I occasionally get alerts from idnotify.com Dark Web Monitoring, such as this one:
08/31/2019
COMPROMISED EMAIL ADDRESS
Email Addresses: Jt***an@gmail.com
Date Found: 08/26/2019
Password *************************
Potential Site DUBSMASH.COM
Immediately change the password for the email address that was found compromised.
My thoughts:
- My email account uses 2-factor authentication. So unless I know for sure that someone somehow learned my actual password, I don't know why I'd want to change my password every time I get one of these alerts.
- The amount of asterisks in the "Password" in these alerts differs. Some alerts say
*************************
and others say********
. I don't know if the lengths are reliable, but if the length doesn't match my real password, I wonder if that means I don't need to change it. - What the heck does Dubsmash have to do with anything? That app sounds only vaguely familiar. I checked my password manager and don't seem to have an entry for it.
P.S. It's not phishing. After the Equifax breach, I enrolled in their TrustedID program in Sep 2017. In Nov 2018, they gave me "this extension of free credit monitoring through IDnotify™, a part of Experian."