Possibly exposed email data from hacks/leaks being used to register in Coinlist?

[crwth]

I have recently received an email saying that I have registered in Coinlist.co and it's from the legitimate email they are using. I did compare it towards the actual email in which I verified it, and it's the same. But the email that is used there was exposed with data leaks. That's why I'm concerned with this because it's being used for registration that I didn't do.

Has anybody experienced the same thing recently?

[1714653517]

1714653517

[1714653517]

1714653517

[1714653517]

1714653517

[1714653517]

1714653517

[Charles-Tim]

Just try to remember very well if you have used the email before on any website that can lead to phishing attempt. I have never heard about this before, but the best you can do now is to deactivate the email which you know its login details has been exposed another person. Likely you have used the email on some sites before that can lead to phishing, and hackers were able to access the details for login later. This should not pose a concern anymore after you have deactivated it. We really need to be mindful of the site we are filling in emails.

[crwth]

Just try to remember very well if you have used the email before on any website that can lead to phishing attempt. I have never heard about this before, but the best you can do now is to deactivate the email which you know its login details has been exposed another person. Likely you have used the email on some sites before that can lead to phishing, and hackers were able to access the details for login later. This should not pose a concern anymore after you have deactivated it. We really need to be mindful of the site we are filling in emails.

I doubt I had input this email in any phishing site. It's probably caused by the hacks like the Ledger leakage or something. I'm not sure but this email is not that connected much with sites but oh well. I shouldn't just click the verify and they don't have a link to which I'm not the user that register though.

[SFR10]

Has anybody experienced the same thing recently?

Just finished checking my emails and luckily, there was no such a thing on my end.

I'm not sure but this email is not that connected much with sites but oh well.

You might want to check that email through a service like "have I been pwned?" and see what type of result you'll get ^{[just to be sure]}.

[crwth]

Just finished checking my emails and luckily, there was no such a thing on my end.

Good for you. It's quite nervewracking to think that it's being used though. I mean, is there any consequence to that if I didn't do anything about it?

You might want to check that email through a service like "have I been pwned?" and see what type of result you'll get ^{[just to be sure]}.

I have notifications about it once it detects something. I also have a dark web monitoring thing with my password manager and the most recent one is not cryptocurrency-related. The last occurrence that is crypto-related is from Ledger, last 2020.

[SFR10]

I mean, is there any consequence to that if I didn't do anything about it?

There could be some, but it heavily depends on what sort of data was included in the data breach...
^{- Most of the time, it's not a big issue since it's probably just usernames or emails, but if it includes passwords, credit card details, home addresses, and similar stuff, then you should definitely do something quickly.}

The last occurrence that is crypto-related is from Ledger, last 2020.

Then it probably has something to do with it ^{[hopefully nothing bad happens on your side]}.

Update:

Anyway, thanks for your inputs on this one. This is weird for me because I'm paranoid with this lol.

You're very welcome

[crwth]

There could be some, but it heavily depends on what sort of data was included in the data breach...
^{- Most of the time, it's not a big issue since it's probably just usernames or emails, but if it includes passwords, credit card details, home addresses, and similar stuff, then you should definitely do something quickly.}

That's the worst case scenario but I guess it wouldn't be that hard to prove that I was fraud or something. I'm actually hoping that the verification that websites do, does it job and verify that I didn't do anything about it, or register in the site.

Anyway, thanks for your inputs on this one. This is weird for me because I'm paranoid with this lol.

[Furious 7]

I've never experienced anything like that and haven't registered on coinlist at all and some email checks don't show any incoming messages about this, but I've seen the same thing as you before, received an email from the coinlist and told me to verify it even though the person concerned has never registered and is asking the group on Facebook, but there are those who suggest not verifying if you have never done anything that is feared there will be phishing that continues to spread through many media.
If there is a data leak, I still don't get clear info about this.

[Potato Chips]

Email spoofing makes it possible for scammers to use the exact display name and email address so this may not be coinlist at all. Copy the link and paste it to URL redirect checkers (e.g. https://wheregoes.com/) to see if it redirect to something else.

Otherwise, they could be checking if you have an account there to see whether it's a brute force candidate or not. Make sure tied important accounts have strong passwords and if possible enable 2fa too. They could be doing the same thing with other websites, who knows one day they might hit a website which you have an actual account.

[crwth]

I've never experienced anything like that and haven't registered on coinlist at all and some email checks don't show any incoming messages about this, but I've seen the same thing as you before, received an email from the coinlist and told me to verify it even though the person concerned has never registered and is asking the group on Facebook, but there are those who suggest not verifying if you have never done anything that is feared there will be phishing that continues to spread through many media.
If there is a data leak, I still don't get clear info about this.

Thanks for sharing this. I wasn't aware if there are any other people who had this experience as well. The connection still seems bleak but there could be a connection with regards to where they got the information.

Email spoofing makes it possible for scammers to use the exact display name and email address so this may not be coinlist at all. Copy the link and paste it to URL redirect checkers (e.g. https://wheregoes.com/) to see if it redirect to something else.

I never knew there's a tool like that. Thanks for sharing this. I did check it and it is Coin list, so I think it's safe to cross that out that it's not a spoofing method.

Otherwise, they could be checking if you have an account there to see whether it's a brute force candidate or not. Make sure tied important accounts have strong passwords and if possible enable 2fa too. They could be doing the same thing with other websites, who knows one day they might hit a website which you have an actual account.

This is my theory too. I do have strong passwords and don't have the same passwords on different sites. I think this has reassured me that I'm still safe.