email with "your password is ____"

M

Mike Davis

New Member
Reaction score
1
Location
Auburn, NY
I'm sure many of you have seen the email that is going around telling users what their password is, saying they have video of them looking at porn, and demanding a ransom payment. Does anyone have any idea which websites have been hacked where they are getting the passwords from? I have one client that recognized the password as one that he used years ago, but not recently, and couldn't remember what site it went to. Other clients have used the password for other sites. (against my training not to reuse passwords)
 
Mike Davis said:
I'm sure many of you have seen the email that is going around telling users what their password is, saying they have video of them looking at porn, and demanding a ransom payment. Does anyone have any idea which websites have been hacked where they are getting the passwords from? I have one client that recognized the password as one that he used years ago, but not recently, and couldn't remember what site it went to. Other clients have used the password for other sites. (against my training not to reuse passwords)
Click to expand...
I just received one of these today.
 
Lots of password lists have been stolen over the years and the lists are sold on the dark web. The hackers are buying old lists and then sending the threating emails to the user as most services use your email as your login. There was a big wave of this about 3 months ago. Ignore the email as it is a fake threat but check the password if it is a valid one you should change that password and any other passwords you regularly use to be safe. And if you were stupid enough to reuse your password then change ALL the passwords on each the services you reused that password on and for God's sake don't make the same mistake of reusing a new password. Each service gets its own password and you should write them all down someplace to keep it safe or invest in a password management program like LastPass or Dashlane.
 
The one I got was a password I used at a site called tvtropes.com

I know for a fact that is the source as I used LastPass to create it and it was unique to that site. It also was a burner password and I didn't care that it had been compromised.
 
I get at least 7 a day, its definitely from an assortment of websites, some must have the username and password fields mixed up because they think a popular username I use is my password sometimes. Its almost always my junk password that I use for sites of no importance.
 
You can add Facebook to the list. I just tell people to keep an eye on the password in the message. If it's one you use, then clearly that password needs burned, change it everywhere. Otherwise, delete the mail and move on.

O365 is flagging most of them as spam at this point so most people aren't even seeing them unless they go look.
 
Just checked my spam bin and I am getting pounded with lots of the same email as before. 20-30 per day the past few days. All with that same password from TVtropes. So it's just the same hacker triggering a bot net from the looks of it.
 
You must log in or register to reply here.

Similar threads

HCHTech
That's some password security, man!
2
Replies
28
Views
982
britechguy
britechguy
thecomputerguy
Family friends son died unexpectedly and is out of options right?
Replies
15
Views
520
fincoder
fincoder
HCHTech
M365 can send but not receive email
2
Replies
20
Views
957
callthatgirl
callthatgirl
britechguy
Windows Password Reset Utilities - Which still work, and under what conditions?
Replies
19
Views
1K
fincoder
fincoder
Blue House Computer Help
[REQUEST] Gmail hacked (again)
Replies
19
Views
1K
Blue House Computer Help
Blue House Computer Help
Back
Top