I just went through haveibeenpwnd with my wife - who just read the stuff article on a couple having their nest cam hacked (Here: ) Their username and password was dumped in a data breach, then checked against many sites like FB, Twitter, google, Nest, Spotify etc

The article says that only 1% of people use different passwords on different sites.

At my wifes work they use Kaspersky password storage and it has been a PITA for them. She isn't techy (she's the anti me when it comes to tech - and no cheeky comments from you young whipper snappers either...) so has trouble handling multiple passwords. Think of trying to get your Grandma to use keep pass or last pass or ...

Any way - I gave her some deliberate dodgy advice - and told her how and why it is dodgy. Because this dodgy advice is better than reusing passwords.

Choose a 6 - 8 char password - upper, lower. letter and char if possible. Not a word from the dictionary. That's your base pass word .. (yup - there's the dodgy bit right there). E.g tTlsh1w  (Twinkle twinkle ...)

For every site - take the first 4 chars of the site e.g. facebook would be face

Put the first two letter in front of the base pass, the last two at the end of the base pass. Upper or lower case it  if you want. fAtTlsh1wcE

This gives you a difficult to guess pass - that survives a password dump as it is unique for each site. By splitting the four letters it is not a word and not likely to be easily seen.

The chances of anyone manually aggregating passwords against a users email address, across multiple data breaches, and then manually recognizing a pattern is fairly low. It's a numbers game and auto picking the low fruit is the best way to get results.

Doing this dodgy thing is easy to teach - and scarily puts the user in the top 2% of all password users on the net.

Any whoo - back to the story. Verification.io came up as having been breached and leaking one of my email addresses. It turns out they are owned by a company called datalitics.com   How those dorks got my email address I don't know as i never signed in - they are an advertising, mailing PITN spammer scum type company - not giving them anything any time.   - so any password is void. but it does raise a question. how many times has my email addresses been added to insecure data banks and now gets checked as a log in in data dumps, and mass checking of email addresses against sites?One of my addresses registered as hacked twice, on two sites I never went near.

I posted a contat to them - using the breached address - it's already in their systems - and write the followin.g Basically going to run them through the GDPR process - force them to cough up how i got in their systems then make them remove me - and report this to the EU. Hopefully making their life more difficult and making thme think twice before skimming my or others info again.

"Your site was breached and data hacked out of it. Part of that data contained my email address (given here). As I have nothing to do with your site i want to know why my email address was scraped and used in your databases.

I make this request pursuant to the European Unions Privacy Policies. Failure to provide information requested will result in a complaint made according to EU law - which can result in large fines. "