login   |    register
Site Talk
Site announcements, comments, or feedback about the site.
Hacked
ACESES5
Visit this Community
Indiana, United States
Joined: April 04, 2010
KitMaker: 71 posts
Armorama: 26 posts
Posted: Monday, December 03, 2018 - 12:15 PM UTC
I am going to not post here for a month or two my account was hacked I have received 2 emails from someone saying he had my password. I changed it so if anything shows up with my name ignor it's not me. See you all later ACESES5
RobinNilsson
Staff MemberTOS Moderator
KITMAKER NETWORK
Visit this Community
Stockholm, Sweden
Joined: November 29, 2006
KitMaker: 5,296 posts
Armorama: 4,476 posts
Posted: Monday, December 03, 2018 - 11:06 PM UTC
I have heard a similar story before, from another user of this forum.
Make sure that you change your password and DO NOT use the same password on different sites since that only makes it easier for hackers.
Did the email suggest that you take any actions? Sometimes they try to scare people into doing something stupid.
"WARNING! Your account at xyz-site has been hacked and your password stolen. Use this recovery link, link/to/bogus/web-site.crime, to recover your passwords."

Almost nobody falls for this trick but if they are able to fool say 5% they have still fooled a large number of people.
/ Robin
staff_Jim
Staff MemberPublisher
KITMAKER NETWORK
#002
Visit this Community
New Hampshire, United States
Joined: December 15, 2001
KitMaker: 12,448 posts
Armorama: 6,570 posts
Posted: Tuesday, December 04, 2018 - 03:52 AM UTC
Hi Mark (and everyone),
I am sorry you were targeted with one of these emails. Our database has been breached in the past and there is not much chance it is not going to get breached in the future either. Here is a list of companies that got hacked in 2018...

https://www.businessinsider.com/data-breaches-2018-4#best-buy-7

And they have tech staffs in the 100s most likely so it's not like me (one guy) is going to create a hack-proof site.

As to how they got your password it's also pretty simple. Once they hack a database and get all the encrypted passwords they run them through a reverse database of encryptions. So even passwords like 'gandalf1458' for example will be easy for them to decrypt. This is why hardly ANY large corporate site with data like credit card info or banking access is not doing dual login verification. People are simply not choosing complex enough passwords for their accounts. Multiple special characters ($%*#) are highly advisable and the longer the better. Many of my accounts use passwords like 6fX#si8-4sZ4QasU6% and I store them in a secured text file.

The emails that hackers are sending out to people are a bit laughable though. Here is one:


Quoted Text



I greet you!

I have bad news for you.
07/08/2018 - on this day I hacked your operating system and got full access to your account [email protected]
On that day your account ([email protected]) password was: test1234

It is useless to change the password, my malware intercepts it every time.

How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I'm talking about sites for adults.

I want to say - you are a big pervert. You have unbridled fantasy!

After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.

I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $901 is a very small amount for my silence.
Besides, I spent a lot of time on you!

I accept money only in Bitcoins.
My BTC wallet: 12ziVv4aQkZTA1gj86Y9uYQByG4CcdVcTA

You do not know how to replenish a Bitcoin wallet?
In any search engine write "how to send money to btc wallet".
It's easier than send money to a credit card!

For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!

After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys".

I want you to be prudent.
- Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
This is a hacker code of honor.

From now on, I advise you to use good antiviruses and update them regularly (several times a day)!

Don't be mad at me, everyone has their own work.
Farewell.





Again sorry for any worries. He hasn't hacked your PC or put malware on your PC.

Also this isn't just happening here, it's going on with literally every site on the net. This has been a national news story on one network recently specifically regarding emails like the one above.

Best wishes,
Jim
MikeyBugs95
Visit this Community
New York, United States
Joined: May 27, 2013
KitMaker: 2,207 posts
Armorama: 1,709 posts
Posted: Wednesday, December 05, 2018 - 08:15 AM UTC
I've gotten those emails too. You're account hasn't actually been hacked. Change your password for your emails and whatever other passwords you want to change and you should be fine.
brekinapez
Visit this Community
Georgia, United States
Joined: July 26, 2013
KitMaker: 1,874 posts
Armorama: 1,604 posts
Posted: Wednesday, December 05, 2018 - 09:11 AM UTC

Quoted Text

I've gotten those emails too. You're account hasn't actually been hacked. Change your password for your emails and whatever other passwords you want to change and you should be fine.


Quoted Text

put quote text here



I received two of those long ones (different wording but basically the same) a week apart. I ignored them and nothing came of it. It is what is called, "scareware"; that is they are trying to scare ignorant people into sending money for nothing.

