Did I get that unlucky and get assigned a bad IP?
Its mobile data btw.
And I don’t wanna point fingers and blame Proton, but like… c’mon,
First of all, its a real IP address,
Second, even if it were a VPN, so what, your company literally runs a VPN lol, kinda ironic.
And its also a paid account, and I rarely (almost never) send outgoing emails.
But again, this is just a small annoyance, I generated a new password in Keepass and its seems fixed.
Do you have two factor authentication set up? A lot of sites - Proton included - institute stricter security measures if you do not have 2FA enabled.
No 2fa, because the password is like 64 random characters stored in Keepass which itself is secured by a 10 word passphrase, 2fa seems redundant IMO.
Can’t Keepass also generate TOTPs?
Proton doesn’t know that your password is 64 characters long because the hash will be the same length regardless. They also don’t know if you’ve reused your password on other sites.
The alert seems to indicate a compromised account, this can mean a lot more than “a bad IP”. Your account may have shown up in a “dump” and they took action to ensure your safety. Have you tried putting your email address into HaveIBeenPwned. While the normal recommendation would be to not put your email address in a random web form, this site is actually run by a well known security researcher and just lets you know if you have shown up in such a dump in the past.
Another possibility would be that they have seen a major change in your IP geolocation in a short time. This is referred to as “improbable travel” and it’s something which many security departments take action on. If you login from an IP address which is associated with Paris, France and then an hour later are logging in from Dubai, UAE, this is going to be flagged. Sure, you might travel between those two locations, but you ain’t doing it in an hour. So, your account gets flagged as possibly compromised.
even if it were a VPN, so what, your company literally runs a VPN
Right, but they may not know that you are using another VPN. So, continuing the issue above of “improbably travel”. If you are on Proton’s VPN, they know all of their exit IP address and likely take them into account. But, if you are using a different company’s VPN, Proton likely doesn’t know all of that company’s exit IP addresses and so can’t account for them. Consider the situation from their perspective:
- You are using some other VPN and they force you to do a password reset.
- Outcome - you’re a bit annoyed, but ultimately your mail account is safe.
- Some attacker has your password and tried to use it to access your mailbox, but Proton stopped the login and forced a password reset.
- Outcome - you are a bit annoyed, but your mail account is safe.
- Some attacker has your password and tried to use it to access your mailbox, and Proton let them in.
- Outcome - You get wrecked and are really unhappy.
No matter what, Proton is going to lose out a bit to you being unhappy. However, if they force the password reset, the worst case is you being slightly annoyed about a password reset. By not taking action, they risk your account being fully compromised, which can be very, very bad for you. So, they are likely to be more proactive in forcing a password reset than you might like. This will be especially true if you do not have any sort of two-factor authentication setup. If the whole game is lost by one password being lost, any whiff of that password being compromised will result in a password reset.
Ultimately, it is am annoyance but one which is actually positive for you. They take your email security seriously enough that, when their system detected something, they took action to keep you safe.
- You are using some other VPN and they force you to do a password reset.
- Outcome - you’re a bit annoyed, but ultimately your mail account is safe.
Yeah, make sense, this is exactly what mildlyinfuriating is lol, not something that ruins your life, just a slight annoyance that might or might not be anyone’s fault, just unfortunate circumstances of the world (the unfortunate circumstance of the fact that fraudsters and hackers exist)
Ya, I just find that the mildly infuriating things can be less so by knowing why they are happening. As someone who regularly resets user passwords professionally (not for Proton), I figured I could give some insight into why this happens.
Seriously surprised no one has said this yet, but overzealous companies sometimes flag mobile ISPs just for being mobile ISPs. I have T-Mobile as my home internet provider and I deal with this fairly often.
I take it as a sign of less than great security. Users on mobile ISPs tend to change IPs a lot, meaning implementing blocks like this is lazy and unhelpful. At best, they delay a bad actor until they flip a switch. At worst, they impede or completely block legitimate users such as yourself.
have T-Mobile as my home internet provider and I deal with this fairly often.
I have the same ISP and the same issue. I believe a lot of the issue is that T-Mobile uses CGNAT on their network. This means that your public IP is shared with a lot of other people and it means your “location” (based on your public IP) can jump around from time to time. I’ve had Netflix get bitchy about this before as my connection seemed to be coming from Maryland instead of Virginia and their records indicate that I’m not a terrible driver.
I remember that Paypal locked my account close to Christmas because I bought the product on a laptop using a tethered mobile access. Paypal detected that I was not using a standard connection and froze the account. That would be fine but even the support team at PayPal couldn’t remove that flag even if I provided my full identity etc.
Since then I never used Paypal.
