Alexander Dalloz wrote:
Joe Zeff:
I took a look using my main email address. I wasn't surprised at all to find that it's in several data breaches containing millions of email addresses. However, unless there's any evidence that anybody's using it, I see no reason to be concerned.
Generally speaking, that's the way to treat it. Some of those databases say when your data was stolen, and if you've changed your password since then, you're probably okay (until the next breach). If you haven't changed it since then, change it now.
Some time ago Yahoo forced password changes on me, without really saying why (other than a generic for your own security sort of thing), as far as I remember. Looking on one of those databases, I see Yahoo was breached not too long before the forced password change. Since *I* haven't been compromised through my email details in the meantime, I'll assume that my data was either stolen but not yet sold, or not used before the password reset.
My guess would be that hackers would try your email details against other things that they have breaches with (banks, etc), looking for sets of data they can use together.