer savvy so stuff like this interests me and it's what I do. Hope that helps in the future for anyone reading this.
Here's how to enter a support request: https://support.radioreference.com/hc/en-us/requests/new
In answer to above questions.... I do not have a paid subscription here. I don't recall getting emails on this specific email address in the past, so the recency led me to alert you here. I've been so inactive here that my account is in none of my PW managers nor did I even recall I used this site. (I'm guessing it was when my old Radio Shack Trunktracker reappeared, like Brigadoon, from a storage box)
The phishing mails that have come to this email address are of a slightly more sophisticated nature than the bulk of the crap that makes it through my filters (and I get all the mail from any address @ my domain)... most of theses new ones have been fake "DocuSign" type, or "invoice" type, so whoever got a hold of this cohort of email addresses is trying harder.
Stay alert, examine emails carefully. As usual
The phishing mails that have come to this email address are of a slightly more sophisticated nature than the bulk of the crap that makes it through my filters (and I get all the mail from any address @ my domain)... most of theses new ones have been fake "DocuSign" type, or "invoice" type, so whoever got a hold of this cohort of email addresses is trying harder.
Stay alert, examine emails carefully. As usual
ecps92
Member
By now 90+% of the US Population has had their email address harvestedIn answer to above questions.... I do not have a paid subscription here. I don't recall getting emails on this specific email address in the past, so the recency led me to alert you here. I've been so inactive here that my account is in none of my PW managers nor did I even recall I used this site. (I'm guessing it was when my old Radio Shack Trunktracker reappeared, like Brigadoon, from a storage box)
The phishing mails that have come to this email address are of a slightly more sophisticated nature than the bulk of the crap that makes it through my filters (and I get all the mail from any address @ my domain)... most of theses new ones have been fake "DocuSign" type, or "invoice" type, so whoever got a hold of this cohort of email addresses is trying harder.
Stay alert, examine emails carefully. As usual
Some by data breach - to also include certain Credit Reporting Agencies, as well as being sold by those you interact with.
We always need to be cautious of any/all emails of late, some are easy to spot with Grammer issues, others so real it fools even those trained
