Data breaches found

I just installed Bitdefender mobile security and it did a check and it found these data breaches:

collection1 December 31, 2018

xss.is compilation December 31, 2019

Now, i don't recognize these at all.

It says manually change the password for each account to secure it. Once an account is secured, mark it as solved.

But i don't know what these names are referring to. So, i can't change the password because there is no such person, place or thing that i know about to do something about it.


So, what am i supposed to do?

Best Answers

  • wirywrestler
    Answer ✓

    Hi Flex &, etal


    I have both the above and in addition two more - breachCompilation and exploit.in


    As suggested, I sent this information to bitdefender support


    Best,

  • MJX
    MJX ✭✭✭
    Answer ✓

    wirywrestler, keep in mind any information I provide should still be verified by Bitdefender.

    xss.in is most likely a cross-site scripting exploit. You should always ensure the web sites you intend to go to are actually the site you want to be at. Always use HTTPS where possible and then click on the lock to verify the name of the certificate.

    The other is probably datacollection by some Windows exploit. Make sure your Windows computer is fully patched.

    I hope Bitdefender answers you soon. Good luck.

Answers

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Hi Member,

    Kindly drop an email to bitdefender support at bitsy@bitdefender.com .Response may be delayed due to less staff and covid19. Rest be assured, they will reply back asap.

    If this helps, kindly mark answer as agree/ accepted

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • okay same here... Is this already solved or should I contact 'bitsy' too?!

  • I have this issue also

  • I haven't received a ticket number or reply from support yet. In the past when I've had a question or problem, I received a response within a couple of days.

    Going to resend to support

  • MJX
    MJX ✭✭✭

    How is this marked as answered if the user has not received a ticket number or a reply from support?

  • I changed the password on my email and that seems to be ok for now.

    So, that matter is now closed.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    The creator of the post can mark the answer as accepted.

    Regards

    Flex

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Have same:

    exploit.in 30 June 2016

    breachComilation 30 November 2017

    xss.is Compilation 1 January 2020

    No idea what any of these are or how to address issue.

  • Got following reply from support. 

    "You should not be asked to change the password when it comes to data breach.

    This message concerns a user data leak that occurred at those web hosts, following the exploration of a security vulnerability. If you did not have an account with them, you are not affected by this alert."

  • Why doesn’t Bitdefender Support come out and provide a response here as this seems to be a common issue. Wouldn’t that be so much easier than filling up your ticket queue with duplicate support requests?

  • I wish that this thread was closed.

    I don't need it active anymore!

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    @Alex D., @Andy_BD

    The creator of the post wants to close the thread and prevent further commenting by any user. Request you to please do so.

    Regards

    Flex

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Hello, I am unsure if the question has actually been answered - it doesn't look that way to me. Any help would be appreciated!

    I have the following breach notifications:

    Last.fm - Feb. 29, 2012 (4 separate times)

    breachCompilation - Nov. 30, 2017

    xss.is compilation - Dec. 31, 2019

    collection1 - Dec. 31, 2018

    Hoping to hear back, thanks.

  • You can use Google Chrome on the safety check option settings if it's your Google account email that has been leaked it will tell you exactly which site from your saved and synched passwords. or you could try the f-secure site which told me exactly which site leaked my info in my case it was wattpad

  • Thanks for the response.

    To everybody else reading this thread everything is ok now. So, please don't comment anymore as the issue is fixed.

    Thanks.

  • How has the issue been fixed?

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    If you need further information kindly contact bitdefender support or create a new topic for your own since the creator of the post does not wants any more comments on the post created by him.

    Regards

    Flex

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • I bought elbow and knee patches. Glued them high and low around my desktop, phone, iPad, laptop,, and the entire Galaxy.

    I can't see the warnings anymore. Are they gone?

    As for you Bitdefender, my name and all identifying information has been breeched and sold so many times that Bitdefender is useless.

    The internet is designed to track and expose you. Period. Nothing you can do, but prey on people's fear and profit.

  • What is needed is Bitdefender telling us which accounts on which platforms has been compromised. Not the source of the information whether that is xss.is compilation, john smith's compilation, donald duck's compilation, etc. Is this something Bitdefender will fix? By when?
  • Hello,

    Perhaps this was answered, but I'm not sure (it doesn't seem so.). I also have the same question; however, all I can add to help for the moment is that these are the names of incidents that have happened where your e-mail address was likely in a mass database or list sold on the darknet-dark web. I've found https://haveibeenpwned.com gives very good information and is one of the best places with some level of detail that will answer our questions.

This discussion has been closed.