Oh yea, that could explain why Uber keeps blocking me the one time I needed it, but lyft worked fine tho. Idk how it is now, haven’t needed those services for a long time.
where does it say anything about your ip?
Well it doesn’t say that, just an inference I made, since I haven’t done anything suspicious with email, so IP is the only logical conclusion since that changes like every time data gets turned off and back on (like daily reboots).
And some CGNAT is often mentioned, so maybe there’s a spammer on the same Shared CGNAT IP? Idk, kinda very unlucky, and probably uncommon since its the first time I got this.
It’s more likely the result of automated login attempts because your email is on a leaked list and they forced a password reset on you to protect your account.
Damn if that’s the case, my paranoia is gonna go overdrive.
Btw, has anyone here actually got hacked? I feel like the media always overexaggerates “hacking” and its mostly people just using weak passwords (user error), not really hacking.
Btw, has anyone here actually got hacked?
Lots of people have, usually it’s because they downloaded a cracked application that trojan-horsed a virus onto their system, or they installed a bad browser extension. Once on the system, the malware goes nuts spreading to other systems on their network, using keyloggers to grab passwords, etc.
Keep browser extensions to an absolute minimum, don’t download program crackers or cracked programs to get around licensing costs, don’t install random 3rd party software on your computer without serious vetting, use strong AND UNIQUE passwords for every account along with 2FA wherever possible, and you should be fine.
Oh, and lock your credit at all 3 bureaus. Every person in the US has had their information leaked by now, including full legal name, current and all previous mailing addresses, phone number, email, mother’s maiden name, and social security number. None of that information is private anymore. Freeze your credit to prevent someone from easily buying your info on the black web and stealing your identity. It’s free and you can temporarily unfreeze it at any time when you need to run a credit check (loan application, etc).
Yea I have a steamdeck for the umm… sailing the high seas, but I definitely don’t and will never, do banking on there.
Damn if that’s the case, my paranoia is gonna go overdrive.
You can check on https://haveibeenpwned.com/
Btw, has anyone here actually got hacked? I feel like the media always overexaggerates “hacking” and its mostly people just using weak passwords (user error), not really hacking.
It’s more likely to be that they found out your login credentials, yes.
They might find a site with crappy security where they can try many usernames and passwords without getting blocked or they might actually hack the site and get the password list.
Having a strong password, not reusing passwords and enabling MFA goes a long way towards protecting against those scenarios.
I did have my debit card details stolen a few years ago. The first I knew about it was a text message from my bank telling me they’ve frozen my account and I need to call the phone number printed on the back of my card ASAP. Spoke to a chap in the fraud department, we went through a list of recent transactions, flagged two charity donations I didn’t recognise (apparently that’s a common way for fraudsters to figure out whether your card is valid), and the bank gave me a new account, new card, new everything.
(incidentally, your bank never needs you to move your money to a “safe” account, they already have your money, they do that for you)
weak passwords (user error) not really hacking
If you need to cross a chasm, and someone rolls a boulder in that lets you get across, are you going to go into all the ways that it wasn’t really a bridge?
Hacking is about making stuff do things outside is intended purpose. There are no prescriptions on how; hacking doesn’t gatekeep. If it works, it’s a hack. Convincing sometime to open the door for you is social engineering, for example.
So, if someone uses/reuses weak passwords, it’s fair to say that’s an easy hack, but it’s still a hack.
Ticketmaster database with credit card information got hacked years ago. I got an email confirming it and got a credit card transaction for about 1000 euros. Got a bit to explain and convince the credit card company, but they reversed it and blocked the card.
As for your case, just use very strong and unique passwords in a password manager like KeePass and you’ll be fine. It won’t hurt to rotate your password now, though.
There’s a chance that malware is running on your device that is causing your IP address to get flagged
it says account? not IP, not mobile data?
why do you think its IP?
Because every time I turn off my internet (mobile data) and back on again, I get a different IP (I check it a few times in the past out of curiosity), I don’t send a lot of outgoing emails and my passwords are complex ones with Keepass, and I don’t download suspicous stuff on my phone, so the common denominator seems to be IP.
Most cellular data providers I’ve seen use CGNAT.
Hell, the last 3 isps I’ve used have also been CGNAT networks.
And with CGNAT, you share your IP with however many other people. Maybe not at VPN scale, but it’s not 1:1 like it used to be.
It’s a good sign, make the message reliably repeatable - remember how you did it. It’s your path out of being tracked.
I’ve had this happening more and more recently as the tracking has been tightened up.
- Use mullvad.
- probably ur email got pwned –> use mullvad. That way the only reason your acc will ever be logged into is your own incompetence to secure a 16 char sequence.
