Go Back   English Forum Switzerland > Support > Support > Forum support  
Reply
 
Thread Tools Display Modes
  #1  
Old 13.01.2019, 14:45
Forum Veteran
 
Join Date: May 2007
Location: Basel
Posts: 577
Groaned at 13 Times in 7 Posts
Thanked 253 Times in 154 Posts
SwissMorgs is considered knowledgeableSwissMorgs is considered knowledgeableSwissMorgs is considered knowledgeable
Englishforum security breach?

Hi,

Today I received a ransom email to my private gmail account, informing me that they (the sender) knows my password and then went on to show it (it was correct/accurate).

They then gave me two options

Option 1) I ignore their email at which point they will email all of my contacts with a link to some porn I've been watching (curious to know which one it is )

Option 2) I deposit an amount of US$800 using bitcoin to a particular address.

So why am I sharing this with you?

I use different passwords for every site I access/use and the password they listed/showed is the one I use to access Englishforum.

Thoughts/comments? Anyone else experience this?

==

ADMIN EDIT: Full statement on this security alert here: englishforum.ch/security
Reply With Quote
The following 4 users would like to thank SwissMorgs for this useful post:
  #2  
Old 13.01.2019, 14:55
TheLaughingCow's Avatar
Senior Member
 
Join Date: Apr 2012
Location: Der Schweizer Mittelland
Posts: 271
Groaned at 2 Times in 2 Posts
Thanked 209 Times in 113 Posts
TheLaughingCow has earned the respect of manyTheLaughingCow has earned the respect of manyTheLaughingCow has earned the respect of many
Re: Englishforum security breach?

Scam !


Had to reply, because I hate this kind of stuff. Don't send any payments.

I doubt Englishforum was breached, but they could have gotten the password in countless ways off your computer or phone.

If you work for a large company, they could have gotten it off your work computer if you login to Englishforums at work.


p.s. how were you able to post this if they have your password ?

p.p.s delete all your contacts, just in case scammer tries to scam any of them.
Reply With Quote
This user groans at TheLaughingCow for this post:
  #3  
Old 13.01.2019, 15:00
aSwissInTheUS's Avatar
Forum Legend
 
Join Date: Nov 2007
Location: Zurich area
Posts: 12,086
Groaned at 91 Times in 82 Posts
Thanked 18,405 Times in 8,183 Posts
aSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond repute
Re: Englishforum security breach?

If you use the password only here these possible options:

EF has been indeed hacked. Others might get a similar mail soon.
Not much of concern for me as I use a different password for every site as well. But all those which re-use the password, have the same for Facebook, twitter, or shopping sites should change their passwords ASAP. Never resuse password!

You accessed EF from an non-trusted computer and a key-logger captured your password. Think when that might have happened and what other sites you accessed at that time. Change all the possible affected passwords plus all important ones where a lot of harm could occur (All e-mail accounts, major social networks, important shopping sites).

One of your own devices became compromised. In the worst case even the master password for your password database such as https://pwsafe.org/ plus the database itself has been copied. Find the affected device, wipe it clean, maybe even trash it, reset ALL passwords.
__________________
"Okay, I just hope we don't wake up on Mars or something surrounded by millions of little squashy guys."
Reply With Quote
The following 4 users would like to thank aSwissInTheUS for this useful post:
  #4  
Old 13.01.2019, 15:01
aSwissInTheUS's Avatar
Forum Legend
 
Join Date: Nov 2007
Location: Zurich area
Posts: 12,086
Groaned at 91 Times in 82 Posts
Thanked 18,405 Times in 8,183 Posts
aSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
p.s. how were you able to post this if they have your password ?
They have to change it first.
Reply With Quote
This user would like to thank aSwissInTheUS for this useful post:
  #5  
Old 13.01.2019, 15:02
TheLaughingCow's Avatar
Senior Member
 
Join Date: Apr 2012
Location: Der Schweizer Mittelland
Posts: 271
Groaned at 2 Times in 2 Posts
Thanked 209 Times in 113 Posts
TheLaughingCow has earned the respect of manyTheLaughingCow has earned the respect of manyTheLaughingCow has earned the respect of many
Re: Englishforum security breach?

