This RedLine malware may not just affect one of your accounts, so be sure to check if you are in the database.
This post also includes commentary from the researcher who discovered LastPass credentials in the RedLine logs.
Have I Been Pwned adds 441K accounts stolen by RedLine malware
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-441k-accounts-stolen-by-redline-malware/
I find it odd that they list this recommendation last:
"Finally, if your email is listed as part of the RedLine records, you should scan your computer using an antivirus software to detect and remove any installed malware.' "
I think you should scan your systems for malware BEFORE changing your passwords. If RedLine is still present while you're updating all of your accounts, then it could steal all of your new info, right?
@voltronic
Thank you for pointing me in the right direction.
@voltronic @CoSoGuard will let COSO users here know automatically 👍
@th3j35t3r
Good to know. Does @CoSoGuard check against any other databases besides haveibeenpwnd?
It does, yes. It x-references Snusbase and also a few of our own proprietary collections.
@th3j35t3r
Nice. I'm not sure if this has been requested before, but would you consider putting in a submission form for members to check other emails against the @CoSoGuard database besides the ones attached to our accounts?
My Protonmail and Dismail accounts show 0 breaches in haveibeenpwnd, but all my older Gmail and Yahoo emails show at least 1 each. It would be helpful to check all those against a larger pool.
I'll chew it over. 👊
@th3j35t3r
Thanks for considering it.
"Unfortunately, if your email address is listed in the RedLine malware logs, it's not enough to just change the passwords associated with that email account.
As RedLine targets all of your data, you must change your password for all accounts used on the machine, including corporate VPN and email accounts, and other personal accounts."