Englishforum security breach?
 

Hi,

Today I received a ransom email to my private gmail account, informing me that they (the sender) knows my password and then went on to show it (it was correct/accurate).

They then gave me two options

Option 1) I ignore their email at which point they will email all of my contacts with a link to some porn I've been watching (curious to know which one it is :msngrin:)

Option 2) I deposit an amount of US$800 using bitcoin to a particular address.

So why am I sharing this with you?

I use different passwords for every site I access/use and the password they listed/showed is the one I use to access Englishforum.

Thoughts/comments? Anyone else experience this?

==

ADMIN EDIT: Full statement on this security alert here: englishforum.ch/security

Re: Englishforum security breach?
 

Scam !


Had to reply, because I hate this kind of stuff. Don't send any payments.

I doubt Englishforum was breached, but they could have gotten the password in countless ways off your computer or phone.

If you work for a large company, they could have gotten it off your work computer if you login to Englishforums at work.


p.s. how were you able to post this if they have your password ?

p.p.s delete all your contacts, just in case scammer tries to scam any of them.

Re: Englishforum security breach?
 

If you use the password only here these possible options:

EF has been indeed hacked. Others might get a similar mail soon.
Not much of concern for me as I use a different password for every site as well. But all those which re-use the password, have the same for Facebook, twitter, or shopping sites should change their passwords ASAP. Never resuse password!

You accessed EF from an non-trusted computer and a key-logger captured your password. Think when that might have happened and what other sites you accessed at that time. Change all the possible affected passwords plus all important ones where a lot of harm could occur (All e-mail accounts, major social networks, important shopping sites).

One of your own devices became compromised. In the worst case even the master password for your password database such as https://pwsafe.org/ plus the database itself has been copied. Find the affected device, wipe it clean, maybe even trash it, reset ALL passwords.

Re: Englishforum security breach?
 

They have to change it first.

Re: Englishforum security breach?
 

Triple p.s.

Please read this article about Sextortion scams demanding Bitcoin , it should help you figure out what you need to do :

Change your password !

https://www.eff.org/deeplinks/2018/0...anding-bitcoin

Re: Englishforum security breach?
 

I recently had an email in German telling me to immediately transfer a large sum in bitcoins and if I didn't then all my social media (specifically Facebook) contacts, family, friends and work colleagues would receive a video of me 'doing something to myself' in front of my webcam...

I saw two main flaws with this threat:

1. I have never had a facebook account or any other social media account.
2. I don't have a webcam and have not had one for over 15 years.

In my view these things are just sent out totally at random. I found the email in an account that is barely used and it was not addressed personally to me.

Re: Englishforum security breach?
 

Oh, no, who has been watching porn again ;)

as said, a scam - ignore and report.

Re: Englishforum security breach?
 

Getting a bit carried away here I think?

Re: Englishforum security breach?
 

what was the password and how easy to guess it was?

they didn't guess mine :)

Re: Englishforum security breach?
 

The omtatsat EF account was hacked many years ago by a grumpy, argumentative old man. The real omtatsat is a youngish lady who does a lot of work for charidee, but doesn't like to talk about it. :D

Re: Englishforum security breach?
 

Been using 1234 for many years. Never a problem:rolleyes:

Re: Englishforum security breach?
 

Have a look at

haveibeenpwned.com


you can search both by email address and by password - and it'll tell you if it was leaked in a large public leak at some point...

Re: Englishforum security breach?
 

Isn't it haveibeenpawned.com

Re: Englishforum security breach?
 

Well, one could argue that your EF account is not top of the list as those to be hacked :msnblush:

Re: Englishforum security breach?
 

Exactly, @SwissMorgs, can you post your old hacked password? Anyway, if EF was hacked we only risk spam, not a big deal.

Re: Englishforum security breach?
 

Any password database is worthwhile to be hacked as there are just too many people which reuse passwords over different sites.

was englishforum's forum-software hacked?
 

I sign up to each and every service using a different email-address. This way I know where someone got my email from.


Today I received the following SPAM/SCAM, but undoubtedly they must've gotten my email from englishforum:

• I will paste the email below, just changing my personal data and the bitcoin address the spammer/scammer uses, and mark the changes in red.
• The email was actually "from" my email "to" my email.
• The password shows in clear text, so obvisously the Spammer/Scammer is now in possession of that password. It is indeed a password I used a while ago.

I guess others must have received this as well? It's apparently a pretty widespread kind-of phishing attack.

Re: was englishforum's forum-software hacked?
 

Ongoing issue, ignore and do not pay !

There are some more threads on this already, you are not alone

Re: was englishforum's forum-software hacked?
 

This is why i always make sure I've smartened up my hair, the lighting is good, a little background music maybe and get the angle just right for maximun exposure.

Before I knock one out in front of prawn hub.

Re: was englishforum's forum-software hacked?
 

To answer your question, was englishforum's forum-software hacked?
Yes. Given your account plus https://www.englishforum.ch/daily-li...ty-breach.html most likely.

All the fools which reuse their password have to change them ASAP.

It is called Scaremail.

Do you know in which time period you used the password? That might pin point the time of attack.