It appears someone in Thailand has got into my Expedia account and booked a flight to London. Expedia spotted it, all cancelled, didn’t use my payment card, have changed passwords etc.

It seems though that they now know I have a genuine email address, and in the last 2 hours I’ve received 4,000 account sign up notifications – complete rubbish, mainly Word Press accounts etc. Any way to stop it? They’re all in junk, but loads of stuff I want goes into junk. Have had the email address a long time, so slightly loathed to ditch it, as it’s associated with basically every account I have.

I’ve changed my (unique) email password to be sure, but I’m pretty sure there was no compromise of my email account – I have two-factor authentication etc. Obviously this is just a spambot using my email address to sign up to thousands of accounts, for which I’m receiving notification. It’s a bit annoying.

400 more while I typed this!

Your email service provider??

Don’t think there’s anything you can do to prevent someone using your email address when registering for accounts, as long as you’re confident your email account is still safe then the approval email step is the defence. Annoying for sure but I’d focus on trying to prevent the false positives going to junk so at least you don’t have to wade through junk email regularly to extract emails you want

Not that it helps with the email deluge but it’s probably worth a bit of a security review. DO you use the same password for a lot of sites? If so I’d start to address that. If they’ve accessed your email account they could use that to get into other places.

Do you have the same email address for each account? If there’s been a password leak from one account then it’ll be on a list and hackers or their robots will be testing loads of online accounts to see if that password works with those.

Less likely is they’ve hacked your actual email account, especially if you have two factor auth set. Worth scanning computer for malware. Keylogger perhaps. But it’s far more likely they’ve just got in to an online account, maybe managed to hack Expedia. Do they have anything to say about the compromise?

I’m very reluctant to let online sites store my card details these days just to be sure. Though Expedia may have a load of your personal details like DOB, address and passport number. That’s enough to be taking out loans and credit in your name. I’d keep an eye on your credit activity via Equifax/Experian etc (though Equifax got hacked recently in the US!)

Yeah, I’m pretty confident they’ve not compromised my email account (which is only a crappy Hotmail one, just one I’ve always used). Looks like it was just Expedia, I can’t honestly remember if that had a unique password, my email, online banks etc all do, so don’t think anything hugely nefarious is out there that wasn’t before at least. The guy’s name was in my Expedia account as a linked passenger, presumably paid for using a stolen card (not mine), they just piggy back on a legit account to make it harder to trace back to them. Bit weird, it’s a flight, you’ll need ID. As you say, I did have some personal details in Expedia, so will keep an eye on all that. I don’t think that seems to have been the aim though.

I was reading up last night – apparently it’s a common tactic to stop you noticing fraudulent transactions – sure enough when I searched I had the booking confirmation from Expedia among the 19700(!) emails I’d received this morning, but would have had no clue otherwise. They seem to have subsided now, I guess they just do an initial barrage, then stop. Have had 20 in the last hour, compared to >100 a minute last night.

They’re all in my junk email, so will filter through in the next couple of days. All very odd.