Receiving several; Dark Web Notices with separate partial passwords along with my email address....is this something that I need to cover with additional ID protection?
Good to know - but always on the alert.
Since you changed the password you should be fine. It appears that your email address was taken but not necessarily the password and that is more common than both being accessed.
Email ids are in general more easily available to obtain for the bad guys. Many people use their name @ yahoo or gmail or outlook .com and anybody who can access websites like peoplefinder or beenverified can gain this sort of info.
I think your good work has brought you a good result for the future.
Although my main email address showed up on the pwned site, the password I use for that account didn't. I have changed the password anyway, but still wonder if there is a way in which the new password can be accessed?
@Freddles,
Good work with all the password changes. If you use a password manager like Norton it is easy to keep track of all the random passwords. And of course the software will generate random long strong passwords for you of any length and containing any combination of letters, numbers and special characters.
So maybe it might not happen again soon to you but I would start a password manager project if I were you.
Thanks xjoex, I have spent the evening going through all the sites where I use this particular email address and changing all the passwords - whew! And yes - creative passwords, the old ones were a bit tame 
Not quite there yet, I wonder how likely this is to happen again?
Safest route is to change all passwords on all sites that you have used this email address as your userid. If possible try to create a new unique userid for each of these sites (although many sites require you to use your email address - another security vulnerability for sure). You could get a new email address and go thru the hassle of dealing with that also.
My own feeling is that you should have unique long strong userids and unique long strong passwords on all sites and add in two factor authentication. Nothing is 100% safe but you should strive in to make it so.
I checked the 'have I been pwned' site and it seems it was my main email address that had been compromised - it said '6 breaches - no pastes'. So does that mean that 6 sites I access using my main email address has been breached. Any suggestions as to how I can find out which ones - or do i have to change the passwords on all accounts using my main email address?
Do I have to manually change the password on each of my emails/accounts manually, or is there a more automatic way of doing it?
I checked out the email to see what had been exposed to The Dark Web and it was to do with Adobe. Says my email address has been compromised.
FWIW ~
Dark Web Surveillance
An interesting, and more unique-sounding, feature is dark web surveillance.It turns out there are huge underground networks where cyber criminals buy and sell stolen personal information. This information might include your name, birthdate, social security number, website user IDs, and passwords.
At face value, being notified if your information is found on dark web databases sounds great. Upon further reflection, though, it might not be as actionable as you think.
For example, what would you do if your social security number is out there on the “dark web?” Would you change it? Probably not. You might be advised to apply a security freeze to your credit files. Of course, this is something you should do even if your information wasn’t found on the dark web.
Likewise, what if LifeLock alerts† you that your email address or date of birth was found in a dark web criminal database? There’s really not a lot that you will (or can) do with that information.
A practical and free suggestion to minimize your vulnerability is to not use the same password on multiple websites… especially financial sites.
https://www.doughroller.net/credit/is-lifelock-worth-it/
FWIW ~
Dark web scans and dark web monitoring can help you protect your identity
https://us.norton.com/internetsecurity-emerging-threats-dark-web-scan.html
Information stolen or exposed in data breaches or hacking incidents, or leaked information can be bought and sold on the dark web as "lists" by identity thieves. This information may be old or could even re-appear several months, or years following exposure of the information.
"Exposed" information does not necessarily mean that your account(s) have been hacked. You can be proactive and take several actions to help protect yourself. Change your password for the site/service mentioned in the notification. In addition, if you use the same password for numerous online accounts, make sure you change these passwords as well. Enable two-factor authentication whenever offered by a site or service. Visit our Dark Web Monitoring Support Article for a full list of helpful tips and guidance.
Even though you may have unsubscribed from a website or may have deactivated your account, your data may still be present in their data systems and could be exposed during a data breach, a hacking incident, or another type of data leak.
https://support.norton.com/sp/en/us/home/current/solutions/v133629658
Over the last three days I have received emails supposedly from Norton that my email address and a password I frequently use has been seen on the Dark Web. It caused me concern. While I just can't go and change my email address because everyone knows me by that address would it help to change every password I have? I spent a few hours yesterday changing ten passwords to what I consider indecipherable new passwords. Why did I get another email today from Norton saying the same comment about suspicious activity on the Dark Web?
Scams Involving Fraudulent Use of NortonLifeLock Branding
https://www.nortonlifelock.com/blogs/feature-stories/fraudulent-use-nortonlifelock-brand(link is external)
Learn more about technical support scams and steps to avoid them
https://support.norton.com/sp/en/us/home/current/solutions/v105274822
What Is a Tech Support Scam?
https://www.nortonlifelock.com/about/legal/anti-piracy/tech-support-scams(link is external)
How to recognize and avoid tech support scams
https://us.norton.com/internetsecurity-online-scams-how-to-recognize-and-avoid-tech-support-scams.html
Remove Fake pop-up or tech support scam messages that warn the computer is infected
https://support.norton.com/sp/en/us/threat-removal-solutions/current/solutions/v122764455
- Never click on links or download attachments from unknown sources.
- Hover your mouse over the links contained in emails to check if they are legitimate– don’t click unless you are sure they are safe.
- Question the validity of any email that asks you to submit personal or financial information.
Norton LifeLock Phishing Scam Installs Remote Access Trojan
https://www.bleepingcomputer.com/news/security/norton-lifelock-phishing-scam-installs-remote-access-trojan/(link is external)
What to do if you fall for an email scam
https://us.norton.com/internetsecurity-online-scams-what-to-do-when-you-fall-for-an-email-scam.html
Avoiding and Reporting Scams
https://www.consumer.ftc.gov/features/scam-alerts
How to Report Phishing
If you got a phishing email or text message, report it. The information you give can help fight the scammers.Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing(@)apwg.org. If you got a phishing text message, forward it to SPAM (7726).
Step 2. Report the phishing attack to the FTC at ftc.gov/complaint.
How to Recognize and Avoid Phishing Scams
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams(link is external)
Check if your email address is in a data breach
https://haveibeenpwned.com/
Pwned Passwords
https://haveibeenpwned.com/Passwords
Hacked Email
https://www.consumer.ftc.gov/articles/0376-hacked-email
See if you’ve been part of an online data breach
https://monitor.firefox.com/
Verify that an email you receive from Norton is legitimate
https://support.norton.com/sp/en/us/home/current/solutions/v71088498
- Never click on links or download attachments from unknown sources.
- Hover your mouse over the links contained in emails to check if they are legitimate– don’t click unless you are sure they are safe.
- Question the validity of any email that asks you to submit personal or financial information.
Please review:
I came here today to ask a similar question. I have received an email supposedly from Norton telling me that their Dark Web monitoring service has identified some activity related to my computer. It says to click on a link for further information, which i have not done until I can be sure this is a legitimate notification from Norton. Can anyone help please?