Posted May 26, 2019 Someone stole my password for this forum, and I'm afraid they may have stolen other people's as well. I received an email that included my password for this forum. As in, my password was in the title and in the text of the email. No, it's not a "word" that could have gotten there randomly. The email says it's a password of mine (correct) but does not name this site or my username. No, I don't use the password on any other sites. No, I didn't tell it to anyone. That's why I think someone hacked into the password storage of this forum. Of course I promptly changed my password, and I am quite sure there is no keylogger on my computer. It does not look like anyone logged into my account. The email is trying to get money ("send me money or I'll tell all your contacts something embarassing"). I'm not sending money, I'm not replying to it or following any links, and what they will "tell" is made up anyway--they gave enough details for me to be sure they are making it up. Just wanted to warn folks, in case other passwords were stolen as well. --Nat Share this post Link to post
Posted May 26, 2019 I received the same 'blackmail' email attempt a few months ago, it's becoming more common as more data breaches occur and information is sold or shared repeatedly. The blackmailer generally doesn't know which site the password was used for, which is why they don't name your username or anything else that matches you. However all the people I know who got the same kind of email were hit by old and publicly known data breaches. For example the password they named to me was totally legit but was from a site that I hadn't used in over a decade and well before I played DC. How long did you use that specific password for? I'm curious if it's an old one or if you changed to it recently before it was discovered, could help set a timeline. Have you tried contacting the site owner as well? @TJ09 just in case Share this post Link to post
Posted May 26, 2019 I get these all the time. A lot of the time it's not even a current password. It's also just an automated bot sending them in various levels of broken english and different phrasing. Best thing to do is ignore them; you're good. Share this post Link to post
Posted May 26, 2019 If you haven't changed your forum password since 2017, this is expected, given there was a known security issue with the forums and everyone was strongly urged at that time to change their password. Share this post Link to post
Posted May 26, 2019 (edited) This site may or may not be able to tell you around what time your email/password combo was leaked where (it'll only ask for the email address used so it can query its database) : https://haveibeenpwned.com/ (though chances are that it's been rotating through dealers for too long to tell - my OLD forum mail/password was in that big Collection #1 pile, too) Edited May 26, 2019 by Ruby Eyes Share this post Link to post
Posted May 26, 2019 Thanks, everyone. No, I don't know when I last changed my password, but it might indeed have been before 2017. In that case, I guess this is just a warning to anyone else with an equally old password to change it :) --Nat Share this post Link to post
Posted May 26, 2019 Also, I guess, to pay attention to warnings in the news forum... Share this post Link to post
.gif)
Recommended Posts