I put my old Gmail accounts on websites like haveibeenpwned.com osintleak.com pentester.com and osint.industries

And the results had a lot of personal info like old usernames I used, old passwords, IP addresses and other info

What can I do now?

I deleted all of my old Gmail accounts. I changed all of my usernames everywhere or deleted the accounts associated with them and changed all the passwords. I use Proton and Email aliases when signing up for services and random generated passwords with fake info everywhere(if possible) and I do use a VPN on all of my devices.

Is there anything more I can do?

Because those Emails had my full real name in them and I used them literally everywhere.

  • @CatZoomies@lemmy.worldEnglish
    014 hours ago

    Nothing much you can do except make it harder for nefarious parties to get your information. If you’re in the U.S. most of your information is public. With two pieces of info about you, you’re one Google search away from your name, physical address, schools you went to, where you’re employed, etc. You can’t stop this, so just make it harder when your data does get leaked.

    Here are my best practices:

    • Own my email domain name and use it for generating unlimited random aliases.
    • Update old accounts using a random alias.
    • If an old account email can’t be updated or changed, spoil the information in their system by using fake info and then abandon the account (Anon O’Moose, 1234 Fake Street, Beverly Hills, CA 90210).
    • One alias per account - never shared.
    • Unique passwords via a password manager (e.g., passwords like ‘Obtuse4-Entangle-Matrix’).
    • Leverage virtual credit card numbers if your provider offers it. One virtual card per account - never shared.
    • Create accounts only if you have no choice.
    • Submit your formal request in Opt Out Prescreen to minimise the sale of your info.
    • Delete all centralised social media accounts. Instruct people to text or call you.
    • Switch to Linux completely if you can. Get off Windows and Mac where possible.
    • Get off iOS if you can and try to run a proper trusted degoogled OS where possible. You can experiment with Linux phones in the future but right now it’s not mature enough yet.
    • Get all your data on prem only. If you choose to backup some data for protection online, encrypt it before you upload it.
    • If your phone number has been leaked and you’re getting multi factor code requests, excessive spam, etc. consider getting a new phone number. Then update all your accounts to point to the new phone number. Once satisfied, deactivate your old phone number.
    • @guest@feddit.org
      011 hours ago

      Only other piece I would add to your great list: have at least one on-site and one off-site backup of your password manager, you’re 2FA codes, and your data.

      • @CatZoomies@lemmy.worldEnglish
        06 hours ago

        Use of a VPN depends on your privacy threat model.

        Using VPN at all times while using the internet like one normally does is beneficial only to the extent that you encrypt your traffic and prevent your ISP from spying on you… mostly. But if you’re logging into known accounts associated with you, then it’s a moot point. Your traffic is encrypted, but your use of services leaves an easy to follow cookie trail of where you’ve been.

        If your privacy threat model is much more serious, then you wouldn’t login to any known accounts while on your VPN. You wouldn’t use services that can be pinpointed to you.

        Hence, use a VPN to your discretion. If you generally don’t want your ISP spying on you, keeping it on is always best practice. If you have more things to hide, you’d want to use Tor while on VPN and of course don’t use any services that could be linked to you.