I woke up to an email demanding $900 in bitcoin to remove malware. While I would ordinarily dismiss this as bullE36 M3 spam, they listed one of my passwords, and it was actually one of my passwords. Not from one of my banks, but certainly one of the ones that I have used in the past.
I've already locked down accounts at one bank and run a virus scan on the computer.
What else do I need to do?
The password was probably one that was leaked elsewhere, and they're bluffing. They're hoping that you'll assume they have them all and you'll pay up. Ransomware doesn't usually escalate, you wake up to a locked computer instead of an email.
Maybe use a different computer (go to a library?) and change passwords on as many accounts as you can think of.
Stop opening emails you don't recognize!
They probably hacked some dumb site that you made an account on way long ago that has bad security, and that's how they know your email + password. It's probably not malware running on your computer, but still.
That sucks.
Robbie said:
Stop opening emails you don't recognize!
They probably hacked some dumb site that you made an account on way long ago that has bad security, and that's how they know your email + password. It's probably not malware running on your computer, but still.
That sucks.
You're probably right. I never open email that I don't recognize, and this a really old password. They probably hacked some website and not my computer, but it's still scary. And annoying. And will occupy most of the vacation day that I used today.
Keith Tanner said:The password was probably one that was leaked elsewhere, and they're bluffing. They're hoping that you'll assume they have them all and you'll pay up. Ransomware doesn't usually escalate, you wake up to a locked computer instead of an email.
Thanks. Here's the result of that search. Doesn't mean much to me, but probably good to know.
Breaches you were pwned in
A "breach" is an incident where data has been unintentionally exposed to the public. Using the 1Password password manager helps you ensure all your passwords are strong and unique such that a breach of one service doesn't put your other services at risk
Anti Public Combo List (unverified): In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.
Compromised data: Email addresses, Passwords
Collection #1 (unverified): In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.
Compromised data: Email addresses, Passwords
Exploit.In (unverified): In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.
Compromised data: Email addresses, Passwords
Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.
Compromised data: Email addresses, Passwords
Pemiblanc (unverified): In April 2018, a credential stuffing list containing 111 million email addresses and passwords known as Pemiblanc was discovered on a French server. The list contained email addresses and passwords collated from different data breaches and used to mount account takeover attacks against other services. Read more about the incident.
Compromised data: Email addresses, Passwords
Scary! Good luck!
I like getting the one where they say they’re recording me watching porn. I make sure to give them an extra good show the next time.
In reply to Stampie :
Ew.
Now I have to imagine a fork to poke out my mind's eye...
I got the same thing. It was a very stale password. I ignored it.
This is a good time to remind people that reusing passwords is a very bad idea for reasons that are probably quite clear at this point. Data breaches happen, and they happen a lot. If you use MamasBoy123 for your banking as well as for ranting around StreetKiaz.com, that could be a problem. Also, your email password is your most valuable one, as that's how every site resets your password.
Password managers are a good thing. They'll help you create strong, long passwords and easily fill them. I personally use pwSafe but there are a few good options.
I got one just like that last year. They also threatened something about porn but the english was so bad I just ignored it and updated every important password I could think of.
Yup. Probably nothing. Go change every password you can think of out of an abundance of caution.
For things that matter, I have passwords that are strong. This is basically just banking, medical, retirement, and anything that has my SSN or possibly has a stored credit card #. For everything else, I have old passwords that are easy for me to remember. I really don't care if my Miata.net gets hacked.
Well known scam. I get these from time to time also.
Just do yourselves a favour and use a password manager and don't reuse passwords between sites you don't care about (the aforementioned StreetKiaz 
) and sites you do care about. Also, if you use any of the big email providers, enable two-factor authentication if they let you.
I heard streetkiaz was one of the safest websites on the net.
My bad, StreetKiaz has moved. It's basically a Facebook group now. These guys found us a few years ago (okay, 17 years ago) when we used a Kia block for the base for a 2.0 build, simply because that's what we got from the junkyard. You could smell the desperate hope that we were going to start making parts for their cars...
Gosh, Keith, if you started making parts for Kias, I'm sure you would sell ten, maybe fifteen eaches per item. Think of the money!
I get these PW things regularly. I have different emails depending on what I'm doing. One account just for forums such as here. DRH_Forums@.... It was the one that got released. I only use that address on forums, so I'm quite sure it was a forum hack that exposed it. I need to blow it away and start the next one, but at the moment, I only get these "send me 900 in bitcoin" emails and one spammer of online viagra. When it gets bad enough, I'll change the address and just stop checking that account.
Duke said:I got the same thing. It was a very stale password. I ignored it.
Same thing happened to a coworker. He knew he didn’t have any compromising photographs.
You'll need to log in to post.
