You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
My wife has been getting the occasional email saying they have pictures/videos etc of her. These have gone straight in the block email bin.
However yesterday she received a similar email but this time they included a password that she uses on a number of shopping/other websites. (It’s not an obvious password)
Obviously she will now have to change all passwords on the different sites.
Is there anyway we can tell where the compromise has come about?
She predominantly uses iPhone / Mac. The only difference is that I logged into one of her shopping accounts on our laptop at the weekend.
Any suggestions or have they just got very very lucky with the password ?
Edit: that links to a password checker too.
It's unlikely to be anything you've done, there have been 100s of breaches at companies across the world.
One of those many sites has been hacked and now they have your password associated with the email.
Ive been getting them for a while. I changed all my passwords a while ago but like many I had been lazy and used the same password across multiple sites.
That site will tell you the likely source of the hack.
Doesn't tell you which list anymore as there's a massive list last year been released rather than any access to your devices I'd suggest.
Should answer your questions.
Right action don't pay and change password on sites where that is used.
Maybe they accept PayPal gift instead?
Loads of passwords get compromised from various sites, chances are your wifes was one of these and she uses it across multiple sites.
1. Change all passwords - you are already on to this
2. Register wi https://haveibeenpwned.com/
- despite the dodgy name they will check your email against all known password hacks, and email you when a new site is compromised and the list includes your email.
3. use two factor authentication - especially on your email account as with this they can reset all you r passwords
4. Ignore the spam email
Obviously she will now have to change all passwords on the different sites.
Thats a very sensible action to take.
She predominantly uses iPhone / Mac.
Makes no difference if the website you access gets hacked.
As others have said its the latest trend in scamming emails.
The number of sites which have been hacked and the email/passwords stolen is insane. Sadly the number of those sites which completely failed in protecting information and didnt hash the passwords whilst not as high is still appalling.
So its easy to get a email and password combo at which point it looks more valid than just the email.
You could try and figure out the specific site but considering how many of them they are I would say its a waste of time.
Using unique passwords by site at least for anything important (for me anything where my money can be spent. some might add facebook etc) is key nowadays.
Also, and perhaps it goes without saying, use different passwords for every site / application.
If you use the same one, a breach on something innocuous, say STW 😉 can mean that your more sensitive accounts are compromised.
This thread is useless without pics.
I get several variations of those emails a day but only to email address picked up from one a hacked database.
Thanks for the advice all very helpful.
The website says my wife’s email has been compromised 6 times, and my own 3 ! (Including password)
I had a similar email, but they were quoting an old password, giving me some assurance that it was from a hack that occurred several years ago. HaveIbeenpwned concurred.
Given they all make a demand for bitcoin I’ve just set a filter sending any messages with that in the content to trash
I've had eBay, Amazon and PayPal compromised in the last couple of weeks. All different passwords and it doesn't look like there's anything nasty running on my machines.
It's a royal PIA I tell thee.
To give you an idea of the scope of the problem:
A hacker that was selling details of nearly 620 million online accounts taken from 16 websites has now put up a second batch of 127 million records originating from 8 other sites for sale on the dark web.
The account details are currently being offered for $20,000 in Bitcoin on dark web marketplace Dream Market
The sites in question seem to be;
Package 1:
• Dubsmash — 162 million accounts
• MyFitnessPal — 151 million accounts
• MyHeritage — 92 million accounts
• ShareThis — 41 million accounts
• HauteLook — 28 million accounts
• Animoto — 25 million accounts
• EyeEm — 22 million accounts
• 8fit — 20 million accounts
• Whitepages — 18 million accounts
• Fotolog — 16 million accounts
• 500px — 15 million accounts
• Armor Games — 11 million accounts
• BookMate — 8 million accounts
• CoffeeMeetsBagel — 6 million accounts
• Artsy — 1 million accounts
• DataCamp — 700,000 accounts
Package 2:
• Houzz — 57 million accounts usernames and hashed passwords
• YouNow — 40 million accounts usernames and IP addresses
• Ixigo — 18 million accounts usernames and MD5 hashed passwords, which could be trivially easy to break
• Stronghold Kingdoms — 5 million accounts accounts and HMAC-RIPEMD160 hashed passwords
• Roll20.net — 4 million accounts usernames and bcrypt hashed passwords
• Ge.tt — 1.83 million accounts usernames and sha256 hashed passwords
• Petflow and Vbulletin forum — 1.5 million accounts usernames and MD5 hashed passwords, which could be trivially easy to break
• Coinmama (Cryptocurrency Exchange) — 420,000 accounts usernames and PHPASS hashed passwords
The same hacker(s) who go by the name of Gnosticplayers have just posted ANOTHER batch of hacked accounts;
Package 3:
• Pizap (Photo editor) — 60 million
• Jobandtalent (Online job portal) — 11 million
• Gfycat (GIF hosting service) — 8 million
• Storybird (Online publishing platform) — 4 million
• Legendas.tv (Movie streaming site) — 3.8 million
• Onebip (Mobile payment service) — 2.6 million
• Classpass (Fitness and Yoga centre) — 1.5 million
• Streeteasy (Real estate) — 990,000 (1 million)
• Btcturk (Cryptocurrency exchange platform) — 516,000
The hacker is selling each of the above listed hacked databases individually on Dream Market for a total worth 2.6249 Bitcoin (£7,848.34).
It's time to give serious consideration to using a password manager. There was a thread discussing this a couple of days ago.
I’ve had eBay, Amazon and PayPal compromised in the last couple of weeks. All different passwords and it doesn’t look like there’s anything nasty running on my machines.
If I was cynical and/or a betting man, I'd better there either is something on your machine or they have access to your mailbox.
I now find it is too hard to manage all the sites and passwords I use manually, so I use password manager software.