Have I been hacked here?

**Fred Bloggs** · 15 August 2018, 11:36

Originally posted by Slawb View Post

Are you 100% sure that CUK is the ONLY place you use that password? There are various emails going around at the moment which are using
passwords linked to accounts with your email address that have been leaked. I've had a few myself quoting old passwords.

https://haveibeenpwned.com/

Pop your email, or any usernames, in here and it'll tell you whether your email/username is part of any breaches where passwords have been posted online.

Thanks, previously I used the password at CUK and LinkedIn. It is pretty clear the password came from the LinkedIn data breach mentioned in this thread. I long since changed my password and switched on two factor verification there. I didn't change my CUK password till recently.

**northernladuk** · 19 October 2018, 13:21

Originally posted by administrator View Post

Cheers for the heads up NAT, only just seen your PM. I have had a couple of these come through recently:

The desire to watch porn died with my boyish good looks and the elasticity of my sack so I know it's a scam. Plus I never use that six digit unsecure password any more. The one site that I know of that was hacked that used that email and password combo was LinkedIn - are you sure you didn't have the same combo on there, Fred? Go to Have I Been Pwned: Check if your email has been compromised in a data breach and see what sites your email address was grabbed from, some of the email addresses I use online have been grabbed from a big collection of 711 million record cache found on a server in the Netherlands, if yours is in that dump then it could have been got from here.

As others have said, this site definitely doesn't have plain text passwords - but the encryption is easy to bust so if someone got the DB then your details could have been nabbed.

Hand on heart I have never seen a full on break in to the forum in the whole time that I have hosted it. I have had a couple of client sites (Wordpress) that only had the admin accounts on them zipped up and downloaded via WeShare or some other tulipe. Usually there are tell-tale signs when you are hackable, some will just pinch all the details but others will run spam through the server or use it to host DoS attacks etc, so when you are that vulnerable you tend to get hit more than once, I have never seen anything like this with the forum. Nothing ever written to the filesystem, no amended files etc. So while I am not saying that the DB hasn't been pinched at some time I am not aware of it ever having happened or I would have told you about it, to secure your passwords if nothing else. They do say the best hackers leave no trace though...

I have all the sites I run in Git repos and every so often I download the production sites over the top and run git status to see if any of the files have changed and to put user generated content in to the repo as a back up method. Like I said, nothing on the forum has led me to believe it has been compromised at any time.

Subject: MyName - ******

I am well aware ****** one of your password. Lets get straight to the purpose. Not one person has compensated me to investigate about you. You do not know me and you are probably thinking why you are getting this mail?

In fact, I installed a software on the X video clips (porn) web site and there's more, you visited this website to experience fun (you know what I mean). While you were viewing videos, your internet browser began working as a Remote Desktop with a key logger which provided me accessibility to your display screen as well as webcam. Immediately after that, my software program gathered every one of your contacts from your Messenger, Facebook, as well as e-mailaccount. Next I made a double video. 1st part displays the video you were viewing (you've got a nice taste : )), and 2nd part shows the recording of your web cam, yea it is u.

You have not one but two options. We will read up on each of these choices in details:

1st option is to neglect this email. In this situation, I most certainly will send your actual tape to each of your your contacts and also visualize concerning the shame you will definitely get. And definitely in case you are in an affair, just how it will certainly affect?

Latter choice will be to give me $6000. Let us refer to it as a donation. As a result, I most certainly will immediately erase your videotape. You will continue on with your daily life like this never happened and you would never hear back again from me.

You will make the payment via Bitcoin (if you do not know this, search for "how to buy bitcoin" in Google search engine).

BTC Address: 196V1q5ewBcDxTfeiTGdbQYBtNZWseM7g5
[case-SENSITIVE, copy and paste it]

In case you are looking at going to the police, okay, this email cannot be traced back to me. I have dealt with my moves. I am also not looking to charge you so much, I just want to be rewarded. I've a unique pixel within this email, and at this moment I know that you have read this email message. You now have one day to pay. If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including close relatives, coworkers, and so on. However, if I do get paid, I will erase the recording right away. It's a non-negotiable offer that being said please do not waste my personal time & yours by responding to this message. If you really want proof, reply with Yup! then I definitely will send your video recording to your 12 contacts.=

I've just found this exact one in my spam box from 6 days ago myself. My blood ran cold when I saw the title and first few lines of the mail but thankfully as I read it I realized it was exactly the same word for word as this one. Still very scary for a moment. Even if I hadn't there are too many untruths in the mail for it to be believable really.

Just spent a bit of time going through all my roboform logins (100+ of them!!) and I do have a couple of older throwaway accounts that I used the same PWD and haven't changed since. Sign up, check it and never go back type stuff. Shell account, Hendenmob and the like so not critical. It was my old Linkedin one as well but I changed it at the time of the hack.

Still, that's my task for the rest of the afternoon.

**mudskipper** · 20 October 2018, 11:36

I got one today

"I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!"

That's not what my husband says.

**northernladuk** · 20 October 2018, 14:35

Originally posted by mudskipper View Post

I got one today

"I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!"

That's not what my husband says.

I believe that though

**BR14** · 20 October 2018, 18:44

Originally posted by mudskipper View Post

I got one today

"I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!"

That's not what my husband says.

was it from 'Natasha gagginfurashagovich'?
had a few of them

Have I been hacked here?

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Have I been hacked here?

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud