Another site hacked...

[jimbouk]

...but I don't know which one!

So after a little while of getting those annoying spam emails saying your password is "something it isn't", I got one with an old password just used for a few unimportant websites. They managed to completely spoof the email header to make it look like it came from me. TSO host live chat confirmed that it was just spoofed so panic over, emails not comprised. Password yet to appear on the have I been pwned site.

Hoping for an email with an apology from some random website I haven't used for a few years. I think I just need to be more careful about where I use my actual email address rather than about passwords! Anyone else had this?

[Andeh13]

Have you checked... https://haveibeenpwned.com/


Worth a check. Linkedin lost all my private info & that cost me my Netflix account to someone in Peru! Pain getting that all unpicked & reset. Ive
Dismantled 90% of my linkedin in account as a result.

[peterb]

I had one of those last week - was quite disturbing and included a spurious blackmail threat - fortunately for something I have never done! 24 hours later a warning e mail from a site I only vaguely remember visiting years ago (can’t think why - something to do with geomapping) and the email/password combination matched.

This was in the days before I started using unique disposable e mail addresses for online sites.

[badass]

I had one of those last week - was quite disturbing and included a spurious blackmail threat - fortunately for something I have never done! 24 hours later a warning e mail from a site I only vaguely remember visiting years ago (can’t think why - something to do with geomapping) and the email/password combination matched.

This was in the days before I started using unique disposable e mail addresses for online sites.

I bet we had the same type of threat. I saw the email, laughed and checked the bitcoin address that the ransoms were to be directed to. At the time it looked like the campaign hadn't been successful.

[peterb]

I bet we had the same type of threat. I saw the email, laughed and checked the bitcoin address that the ransoms were to be directed to. At the time it looked like the campaign hadn't been successful.

Quite possibly - mine was to do with activities that apparently some people do when visiting certain types of web site .

But given the relatively narrow field of view of most webcams - if they had got the photos they claimed, I would have been quite flattered! (although anatomically impossible!)

[scaryjim]

There appear to have been a couple of massive leaks of passwords recently. I've got a really bad password reuse habit, so I was momentarily concerned (not about the blackmail threat, but about the risk that they had a live email and password combination) until I noticed that the email was sent to an address I haven't used for about 7 years.

Of course, it means I've now had to change the password on quite a few services, which is always a pain when you use their mobile apps etc....

[peterb]

Of course, it means I've now had to change the password on quite a few services, which is always a pain when you use their mobile apps etc....

But generally a good thing to do!

[spacein_vader]

But generally a good thing to do!

This.

Keepass (or a similar password manager,) is your friend too.

[jimbouk]

Yeah, need a password manager or something. Was thinking about updating a load of passwords on junk sites to a new 'bad' password but then thought what if one of those were currently insecure. Think I'll just move more things to use my Hotmail and worry less!

Should have kept a track of those GDPR emails to see how many accounts I had kicking around. Weren't as many as I thought the would be at the time.

[AGTDenton]

...but I don't know which one!

So after a little while of getting those annoying spam emails saying your password is "something it isn't", I got one with an old password just used for a few unimportant websites. They managed to completely spoof the email header to make it look like it came from me. TSO host live chat confirmed that it was just spoofed so panic over, emails not comprised. Password yet to appear on the have I been pwned site.

Hoping for an email with an apology from some random website I haven't used for a few years. I think I just need to be more careful about where I use my actual email address rather than about passwords! Anyone else had this?

Are you a Rust player or signed up to Facepunch's forums/services?
They are my most recent hack.

[Fahad78]

For added security use a password manager like BitWarden or KeePass, keep every password different and complex.