Data breaches: breachCompilation, collection1, breach compilation

MMB
MMB

Hi,

I'm looking for help on how to solve the following breaches: breachCompilation, collection1, breach compilation

I have no idea where to start, so any assistance would be helpful.

Comments

  • I have the same question about breachCompilation, please.

  • Hi #BitDefender… it would be really useful if you could answer this question for us customers…. Please…

  • Same here. Feels the this protection is useless if I can’t see the source of the breach or correct it.

  • I agree. These identifiers don't help anyone know which web site account needs to be secured.

    I'd rather not mark these as solved, but the alternative is potentially overlooking future alerts for that email address due to the "leaks found" status becoming permanent. Neither is a great option.
  • man ! i wish i got an answer for this

  • yes it sucks to get the warning without any resolution proposal! :(


    breachCompilation 2017

    breach compilation 2021

    xss.is compilation 2020

    exploit.in

    collection1

  • Agree, please @Andy_BD I see you are an admin, can you help us?

    I have a list of data breaches that are not related to any website but just random words:

    xss.is compilation

    collection1

    data enrichment records

    breachCompilation

    exploit.in

    breach compilation

    How am I supposed to know the websites where the data breach happened so I can change the password or delete the account all together?

  • Hi,

    A bit late to the party, but I will do my best to provide further clarification regarding the data breaches.

    To find stolen data, we scan the dark corners of the web using various methods. Once the data is found, we use a proprietary system for identity resolution to discover the identity of the breached individual, so we can alert the person about the breach, even if the breach itself includes little or outdated information.

    Most commonly, breaches include information about users’ emails, passwords, names and usernames, phone numbers, and physical addresses. Their exposed data creates a snowball effect that ultimately leads to the leak, sale, or trade of entire digital identities on the Dark Web.

    Breaches are not necessary found on a specific website.

    They are in a compilation of usernames, passwords, phone numbers, etc. found in archives or texts on the Dark Web, in general.

    The Digital Identity Protection service raises awareness about your Digital Footprint (data exposed in Surface Web) and remediation steps for data breaches (data exposed in Dark Web). However, you would not be able to change the username for a specific website, but you will be informed that in that specific period, data about you has appeared in data lists on the dark web.

    This means that you could become victim of a scam. As the purpose is to raise awareness of these breaches and the data involved can be various, there are no mitigation steps for the situation. If the breach was about a password, you could have changed it, but the breach can also involve other types of data, such as phone numers, address, etc. And if these are listed somewhere on the dark corners of the web, there is no possible way to retrieve or delete them from there, because you don't have control over that leaked information.

    I hope the information is helpful.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Alexandu_BD, thank you for your time to answer this topic.

    But, if I well understand, this information can't really help us. These warnings just tell us something like "Be more carefull on websites. Bitdefender has find your email in darkweb and there is a possibility your personal information has been stolen."

    Because we can't know which website and/or hacker took your email and can't know if these information will be used.

    It can be used just for spam or in a worst goal.

    But now, with your help, we know what these warnings are for and it is a good information to get even if we can't really do something at the moment we receive them, except change all our passwords. But in my case I have to many connexions to change them all.

    But I really thank you again for your answer. :-)

  • Hi @Keluode,

    You are most welcome 😉

    Stay safe

    Premium Security & Bitdefender Endpoint Security Tools user

  • I’m still not sure what I can do about this. Any guidance?

  • Hello @JKK and thank you for joining the conversation.

    Unsure what to do about what, exactly? Are you referring to the data breaches information found by the Digital Identity Protection service? If yes, check my above comment for a detailed explanation on how the service works:

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • I really do not understand the lack of information provided by BitDefender... Many financial institutions and credit reporting agencies provide the same service, however, they tell you exactly what information was compromised eg. url, username, email address, password, date of birth, phone number, driver’s license, social etc. etc. - the list goes on. In a nutshell, I find Bitdefender’s offering lacking and utterly useless.

  • Hello @ae1 and thanks for joining the conversation.

    Regarding your observation, the Digital Identity Protection service will receive new features and considerable improvements in the coming months, providing the user with more details and actions for the data found on the internet.

    Upcoming changes will significantly improve DIP functionality and expand its capabilities, allowing for more control and specific actions that can help the user regain ownership of their personal data.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Hi, I was looking for an answer to the same question, and it is helpful to know what these mean... however... the page where they are displayed indicates to change the password and mark solved. That simply is not possible in this case. The information which should be provided is the identity name and the associated information. That way I can see if it was a password from then which I have changed and "solved" or there is more things to do. I'm a bit perplexed as to why no further information is being provided if you are hoping for the customer to 'Solve' this.

  • Scott
    Scott Defender of the month mod
    edited February 2023

    Great news, it's a newer product that did need a little tweaking. It would be nice that when a breach has been addressed, that it would be deleted from the Data Breach window, instead of being sent down to the bottom of the page. I did talk to support about that, and thought it was resolved when we refreshed my central account page, but it had simply gone to the bottom of the page. Example, this was dealt with but still exists on my account.

    It's the same with Impersonation Check, once addressed, it still remains. Is there a reason for this, is it to remind us that it is still out there and to once in a while, to check it again? There is the Show more option at the bottom of the page where some of these reside, but maybe if they could be totally deleted, would be nice?