Triple p.s.

Please read this article about Sextortion scams demanding Bitcoin , it should help you figure out what you need to do :

Change your password !

https://www.eff.org/deeplinks/2018/0...anding-bitcoin
Reply With Quote
  #6  
Old 13.01.2019, 15:05
Banned
 
Join Date: Jan 2019
Location: close to the frontier
Posts: 1,018
Groaned at 141 Times in 86 Posts
Thanked 597 Times in 379 Posts
Clocker has become a little unpopular
Re: Englishforum security breach?

I recently had an email in German telling me to immediately transfer a large sum in bitcoins and if I didn't then all my social media (specifically Facebook) contacts, family, friends and work colleagues would receive a video of me 'doing something to myself' in front of my webcam...

I saw two main flaws with this threat:

1. I have never had a facebook account or any other social media account.
2. I don't have a webcam and have not had one for over 15 years.

In my view these things are just sent out totally at random. I found the email in an account that is barely used and it was not addressed personally to me.
Reply With Quote
This user would like to thank Clocker for this useful post:
  #7  
Old 13.01.2019, 16:46
Guest
 
Posts: n/a
Re: Englishforum security breach?

Oh, no, who has been watching porn again

as said, a scam - ignore and report.
Reply With Quote
The following 4 users would like to thank for this useful post:
  #8  
Old 13.01.2019, 18:05
Banned
 
Join Date: Oct 2007
Location: CH
Posts: 10,919
Groaned at 2,041 Times in 1,124 Posts
Thanked 5,139 Times in 3,246 Posts
omtatsat omtatsat omtatsat omtatsat omtatsat
Re: Englishforum security breach?

Quote:
View Post
If you use the password only here these possible options:

EF has been indeed hacked. Others might get a similar mail soon.
Not much of concern for me as I use a different password for every site as well. But all those which re-use the password, have the same for Facebook, twitter, or shopping sites should change their passwords ASAP. Never resuse password!

You accessed EF from an non-trusted computer and a key-logger captured your password. Think when that might have happened and what other sites you accessed at that time. Change all the possible affected passwords plus all important ones where a lot of harm could occur (All e-mail accounts, major social networks, important shopping sites).

One of your own devices became compromised. In the worst case even the master password for your password database such as https://pwsafe.org/ plus the database itself has been copied. Find the affected device, wipe it clean, maybe even trash it, reset ALL passwords.
Getting a bit carried away here I think?
Reply With Quote
This user groans at omtatsat for this post:
  #9  
Old 13.01.2019, 18:16
Forum Veteran
 
Join Date: Feb 2012
Location: CH
Posts: 2,304
Groaned at 87 Times in 73 Posts
Thanked 2,002 Times in 1,123 Posts
ivank has a reputation beyond reputeivank has a reputation beyond reputeivank has a reputation beyond reputeivank has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
I use different passwords for every site I access/use and the password they listed/showed is the one I use to access Englishforum.
what was the password and how easy to guess it was?

they didn't guess mine
Reply With Quote
  #10  
Old 13.01.2019, 18:23
NotAllThere's Avatar
Forum Legend
 
Join Date: Oct 2008
Location: Baselland
Posts: 12,440
Groaned at 191 Times in 168 Posts
Thanked 17,948 Times in 7,307 Posts
NotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
Getting a bit carried away here I think?
The omtatsat EF account was hacked many years ago by a grumpy, argumentative old man. The real omtatsat is a youngish lady who does a lot of work for charidee, but doesn't like to talk about it.
Reply With Quote
The following 6 users would like to thank NotAllThere for this useful post:
  #11  
Old 13.01.2019, 18:39
Banned
 
Join Date: Oct 2007
Location: CH
Posts: 10,919
Groaned at 2,041 Times in 1,124 Posts
Thanked 5,139 Times in 3,246 Posts
omtatsat omtatsat omtatsat omtatsat omtatsat
Re: Englishforum security breach?

