Since nearly 10 years, I use dedicated email addresses/passwords for every single website or company I register online.
That may seem cumbersome to many, as I need to log into a custom platform to create a new email address during registration, and I need to keep a record of all those passwords/emails/credentials somewhere, to remember what and where I’ve done, but this has numerous benefits :
– Automatic sorting my incoming email to dedicated folders, and prioritize between private and commercial emails. A simple rule on my Thunderbird client does it perfectly.
– Detect database leaks. If any company/website gets hacked or resells their user base to third parties, I’ll start receiving spam or emails from third parties with the leaked email address, and quickly figure out the reason.
– Stop the infection easily. If I really need to keep registered on the website, I only need to update my records and change the email address to no longer receive spam, and « reset the trigger » to see if it will happen in the future.
– Prevent propagation since if a company’s database is hacked/leaked, my dedicated credentials won’t work on other websites. Most people have to change all their passwords on every website when there is a breach, since they tend to use the same email and password everywhere.
– Publicize and tell such companies they may have been hacked, or confirm they resell user databases.
– Discard old credentials and registration details from websites I don’t want to use anymore, since all my credentials are kept on record, and I sort them chronologically.
e-Carte Bleue : Virtual One-Time use Credit-Card !
And because I’m paranoid on this (several years ago, my bank account was hacked and I had numerous issues with fraudulent online payments), I also use a One-Time-Use Credit Card Number each time I make a transaction online ! Yes, that’s possible thanks to e-CarteBleue service. My bank provides me a virtual credit card, I just log into their system, enter the amount of the purchase, and it generates a unique code, that can only be used once, and for the specified amount. That’s very convenient.
My updated list of leaked email addresses
Here, I keep a list of companies that seem to have issues keeping my email address secret. I’ll update it whenever I get new spam.
2016 : Kickstarter. Received a spam in German, coming from Russia. Waiting to see if I’ll get some more. A friend of mine just told me they seem to forward their users email addresses to project funders, that may explain a bit. So if it’s the case, I should create a dedicated account and email address for any new kickstarter project I’m interested… that’s getting heavy to manage.
2015 : Linkedin. They seem to make my address sort of public to my contacts, since I already changed my email address several times, and started receiving spam on it a few days after the change.
2015: Weezevent. Receiving a lot of spam in French, mostly SME business-targeted. I’ve contacted them and they swear they didn’t resell the database. That’s interesting.
2013 : ASIS International. This one is funny, because ASIS is one of the most important non-profit security professionals association. They clearly got hacked, and the full database was leaked to spammers, including numerous details of important security professionals… When asked about this, they never admitted they were hacked although it was obvious… that’s non-professional.
2010: Air France: I starting receiving spam shortly after I got my frequent-flyer card. First, it was advertising from third-party (meaning they resold the database), but soon after, I also received spam written in different languages. I guess one of their third-parties got hacked or resold it too… anyway that proves all those marketing incentives are wrong.
2009: CDiscount: This major French online shop just got hacked. Since I no longer live in France, I just didn’t care and « canceled » my account (whatever it means).
2007: QTEK : smartphone manufacturer (rebranded to HTC). They got hacked too.