While reading about the things happening to the people caught up in the 2015 Ashley Madison breach, I decided to write about my own adventures with a pwned (compromised) email address. (No, I did not get caught in the A-M breach!)

This old Yahoo! email address was responsible for many IRC/Yahoo! Chat shenanigans. I received my first digital photos on this account (hey, pinkbutterflybaby!), and applied for my first job from this email address. Over the years it has become the address I give when a valid email is required, and a grrl.to address won’t suffice.

Starting around Feb 2019, I’ve had three interesting examples of this email address being used to sign up for various things.
The first (and most interesting one) was an early morning Instagram account creation –

I woke up to this login attempt and tried to get into the account with the password reset. That worked, and the account did not have any followers/posts. I felt like owning the account, so I changed the password to a secure one. Post this, I saw one attempt by the other person to login on that day, and then a few more attempts in the next few months. This one was fun (for me), as I now have two “desirable” Insta handle.
(My other insta handle is desired by a namesake. That person keeps trying to get into the account every few weeks by resetting the password. By the look of his friends who tag me in random pictures and comments, he is an annoyed teen.)
The second one was a more straightforward account creation –

The third one happened two days ago –

Outside of the first instance, the remaining account creations have been rather tame – simply more spam that I did not sign up for. However, it has been interesting to see the life of a pwned valid email address. I’m lucky in the fact that this address is not used for any major accounts. That said it probably has been tested against major sites, like Disney+ to attempt account takeovers. Given that many popular services have been publicly breached – and many have probably been breached, but not found out/revealed the details – it is a good idea to set up alerts for your email addresses on services like haveibeenpwned.com. Changing your passwords to strong passwords, and using a good password manager to secure and manage them will help keep your digital life secure for a long time.
Tushar Richabadas ist Senior Product Marketing Manager für Anwendungen und Cloud-Security bei Barracuda. Zuvor war Tushar Product Manager für die Barracuda Web Application Firewall und Barracuda Load Balancer ADC mit den Schwerpunkten Cloud und Automatisierung. Tushar hat als Leiter von Testteams für Netzwerkprodukte und im technischen Marketing für HCL-Cisco bereits viel Arbeitserfahrung gesammelt. Richabadas verfolgt die rasant zunehmenden Auswirkungen der digitalen Sicherheit sehr aufmerksam und setzt sich mit großer Begeisterung für die Vereinfachung der digitalen Sicherheit für alle ein.
A fun read, thanks, Tushar!