Been using 1234 for many years. Never a problem
Reply With Quote
The following 4 users would like to thank omtatsat for this useful post:
  #12  
Old 13.01.2019, 18:42
Spinal's Avatar
Forum Veteran
 
Join Date: Dec 2016
Location: Zurich
Posts: 1,046
Groaned at 9 Times in 8 Posts
Thanked 900 Times in 421 Posts
Spinal has a reputation beyond reputeSpinal has a reputation beyond reputeSpinal has a reputation beyond reputeSpinal has a reputation beyond repute
Re: Englishforum security breach?

Have a look at

haveibeenpwned.com


you can search both by email address and by password - and it'll tell you if it was leaked in a large public leak at some point...
Reply With Quote
The following 2 users would like to thank Spinal for this useful post:
  #13  
Old 13.01.2019, 18:47
Banned
 
Join Date: Oct 2007
Location: CH
Posts: 10,919
Groaned at 2,041 Times in 1,124 Posts
Thanked 5,139 Times in 3,246 Posts
omtatsat omtatsat omtatsat omtatsat omtatsat
Re: Englishforum security breach?

Quote:
View Post
Have a look at

haveibeenpwned.com


you can search both by email address and by password - and it'll tell you if it was leaked in a large public leak at some point...
Isn't it haveibeenpawned.com
Reply With Quote
  #14  
Old 13.01.2019, 19:21
Forum Legend
 
Join Date: Aug 2015
Location: Zurich
Posts: 4,757
Groaned at 236 Times in 139 Posts
Thanked 5,312 Times in 2,431 Posts
ZuriRollt has a reputation beyond reputeZuriRollt has a reputation beyond reputeZuriRollt has a reputation beyond reputeZuriRollt has a reputation beyond reputeZuriRollt has a reputation beyond reputeZuriRollt has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
Been using 1234 for many years. Never a problem
Well, one could argue that your EF account is not top of the list as those to be hacked
Reply With Quote
The following 2 users would like to thank ZuriRollt for this useful post:
  #15  
Old 13.01.2019, 19:40
Forum Veteran
 
Join Date: Jan 2017
Location: St Gallen
Posts: 534
Groaned at 44 Times in 29 Posts
Thanked 283 Times in 167 Posts
Gramatyka356 has earned some respectGramatyka356 has earned some respect
Re: Englishforum security breach?

Quote:
View Post
what was the password and how easy to guess it was?

they didn't guess mine
Exactly, @SwissMorgs, can you post your old hacked password? Anyway, if EF was hacked we only risk spam, not a big deal.
Reply With Quote
  #16  
Old 13.01.2019, 19:51
aSwissInTheUS's Avatar
Forum Legend
 
Join Date: Nov 2007
Location: Zurich area
Posts: 12,086
Groaned at 91 Times in 82 Posts
Thanked 18,405 Times in 8,183 Posts
aSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
Well, one could argue that your EF account is not top of the list as those to be hacked
Any password database is worthwhile to be hacked as there are just too many people which reuse passwords over different sites.
Reply With Quote
This user would like to thank aSwissInTheUS for this useful post:
  #17  
Old 15.01.2019, 15:26
Forum Veteran
 
Join Date: Feb 2012
Location: Zürich
Posts: 935
Groaned at 3 Times in 3 Posts
Thanked 536 Times in 326 Posts
ChrisNeedsToKnow has a reputation beyond reputeChrisNeedsToKnow has a reputation beyond reputeChrisNeedsToKnow has a reputation beyond reputeChrisNeedsToKnow has a reputation beyond repute
was englishforum's forum-software hacked?

I sign up to each and every service using a different email-address. This way I know where someone got my email from.


