Q Have I been Pwned? (https://haveibeenpwned.com, see screenshot below) advised me that 284 million email addresses and passwords, including mine, have been part of a data breach. Their advice is to change my passwords. However, I’ve not heard from any organisations who may hold my data so I have no idea which passwords need changing. Changing over 200 different passwords ‘just in case’ doesn’t seem realistic. Is there anything else I can do?
Howard Johns
A Your email address is related to your real surname, so we’ve changed your name here to be on the safe side. That aside, yes, we can see that your email address (and possibly password) was part of the ALIEN TXTBASE ‘stealer logs’ breach earlier this year, which is essentially a collection of loads of leaked details.
As such, there’s no telling what leaked from where, or when. Any leaked information that relates to you may or may not be useful to scammers. But again, it’s impossible to say.
We agree that it’s impractical to change 200 passwords, but you should at least change those that are most critical – like your main email account and banking logins, and enable two-factor authentication (2FA) wherever possible. From then on, keep a close eye on other services you use regularly.