1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News 773 million credentials leaked in Collection #1 database

Discussion in 'Article Discussion' started by bit-tech, 17 Jan 2019.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    1,790
    Likes Received:
    34
    Read more
     
  2. TheMadDutchDude

    TheMadDutchDude The Flying Dutchman

    Joined:
    23 Aug 2013
    Posts:
    4,664
    Likes Received:
    506
    I got a suspicious email from someone earlier this week which actually did use one of my old passwords...

    It said something along the lines of your password is )/$/&;!477 and we know that you’ve visited 18 adult sites. We have access to your webcam access and a video of you...

    I won’t give all the details. But it was really weird that it actually had the very first password I used on that account listed.
     
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,508
    Likes Received:
    1,338
    It's not weird at all, it's the new big thing in phishing. You snag one of these massive password dumps, then you write a simple bot that emails every account on the list and says "I have hacked your account, your password is hunter2, send Bitcoin or else" - sometimes mixed in with the old "I hacked your webcam and have video of you pulling the pud, send Bitcoin or I share it with everyone," sometimes just on its own. (Sometimes they don't even bother doing that, and they just spam "I know your password" with a forged from header so it looks like they have access to your email, but they don't - you can write whatever you want in there.)

    People see a valid password, bab themselves, pay the ransom. The "hacker" hasn't hacked anything: they've literally just downloaded a leak dump from Mega or PasteBin or wherever. They certainly don't have access to your webcam. Trash the email, remember to use unique passwords everywhere, and carry on choking the chicken as much as you like.
     
    Hex, silk186, jb0 and 3 others like this.
  4. liratheal

    liratheal Sharing is Caring

    Joined:
    20 Nov 2005
    Posts:
    10,107
    Likes Received:
    561
    Me too.

    I enjoy reading them. I wonder if the comments on the 'porn' you watched are pulled from a database, or whether the different comments are traits of whoever is running that particular email scam.
     
  5. TheMadDutchDude

    TheMadDutchDude The Flying Dutchman

    Joined:
    23 Aug 2013
    Posts:
    4,664
    Likes Received:
    506
    That’s the exact style that I got, Gareth. XD
     
  6. Cheapskate

    Cheapskate Insane? or just stupid?

    Joined:
    13 May 2007
    Posts:
    10,121
    Likes Received:
    572
    As if I would leave a resource-wasting component plugged in for happy time. You should have replied and asked if they were impressed.
    @liratheal -Congrats on 10,000 posts. If Gareth keeps summoning us with his amusing off-color posts, we should hit 20,000 in no time.
     
    liratheal likes this.
  7. tristanperry

    tristanperry Active Member

    Joined:
    22 May 2010
    Posts:
    905
    Likes Received:
    38
    ... so this isn't like 'Shut Up And Dance' from Black Mirror?!

    But yeah, I've had a few of those emails too from one of my original passwords back when I used to use the same password on every site. It's thankfully not a password I've used in years so I just laughed at the email and deleted it.
     
  8. perplekks45

    perplekks45 LIKE AN ANIMAL!

    Joined:
    9 May 2004
    Posts:
    5,540
    Likes Received:
    239
    Isn't the hunter2 thing from a bash.org quote?
     
  9. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,508
    Likes Received:
    1,338
    What? All I see is *******.
     
    Hex, edzieba, jb0 and 1 other person like this.
  10. perplekks45

    perplekks45 LIKE AN ANIMAL!

    Joined:
    9 May 2004
    Posts:
    5,540
    Likes Received:
    239
    Good old times. Thanks for bringing back the memories, Big G.
     
  11. jb0

    jb0 Active Member

    Joined:
    8 Apr 2012
    Posts:
    392
    Likes Received:
    42
    I got one, and then pulled the IP address out of the mail header, did a whois, and reported the thing to his ISP in Vietnam.
    ...
    I also kept the mail, because it was hilarious.
     
  12. Mr_Mistoffelees

    Mr_Mistoffelees The Lunatic on the Grass.

    Joined:
    26 Aug 2014
    Posts:
    1,591
    Likes Received:
    229
    My wife had one of those a few weeks ago. That neither of us has either a webcam or a microphone on our PCs didn't help their chances of snagging any Bitcoin.
     
    jb0 likes this.
  13. Mr_Mistoffelees

    Mr_Mistoffelees The Lunatic on the Grass.

    Joined:
    26 Aug 2014
    Posts:
    1,591
    Likes Received:
    229
    Further to the above, can anyone recommend an easy to use, reliable password manager?
     
  14. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,508
    Likes Received:
    1,338
    I used to use, and quite liked, LastPass, then they had one too many security breaches for my liking and I switched to the Mooltipass Mini hardware password safe, which I've been using ever since.

    If you're after a software-based one, though, Troy Hunt of Have I Been Pwned fame recommends 1Password - it's integrated with his service, so it can warn you if any of the passwords you're using have been the subject of a known breach (in a clever way that means that neither Troy nor 1Password ever know what those passwords are.)
     
    Mr_Mistoffelees likes this.
  15. Mr_Mistoffelees

    Mr_Mistoffelees The Lunatic on the Grass.

    Joined:
    26 Aug 2014
    Posts:
    1,591
    Likes Received:
    229
    Thanks Gareth.
     
  16. perplekks45

    perplekks45 LIKE AN ANIMAL!

    Joined:
    9 May 2004
    Posts:
    5,540
    Likes Received:
    239
    I use KeePass and I know a few companies that use it as well.
     
    wolfticket likes this.
  17. silk186

    silk186 Canadian

    Joined:
    1 Dec 2014
    Posts:
    1,253
    Likes Received:
    53
    I use LastPass and it is very convenient and synces to my phone.
    Every site has a different random password.
    Secure sites use 2FA
     
    yuusou likes this.
  18. Hex

    Hex Paul?! Super Moderator

    Joined:
    11 Jan 2002
    Posts:
    4,064
    Likes Received:
    89
    I've had a few of those, as have my friends. The best thing is how they almost always describe you as "sick" for the type of porn you watch, but then later say you have good taste :hehe:

    I can see how people get freaked out by those emails, they are a bit scary. However, I don't go to porn sites, I don't have a webcam and they always refer to email addresses and passwords I haven't used in about 20yrs...
     
    TheMadDutchDude likes this.
  19. faugusztin

    faugusztin I *am* the guy with two left hands

    Joined:
    11 Aug 2008
    Posts:
    6,824
    Likes Received:
    245
    Keepass with database file synced to one of the cloud drives. Thus the database is kept up to date on any device, it is protected with password, has plugin for every browser and there are clients for pretty much every platform (personally using it on Windows, Android and mac OS).
     
  20. MLyons

    MLyons Half dev, Half doge. Staff Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    2,432
    Likes Received:
    752
    Think I may switch from lastpass to 1Password. Especially with the Have I Been Pwned integration.
     
Tags: Add Tags

Share This Page