Today I received the following SPAM/SCAM, but undoubtedly they must've gotten my email from englishforum:
  • I will paste the email below, just changing my personal data and the bitcoin address the spammer/scammer uses, and mark the changes in red.
  • The email was actually "from" my email "to" my email.
  • The password shows in clear text, so obvisously the Spammer/Scammer is now in possession of that password. It is indeed a password I used a while ago.
I guess others must have received this as well? It's apparently a pretty widespread kind-of phishing attack.




Quote:
---------- Forwarded message ---------
From: <my@email.com>
Date: Tue, 15 Jan 2019 at 11:51
Subject: High danger. Your account was attacked.
To: <my@email.com>


Hi!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your acc: On moment of crack (my@email.com) password: (this actually shows a password I once used)

You say: this is my, but old password!
Or: I will change my password at any time!

Of course! You will be right,
but the fact is that when you change the password, my malicious code every time saved a new one!

I've been watching you for a few months now.
But the fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence from e-mail and messangers.

Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $729 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: (Bitcoin address)

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.
Bye!
Reply With Quote
The following 2 users would like to thank ChrisNeedsToKnow for this useful post:
  #18  
Old 15.01.2019, 15:28
roegner's Avatar
Moderately Dutch
 
Join Date: May 2011
Location: Zurich
Posts: 10,269
Groaned at 346 Times in 288 Posts
Thanked 12,153 Times in 5,874 Posts
roegner has a reputation beyond reputeroegner has a reputation beyond reputeroegner has a reputation beyond reputeroegner has a reputation beyond reputeroegner has a reputation beyond reputeroegner has a reputation beyond repute
Re: was englishforum's forum-software hacked?

Ongoing issue, ignore and do not pay !

There are some more threads on this already, you are not alone
Reply With Quote
  #19  
Old 15.01.2019, 15:34
John_H's Avatar
Forum Legend
 
Join Date: May 2013
Location: Up above Nyon
Posts: 3,709
Groaned at 102 Times in 64 Posts
Thanked 4,792 Times in 1,886 Posts
John_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond repute
Re: was englishforum's forum-software hacked?

This is why i always make sure I've smartened up my hair, the lighting is good, a little background music maybe and get the angle just right for maximun exposure.

Before I knock one out in front of prawn hub.
Reply With Quote
The following 6 users would like to thank John_H for this useful post:
  #20  
Old 15.01.2019, 15:41
aSwissInTheUS's Avatar
Forum Legend
 
Join Date: Nov 2007
Location: Zurich area
Posts: 12,086
Groaned at 91 Times in 82 Posts
Thanked 18,405 Times in 8,183 Posts
aSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond reputeaSwissInTheUS has a reputation beyond repute
Re: was englishforum's forum-software hacked?

To answer your question, was englishforum's forum-software hacked?
Yes. Given your account plus https://www.englishforum.ch/daily-li...ty-breach.html most likely.

All the fools which reuse their password have to change them ASAP.

Quote:
View Post
  • The password shows in clear text, so obvisously the Spammer/Scammer is now in possession of that password. It is indeed a password I used a while ago.
I guess others must have received this as well? It's apparently a pretty widespread kind-of phishing attack.
It is called Scaremail.

Do you know in which time period you used the password? That might pin point the time of attack.
Reply With Quote
The following 2 users would like to thank aSwissInTheUS for this useful post:
Reply

Tags
englishforum hack, password stolen, security breach, security password hack




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security breach: avoid buying online and using ATMs [Heartbleed Vulnerability] olygirl TV/internet/telephone 27 07.06.2014 16:10
A security breach happened at [fill in the blank aSwissInTheUS Daily life 1 21.05.2014 19:44
Major security breach at LinkedIn Castro TV/internet/telephone 13 07.06.2012 18:17
US issued card holders take note ( security breach issue ) jrspet International affairs/politics 1 31.03.2012 15:54
Guardian Jobs in UK - Security Breach transition International affairs/politics 0 26.10.2009 14:51


All times are GMT +2. The time now is 06:29.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0