TVtropes.org has been hacked.

[nlinecomputers]

Got an email today from some hacker trying to blackmail me. He said he had my password, a series of random characters, and had access to my facebook, email, etc and was going to email the porn I had been watching and the webcam recording of me to all my contacts if I don't pay $2900 in bitcoin.

I use Dashlane and use random passwords for all my accounts. The password IS one of mine but from the tvtropes.org website. (I don't remember making an account there but I probably did) as I don't reuse passwords and a true hack of my account would have been ransomware or at least used one of my major accounts it is obvious that tvtropes.org has been breached. I have contacted them and am waiting for a reply.

If you have an account there I'd change your passwords.

 

[fencepost]

A note about these from Krebs: https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

 

[Archon Prime]

hahah that's hilarious https://www.imdb.com/title/tt5709230/?ref_=ttep_ep3

Watch this episode on netflix... it's like your life... but only more messed up. Same plot.

 

[nlinecomputers]

A note about these from Krebs: https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

Yep that is the exact text.

 

[DataMedics]

Got an email today from some hacker trying to blackmail me. He said he had my password, a series of random characters, and had access to my facebook, email, etc and was going to email the porn I had been watching and the webcam recording of me to all my contacts if I don't pay $2900 in bitcoin.

I got the same email, but he only asked me for $1800 in bitcoin. Perhaps he's running a side by side campaign to see which amount gets more payments.

I'm glad you were able to figure out which site it was that got hacked. I have one low security password I use for spammy sites I don't trust, so I couldn't tell where they got the password from.

 

[mraikes]

I got the same email, but he only asked me for $1800 in bitcoin. Perhaps he's running a side by side campaign to see which amount gets more payments.

I'm glad you were able to figure out which site it was that got hacked. I have one low security password I use for spammy sites I don't trust, so I couldn't tell where they got the password from.

Assuming you have your own domain, you should create a catch-all email address and use a different email for every site. That's what I do. Then when someone is compromised, or more likely - sells my info to some random 3rd party, I immediately know who the culprit was and can start blocking that single email address.

Even gmail addresses can be tweaked on the fly to accomplish something like this.

 

[fencepost]

Assuming you have your own domain, you should create a catch-all email address and use a different email for every site.

I've been doing that for probably 18 years (only registered my personal domain 19 years ago), though in more recent years I've somewhat abandoned blocking the addresses. I should start that again, my excuse is that these days I almost never even look in that catchall except for specific things.

 

[mraikes]

I've been doing that for probably 18 years (only registered my personal domain 19 years ago), though in more recent years I've somewhat abandoned blocking the addresses. I should start that again, my excuse is that these days I almost never even look in that catchall except for specific things.

My catch all is forwarded to my "real" address. So I still get everything sent to my domain regardless of address.

 

[fencepost]

I have a separate "catchall" account used for that, plus what I consider the main account which is the address for friends and family. I've set up a few aliases on the hosting side so some addresses get redirected into the main account (financial/insurance stuff mostly), but the bulk of things go into catchall and are only downloaded on a PC.

The personal account is linked on my phone and auto-syncs, the catchall account is there but is a manual sync only in case I need to retrieve something specific.

And yes, I'm still using POP3 for my personal stuff.

 

[YeOldeStonecat]

It's a list the scammer bought on the black market. The list is usernames and passwords..many hackers sell these lists. This scammer bought the list in hopes of making more money via bitcoin payments from recipients of these emails.

My wife got this email last week, it had one of her slightly older passwords she still uses for a few non important sites. We never had any account at TVRopes. Could have been from one of her older Yahoo email accounts she stopped using many years ago. Or one of her online purchasing accounts like QVC, HSN, who knows. Anyways, what accounts she has used that password with..I had her change those PWs. Trying to get her to do that on a regular basis anyways.

 

[DataMedics]

I just use about five or six email addresses and keep it compartmentalized. I have a couple for different personal things, one I make available on my website and in the various online directories (this gets a fair bit of spam but I've got to check it),

I have another that I use to correspond with actual customers and another I use for when I make purchases so I keep the receipts there, and another that I use for sign-ups to things I expect will sell/spam my email (I don't check this one every day, it only caught my eye when I saw the password I'd used in the subject line.).

I must admit though, I do like the idea of using forwarder email addresses for this sort of crap. That way I can just dump an address later if it's getting spammed out and they'll get the lovely bounce messages back.