Online account security

Can anyone tell me whom to contact about this companies online account security ?
I was looking to join the premier program, so I started by checking out the free version first and within 24 hrs I was alert that my e-mail was compromised though this App MyFitnessPal.com on the DARK WEB
‼️‼️‼️‼️😡🤬 You all may want to check your accounts and take precautions.

Replies

  • AnnPT77
    AnnPT77 Posts: 31,719 Member
    How long has your account existed here? There was a hack quite a long time back - as happens with so many sites these days - and we were all advised on what to do, including changing passwords. If it's something like Google (and its stored password feature) telling you your password is compromised, it will (I believe) say that about your password on Site B if you used the same password on another site (Site A) where the password was compromised.

    If you want to contact the MFP administrators, do that through the "Help" link in the app.
  • socajam
    socajam Posts: 2,530 Member
    bold_rabbit - Well said
    Personal responsibility seems to be a thing of the past
  • AnnPT77
    AnnPT77 Posts: 31,719 Member
    socajam wrote: »
    bold_rabbit - Well said
    Personal responsibility seems to be a thing of the past

    That, and instant outrage at others is rampant.

    I've worked in computer security in the past. It's an arms race. The good guys put up more defenses, the bad guys discover new attacks and exploit them. Mostly, the good guys win. Sometimes the bad guys win.

    I don't *automatically* assume that a company whose servers/services have been breached are careless, not doing the right things, etc. It's more complicated than that. I don't know how someone with limited technical knowledge can evaluate that question, for any given breach, either. It's hard enough (like nearly impossible) to do it with some knowledge, but no inside information about the company.

    I think some of the public still pictures a hack as some antisocial nerd in mommy's basement. In reality, there are tens, hundreds of thousands, millions of automated probe/attack attempts on individual internet-facing servers/services daily, with perpetrators ranging from the mommy's basement guys, to highly trained professionals in criminal or bad-state-actor organizations.

    Stuff is gonna get breached. So, yeah, protect yourself as much as you can, if you care.
  • janejellyroll
    janejellyroll Posts: 25,763 Member
    AnnPT77 wrote: »
    socajam wrote: »
    bold_rabbit - Well said
    Personal responsibility seems to be a thing of the past

    That, and instant outrage at others is rampant.

    I've worked in computer security in the past. It's an arms race. The good guys put up more defenses, the bad guys discover new attacks and exploit them. Mostly, the good guys win. Sometimes the bad guys win.

    I don't *automatically* assume that a company whose servers/services have been breached are careless, not doing the right things, etc. It's more complicated than that. I don't know how someone with limited technical knowledge can evaluate that question, for any given breach, either. It's hard enough (like nearly impossible) to do it with some knowledge, but no inside information about the company.

    I think some of the public still pictures a hack as some antisocial nerd in mommy's basement. In reality, there are tens, hundreds of thousands, millions of automated probe/attack attempts on individual internet-facing servers/services daily, with perpetrators ranging from the mommy's basement guys, to highly trained professionals in criminal or bad-state-actor organizations.

    Stuff is gonna get breached. So, yeah, protect yourself as much as you can, if you care.

    Very insightful. At some point, we have to take some responsibility for our password security, including sharing passwords across different accounts. That isn't to say that companies are blameless when they're hacked (some of them are careless), but good password security can help limit the damage if a website you use is targeted successfully.

    What's unclear here is the nature of the alert that OP received. There is no generic "dark web" email alert system - anyone getting a message like this either signed up for a specific service (in which case they should be able to obtain more details about the nature of the compromise) or they're being targeted by another scam (I've noticed that "dark web" is a common phrase used to generate fear and urgency among those with anxiety about online activities). I have no idea what precautions OP is wanting us to take that we're not already taking, but this seems like it might be trying to generate fear.