Englishforum security breach?

[SwissMorgs]

Hi,

Today I received a ransom email to my private gmail account, informing me that they (the sender) knows my password and then went on to show it (it was correct/accurate).

They then gave me two options

Option 1) I ignore their email at which point they will email all of my contacts with a link to some porn I've been watching (curious to know which one it is )

Option 2) I deposit an amount of US$800 using bitcoin to a particular address.

So why am I sharing this with you?

I use different passwords for every site I access/use and the password they listed/showed is the one I use to access Englishforum.

Thoughts/comments? Anyone else experience this?

==

ADMIN EDIT: Full statement on this security alert here: englishforum.ch/security

[TheLaughingCow]

Scam !


Had to reply, because I hate this kind of stuff. Don't send any payments.

I doubt Englishforum was breached, but they could have gotten the password in countless ways off your computer or phone.

If you work for a large company, they could have gotten it off your work computer if you login to Englishforums at work.


p.s. how were you able to post this if they have your password ?

p.p.s delete all your contacts, just in case scammer tries to scam any of them.

[aSwissInTheUS]

	Quote:	TheLaughingCow
	p.s. how were you able to post this if they have your password ?

They have to change it first.

[Clocker]

I recently had an email in German telling me to immediately transfer a large sum in bitcoins and if I didn't then all my social media (specifically Facebook) contacts, family, friends and work colleagues would receive a video of me 'doing something to myself' in front of my webcam...

I saw two main flaws with this threat:

1. I have never had a facebook account or any other social media account.
2. I don't have a webcam and have not had one for over 15 years.

In my view these things are just sent out totally at random. I found the email in an account that is barely used and it was not addressed personally to me.

[aSwissInTheUS]

If you use the password only here these possible options:

EF has been indeed hacked. Others might get a similar mail soon.
Not much of concern for me as I use a different password for every site as well. But all those which re-use the password, have the same for Facebook, twitter, or shopping sites should change their passwords ASAP. Never resuse password!

You accessed EF from an non-trusted computer and a key-logger captured your password. Think when that might have happened and what other sites you accessed at that time. Change all the possible affected passwords plus all important ones where a lot of harm could occur (All e-mail accounts, major social networks, important shopping sites).

One of your own devices became compromised. In the worst case even the master password for your password database such as https://pwsafe.org/ plus the database itself has been copied. Find the affected device, wipe it clean, maybe even trash it, reset ALL passwords.

[TheLaughingCow]

Triple p.s.

Please read this article about Sextortion scams demanding Bitcoin , it should help you figure out what you need to do :

Change your password !

https://www.eff.org/deeplinks/2018/0...anding-bitcoin

Oh, no, who has been watching porn again

as said, a scam - ignore and report.

[omtatsat]

	Quote:	aSwissInTheUS
	If you use the password only here these possible options: EF has been indeed hacked. Others might get a similar mail soon. Not much of concern for me as I use a different password for every site as well. But all those which re-use the password, have the same for Facebook, twitter, or shopping sites should change their passwords ASAP. Never resuse password! You accessed EF from an non-trusted computer and a key-logger captured your password. Think when that might have happened and what other sites you accessed at that time. Change all the possible affected passwords plus all important ones where a lot of harm could occur (All e-mail accounts, major social networks, important shopping sites). One of your own devices became compromised. In the worst case even the master password for your password database such as https://pwsafe.org/ plus the database itself has been copied. Find the affected device, wipe it clean, maybe even trash it, reset ALL passwords.

Getting a bit carried away here I think?

[NotAllThere]

	Quote:	omtatsat
	Getting a bit carried away here I think?

The omtatsat EF account was hacked many years ago by a grumpy, argumentative old man. The real omtatsat is a youngish lady who does a lot of work for charidee, but doesn't like to talk about it.

[omtatsat]

Been using 1234 for many years. Never a problem

[ZuriRollt]

	Quote:	omtatsat
	Been using 1234 for many years. Never a problem

Well, one could argue that your EF account is not top of the list as those to be hacked

[Spinal]

Have a look at

haveibeenpwned.com


you can search both by email address and by password - and it'll tell you if it was leaked in a large public leak at some point...

[omtatsat]

	Quote:	Spinal
	Have a look at haveibeenpwned.com you can search both by email address and by password - and it'll tell you if it was leaked in a large public leak at some point...

Isn't it haveibeenpawned.com

[ivank]

	Quote:	SwissMorgs
	I use different passwords for every site I access/use and the password they listed/showed is the one I use to access Englishforum.

what was the password and how easy to guess it was?

they didn't guess mine

[Gramatyka356]

	Quote:	ivank
	what was the password and how easy to guess it was? they didn't guess mine

Exactly, @SwissMorgs, can you post your old hacked password? Anyway, if EF was hacked we only risk spam, not a big deal.

[ChrisNeedsToKnow]

I sign up to each and every service using a different email-address. This way I know where someone got my email from.


Today I received the following SPAM/SCAM, but undoubtedly they must've gotten my email from englishforum:

• I will paste the email below, just changing my personal data and the bitcoin address the spammer/scammer uses, and mark the changes in red.
• The email was actually "from" my email "to" my email.
• The password shows in clear text, so obvisously the Spammer/Scammer is now in possession of that password. It is indeed a password I used a while ago.

I guess others must have received this as well? It's apparently a pretty widespread kind-of phishing attack.

	Quote:
	---------- Forwarded message --------- From: <my@email.com> Date: Tue, 15 Jan 2019 at 11:51 Subject: High danger. Your account was attacked. To: <my@email.com> Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your acc: On moment of crack (my@email.com) password: (this actually shows a password I once used) You say: this is my, but old password! Or: I will change my password at any time! Of course! You will be right, but the fact is that when you change the password, my malicious code every time saved a new one! I've been watching you for a few months now. But the fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence from e-mail and messangers. Why your antivirus did not detect my malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $729 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: (Bitcoin address) After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Bye!

[roegner]

Ongoing issue, ignore and do not pay !

There are some more threads on this already, you are not alone

This is why i always make sure I've smartened up my hair, the lighting is good, a little background music maybe and get the angle just right for maximun exposure.

Before I knock one out in front of prawn hub.

	Quote:	roegner
	Ongoing issue, ignore and do not pay ! There are some more threads on this already, you are not alone

Could there be more it ?? Some people are indeed reporting that they only use this password for EF.
That password is being quoted by the scammer.
So yeah, sure, they won't have a video of you in the nip or all of your contacts.. But they have that password and probably the associated email address. Their automated tool will now be trying those on hundreds of other sites, from paypal to banks to mail etc..

If EF has indeed been compromised, then potentially a lot people are actually at risk..
1:Many people don't use different passwords for each service.
2:Many people will have exchanged personal details via private message, these could also be exposed.

I think ADMIN should be making some statement?

[ChrisNeedsToKnow]

Was just posting this as a warning. Didn't find the other thread.


I also think that the password will now be automatically tried on many other websites. Luckily that won't get them anywhere in my case, but still.