PHISHING and other animals
A couple of times now I've been contacted by a hacker who knows my passwordings (only the one for this site) and says he needs £100,000 to be put in his bitcoin account or he will make public the disgusting sites I visit. As I only have a computer at work and do not surf on my phone, he is talking about various work-based websites, the Daily Mail website, The Guardian website and the Gasroom. I am not sure which of these he finds most disgusting and plans to make public but as the only password he has is the one I use(d) on here I thought I might warn everyone just in case. Unfortunately he has vastly over-estimated my wealth and so I don't plan on paying him and will no doubt soon be outed as a liberal/nazi/meeja professional League One football fan with no head for business. Please do not be shocked.
Comments
Sorry to hear this. Unfortunately some do pay up when threatened in this way, albeit the sum settled at is usually more affordable. @Wendoverman have you reported it to Action Fraud at all? I know that the moderators can match email addresses to posters on here but can they see passwords too?
It is being dealt with by our internal work hackmeisters @Onlooker . Judging by the language used I can only assume it is a foreign gentleman/woman. I must admit I preferred it when they very politely asked for me to hold £80 million in my account for a short period.
Either the a Daily Mail or the Guardian depending on their political persuasion.
@Onlooker I don’t think so.
Passwords on this site are salted and hashed so it's definitely not a leak from here. I've had about 20 of these emails too btw, I think they're using the leaked Yahoo data from a few years back, but you can check your email address in the database on Have I Been Pwned (genuine site, safe to use) and it'll tell you where you were leaked.
Edit: to add, the password I get sent in these emails I haven't used for donkeys years and these days I use 50 character random passwords generated by 1Password which I highly recommend to everyone who'll listen.
Thanks for that @drcongo looking at said site it would suggest it was linkedin what done it. Not only have they not found me a better job they've sold me identity!
The way things are these days everyone should be doing this. Unfortunately too many people either use the same not very secure password for everything or have them on a post it note stuck to their PC. Honourable mention for Lastpass too btw - I'd lose access to everything if I lost access to Lastpass!
Careful with the mudslinging @Wendoverman . @drcongo might not be too diplomatic for a defamation lawsuit but the likes of Linkedin may not be.
@rolo I'm going by the list on the site the good doctor suggested. As that and this were the only places I used the same password. I will be perfectly happy for them to tell me my details were totally safe though...
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
Compromised data: Email addresses, Passwords
And I'm only pointing out it happened not pointing the finger or contacting my lawyers. Gasroom aside, I don't visit any sites that would be worth £100,000 to keep quiet about.
Sorry, I didn't intend to sound confrontational. It just occurred to me that your first post said that you only use the password in question on this site and later on you state it's used on Linkedin as well. Just advising caution against posting this kind of thing too publicly as people may look to sue you (as opposed to the other way round).
no worries @Rolo if I am not one of the 164 million I will be happy to issue an apology.
thnigs getting a bit tench
I worry about the hours you work. I’ve not got you mentally down as a 9-5 poster.
@Rolo Lastpass is a totally acceptable alternative, and has a Linux version. So long as one uses some kind of password manager.
For anyone who isn’t using one, the reason it matters is that every time these lists are circulated they get used for credentials stuffing - wherein your email address and password are put into every site that could be used to compromise you in some way, from banking to porn sites. With that in mind, your email address deserves extra layers of security (switch on two factor authentication) because if someone can get in to your email they can get into everything else.
??
@bookertease I do work strange hours and long days as I do top secret work for the government. But don't tell anyone else.
It okay @Wendoverman. The Russians already told me
I worked that out from reading your emails.