Recently I signed up for a web security service which includes a scan of the “dark web” for birthday, driver’s license number, email addresses and other information you wish to have scanned. Being the skeptical person I only entered my email addresses and quickly found out that there was a security breach on a site which may have compromised my email address and password.
This site, Chegg (no direct contact from them), is a place to buy and rent textbooks that I used to get a book for an auto mechanics course. Because I had to set up an account it required an email address and password. Probably like many, I have had a password that is used for a number of sites and services and this site may have been one of those. While I cannot be sure that this site is how the info was shared I got a message from Netflix that a new user had logged in using a Microsoft Surface, which I do not own, and my email address was changed. I called Netflix and the account was taken back without any delay. This led me to check my Sirius/XM account where I used the same password and sure enough there was an additional user added to my account.
The point of my story is to warn others that use the same password for sites to update them. It appears that within the community that hacks digital information it is common to look for services and steal them because many users do not pay close attention to them as long as it is working.
I’m sure Rusty and others know more about this but my experience may help.