    Then there are those sites where I don't have an account with, but would need to create one just to verify it, like a LinkedIn account. Some of the older breaches could be confusing to some, that I'm supposed to what, create a new account, as that webpage says I don't have that account with, to verify an account that isn't there? I hope the new changes and better details will be helpful to those who could be left confused on what to do.

    All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/

  • Insufficient information to solve issues.

    Looks like this is done on purpose to purchase more of BD services, not amused.

  • @Scott I spoke with the product development team last week and they appreciate this feedback. Since the Digital Identity Protection service is being revised and considerable improvements are on their way, I think they will address this part as well.

    @Danielvh I'm not sure I understand your comment. There are no other Identity Protection services available in the Bitdefender portfolio, apart from Identity Theft Protection, which is available in U.S. only.

    Bitdefender Identity Theft Protection and Bitdefender Digital Identity Protection are not identical. Although some of their functions overlap, such as Dark Web and Social Media monitoring, they target different things. Bitdefender Digital Identity Protection monitors your digital footprint to prevent data breaches and improve your online privacy. On the other hand, Bitdefender Identity Theft Protection focuses on credit monitoring to help you avoid becoming a credit fraud and identity theft victim.

    So, Digital Identity Protection is not designed to have any addons, if this is what you are implying. I have detailed the way it works in my comment above:

    Please do let us know if you have any questions or concerns.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • I’m no further ahead after this discussion. I can’t find the listed sites, change the password or mark “Solved” for each. Am I still in danger? Most of the sites BitDefender listed are 2016 to 2019.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Kindly contact the bitdefender support by visiting https://www.bitdefender.com/consumer/support/ and scroll down to the bottom of the webpage where you can get in touch with support representative either by email, chat or over a call.

    Alternatively, you can also share your query with bitdefender support team by dropping them an email at [email protected]

    The support team will reply back to your query within next 24-48 hours excluding weekends.

    Regards

    Life happens, Coffee helps!

    Bitdefender Ultimate Security Plus (user)

  • J’ai souscrit récemment à Bitdefender.

    l me sort une sort une liste de brèches de données qui remontent à 2016 !

    Je ne sais pas comment supprimer ces comptes.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    You cannot delete the breaches since they are associated with the emails that were linked to the breached company. You can go ahead and change the password.

    If you need more information or details about where your email may have been associated with a breached company, you can use the largest collection of data breach checks on the Have I Been Pwned website (https://haveibeenpwned.com/)

    Regards.

    Life happens, Coffee helps!

    Bitdefender Ultimate Security Plus (user)

  • I am writing now after 1 year from your post and guess what still the same useless warning shows up exactlly , no details on what is leaked and on which website,

  • Hello @Alexandru_BD,

    I came across this community thread when I searched for information on a new BD Account Privacy alert I receved this morning. For one of my monitored email adresses, BD Total Security informed me that "Sensitive data has been exposed". When I click on the red highlighted email address BD leads me to a new page that identifies the breach as "malwaredumps" and says below that "leak data unavailable". This is very confusing as no further information has been provided, so hopefully you'll be able to answer my following questions:

    1. What is malwaredumps? Is it a compilation or a single website, company, etc. that was breached?

    2. Which website(s) or company/companies were breached and how can I find out which one held my exposed data?

    3. When exactly did this breach happen?

    4. If leak data is unavailable how does BD know that it's sensitive data that has been exposed?

    Please also see screenshot below. Unfortunately, as metioned above, BD does not provide further information, all BD allows me to do is mark it as resolved, which I can't do without understanding the details and addressing the issue accordingly.

    I look forward to your reply.

    Many thanks.


  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited February 22

    "Malware Dumps" typically refers to a collection of databases, websites, or repositories where hackers or cybercriminals dump stolen data, including sensitive information such as usernames, passwords, credit card numbers, and other personal details. These dumps are often the result of data breaches from various sources, such as hacked websites, compromised databases, or malware-infected systems.

    As far as I know, Bitdefender will only show that your email has been leaked on the dark web. If you want to know the exact company related to your email, which was associated with a data breach, you will have to check your email on "haveibeenpwned," which has the largest collection of data breaches. Additionally, the website will tell you for which all companies your email was associated with that suffered a data breach.

    Now, if you want to be safe, the only solution will be to change the password of your account related to the company for which your email was part of the breach.

    Additionally, for complete information regarding Bitdefender to provide details of the website where your email was part of the breach, you will only have access if you subscribe to Bitdefender's product "Bitdefender Digital Identity Protection" (https://www.bitdefender.com/solutions/digital-identity-protection.html)

    Regards

    Life happens, Coffee helps!

    Bitdefender Ultimate Security Plus (user)

  • Many thanks @Flexx

    That's very helpful, and I appreciate the quick reply.

    I have already checked my email on "haveibeenpawned" and it only flagged breaches from years ago, which I have taken care of previously. So I assume that today's "malwaredumps" collection alert for my email relates to those historic breaches.

    Thanks also for mentioning"Bitdefender Digital Identity Protection", will look into it.

    Best regards.