To be clear, if you're looking for a dark web site that sells stolen data, I'm not going to name it publicly on here, pm or otherwise. I used to do cyber security and it's not the kind of thing you talk about online.
I earnestly wish you the best of luck, but my advice is to just be methodical and change your password for everything, issue new bank cards, and keep a physical book locked up instead of a digital ledger.
Why would more than one use the same hash for the same password? Shouldn't you like salt or initialize a hash with some custom value in order to prevent exactly this thing?
I mean, it sucks, but it's not catastrophical. Get a new debit card and be ready to de-subscribe from new email newsletters. As long as you don't fall for fishing, there's not that much they can do against you. Without access to your phone/email, they won't be able to commit identity theft.
I use KeePass for this, as it is open source and cross platform. If you want cloud you can place the password database on one of the many cloud storage services. It correctly handles multiple devices saving to a common database file, so saving new credentials from both your phone and your PC will merge the two correctly when saved.
Edit: You can also find all kinds of security fuckups when using a tool like this. Biggest one I ran into was the wife's HSA provider website. They allowed us to create a password 64 characters long, so we did. Turns out under the hood it was chopping it to the first 16, but the login page takes all 64 then declares no match. Failed again with a new 32 char password but worked with 16. So tried putting the original 64 one back and only typing first 16 chars. that worked. Holy shit batman just only take the first 16 chars for password input if you're going to chop their password elsewhere anyway!
funny you mention OPM... my information is part of the big OPM hack years back, but i've never been a government employee or applicant. which means either someone already stole my identity and is actively using it and the IRS is really confused about my taxes, but that person has a really tough time with credit because i have a long standing credit freeze... or the OPM data had a lot more than just federal employees and applicants.
come to think of it, i've never had clearance but have been listed as a reference.
You can be a reference even if you've never had a clearance. It just means someone trying to get a clearance put you down as someone they knew when they lived at a particular address.
I had someone put me as a reference, and I've never had a clearance (though he did ask me before using me as a reference, because they sometimes contact references...)
These should usually end up on haveibeenpwned.com. Often before the company even admits the breach.
Not anywhere I'd be willing to link publicly here, no.
To be clear, if you're looking for a dark web site that sells stolen data, I'm not going to name it publicly on here, pm or otherwise. I used to do cyber security and it's not the kind of thing you talk about online.
I earnestly wish you the best of luck, but my advice is to just be methodical and change your password for everything, issue new bank cards, and keep a physical book locked up instead of a digital ledger.
This isn't related to your issue however if you rent from a building with a property management company GET OUT.
NEVER and I mean NEVER rent from a property management company.
Why would more than one use the same hash for the same password? Shouldn't you like salt or initialize a hash with some custom value in order to prevent exactly this thing?
Don't some VPN services offer that service? Don't know how effective that is but I swear they offer it as part of the package.
What's the worst that they can know about you? Your name and rent?
I mean, it sucks, but it's not catastrophical. Get a new debit card and be ready to de-subscribe from new email newsletters. As long as you don't fall for fishing, there's not that much they can do against you. Without access to your phone/email, they won't be able to commit identity theft.
Password managers work great for this, there are a couple that are even stored locally instead of in the cloud.
I use KeePass for this, as it is open source and cross platform. If you want cloud you can place the password database on one of the many cloud storage services. It correctly handles multiple devices saving to a common database file, so saving new credentials from both your phone and your PC will merge the two correctly when saved.
Edit: You can also find all kinds of security fuckups when using a tool like this. Biggest one I ran into was the wife's HSA provider website. They allowed us to create a password 64 characters long, so we did. Turns out under the hood it was chopping it to the first 16, but the login page takes all 64 then declares no match. Failed again with a new 32 char password but worked with 16. So tried putting the original 64 one back and only typing first 16 chars. that worked. Holy shit batman just only take the first 16 chars for password input if you're going to chop their password elsewhere anyway!
funny you mention OPM... my information is part of the big OPM hack years back, but i've never been a government employee or applicant. which means either someone already stole my identity and is actively using it and the IRS is really confused about my taxes, but that person has a really tough time with credit because i have a long standing credit freeze... or the OPM data had a lot more than just federal employees and applicants.
come to think of it, i've never had clearance but have been listed as a reference.
You can be a reference even if you've never had a clearance. It just means someone trying to get a clearance put you down as someone they knew when they lived at a particular address.
I had someone put me as a reference, and I've never had a clearance (though he did ask me before using me as a reference, because they sometimes contact references...)