Protection from Password-Leaks - Integration of have-i-been-pwned at mailbox.org
Every year huge amounts of data of online services are stolen and leaked. Attackers use holes in the security system of these services in order to get a hold of these data sets, which may include logon data.
There are honorable projects out there that gather those data sets and analyse them in order to provide them to those affected by the breaches.
"HaveIbeenpwned" is such a project.
Mailbox.org helps you to mitigate the damage of such data breaches
Have-I-been-Pwned: Whenever someone becomes victim of a phishing attack, it is only a matter of time until their e-mail address and account login will be offered for sale on dubious trading platforms. If this happens, it won't take long and criminals take over the account. They can then retrieve any usable information from the user's e-mails, or use the account to send spam e-mails from within the mailbox.org network. The project „haveibeenpwnd.com“ helps our users to check if their e-mail address has been hi-jacked this way. Through our cooperation with them, we at mailbox.org are able to collect this information and directly alert our users with a warning message. Note: Currently, this will only work for @mailbox.org e-mail addresses – however, we are working with our friends at haveibeenpwnd.com to expand alerts for those who use custom domains names with mailbox.org.
Sample of what our e-mail alerts look like
Once we get a hit in our recurring automated domain check against the Have-I-been-Pwned database, we'll inform you via e-mail.
During this process no user data is leaked from our end.
The e-mails have this format and German text - sorry for the inconvenience, we're going to fix this - for a translation see below:
In Zusammenarbeit mit dem Projekt „haveibeenpwned.com“ werden wir darüber informiert, wenn @mailbox.org-Adressen nach Einbrüchen in andere Webseiten auf einschlägigen Tauschbörsen gehandelt werden. Für mindestens eine Ihrer Mailadressen ist aktuell ein neuer Fund gemeldet worden. https://haveibeenpwned.com/PwnedWebsites#MyFitnessPal Im mailbox.org Office, Bereich Einstellungen => Mailbox.org => Have I been pwned finden Sie eine Auflistung wo Ihre Adresse aufgetaucht ist und was darüber bekannt ist. Bitte prüfen Sie, ob Sie ggf. Passwörter ändern müssen. Mit freundlichen Grüßen Ihr Team von mailbox.org Damit Privates privat bleibt.
In collaboration with the project “haveibeenpwned.com” we inform you in case your @mailbox.org address has been offered for sale on dubious trading platforms. At least one of your e-mail addresses has been reported as affected. https://haveibeenpwned.com/PwnedWebsites#MyFitnessPal In mailbox.org office please go to Settings => Mailbox.org => Have I been pwned There you may find a listing of the places where your e-mail address was published and more details about this issue. Please proceed to change your password if you deem necessary changing your password. Kind regards, Your Mailbox.org Team We protect your privacy
Please follow the instructions of this e-mail and in the online office of mailbox.org.
Please note, that this e-mail does NOT contain a link to mailbox.org. You should type in our address and change your password on your own.