The chicks are free.
Frenchy
Visit this Community
Rhone, France
Joined: December 02, 2002
KitMaker: 12,188 posts
Armorama: 11,978 posts
Posted: Wednesday, December 05, 2018 - 10:36 AM UTC
https://www.theregister.co.uk/2018/07/13/hacker_extortion_scam/

https://techcrunch.com/2018/07/12/ransomware-technique-uses-your-real-passwords-to-trick-you/?guccounter=1

https://www.techlicious.com/blog/is-the-porn-blackmail-scam-real/

In the two emails I have received, the wise guys used my callsign, not my password. In both cases they were ill-informed...I don't have any webcam

H.P.
drabslab
Visit this Community
European Union
Joined: September 28, 2004
KitMaker: 2,156 posts
Armorama: 181 posts
Posted: Thursday, December 06, 2018 - 08:01 PM UTC

Quoted Text



And they have tech staffs in the 100s most likely so it's not like me (one guy) is going to create a hack-proof site.

Best wishes,
Jim



I agree, its very difficult to be completely fail safe but there are some measures that could help a lot:

for instance, upgrade to PHP 7.x instead of the outdated version 5.3.29.

and implement oauth/openid which moves some of the security worries to the large companies such as Microsoft and Google that can afford those hundreds of dedicated IT staff.
sherb
Visit this Community
New York, United States
Joined: August 25, 2004
KitMaker: 685 posts
Armorama: 327 posts
Posted: Tuesday, February 05, 2019 - 08:31 AM UTC
Just thought I'd bounce this thread back up to the top. Today I found a similar email to the one Jim posted in this thread on December 4th, in my spam mail folder.

The email I got said they know I use _____ as a password. Which happens to be the password I use for this site. Obviously, I've since changed it.

They must be having a hard time getting people to pay the $900 in bitcoin because my price for their silence dropped to $800 and change

I know it's a scam but seeing this thread helped put my mind at ease.
CReading
#001
Visit this Community
California, United States
Joined: February 09, 2002
KitMaker: 1,706 posts
Armorama: 880 posts
Posted: Tuesday, February 05, 2019 - 11:33 AM UTC
I've received several of these types of 'scareware' emails. I don't have a webcam and "sites for adults" don't hold any interest for me so right away I was suspicious. I changed passwords (they weren't the password I use on this site) and ignored the emails. Haven't heard back from the hacker.

Cheers,
C.
Buckeyes57
Visit this Community
Ohio, United States
Joined: September 14, 2010
KitMaker: 125 posts
Armorama: 123 posts
Posted: Tuesday, February 05, 2019 - 12:00 PM UTC
I got one of these also, too bad I do not have a camera set up.
M_Wittmann
Visit this Community
Cluj, Romania
Joined: August 25, 2005
KitMaker: 42 posts
Armorama: 41 posts
Posted: Friday, April 26, 2019 - 07:36 AM UTC
It has happened to me too. Basically the same message with the same money request and warnings. But just like Henry Pierre, I don't have a webcam, so I figured out it was a scam. I guess I will have to change the password for armorama.
ayovtshev
#490
Visit this Community
Sofiya, Bulgaria
Joined: September 22, 2016
KitMaker: 1,075 posts
Armorama: 1,035 posts
Posted: Friday, April 26, 2019 - 07:51 AM UTC
Found the same e-mail in my Spam folder today.
Poor guys, they'll starve to death, if they expect me to "feed" them.

My laptop has serial webcamera and an add-on from me (Tamiya masking paper).

petbat
Visit this Community
Queensland, Australia
Joined: August 06, 2005
KitMaker: 2,297 posts
Armorama: 2,160 posts
Posted: Friday, April 26, 2019 - 08:40 AM UTC

Quoted Text



My laptop has serial webcamera and an add-on from me (Tamiya masking paper).




Low tech solution, but lets see them hack their way around that!

I never use the same password for any two accounts, and never save them to the PC. I always punch them in every time. It helps me keep my brain active, keeping them all sorted, especially the important ones, as they are gibberish with symbols etc.


Maybe that is why I haven't had one of these spam emails, but I keep winning millions of $'s that I never collect... and I'm still waiting for the Federal Police to come arrest me for 'unpaid' fines - a bit concerning as they were apparently 5 minutes away, months ago. I hope the Feds didn't have an accident.
RobinNilsson
Staff MemberTOS Moderator
KITMAKER NETWORK
Visit this Community
Stockholm, Sweden
Joined: November 29, 2006
KitMaker: 5,296 posts
Armorama: 4,476 posts
Posted: Friday, April 26, 2019 - 09:51 AM UTC
Maybe the Feds were using a hacked GPS which keeps on sending them on the wrong way ...
brekinapez
Visit this Community
Georgia, United States
Joined: July 26, 2013
KitMaker: 1,874 posts
Armorama: 1,604 posts
Posted: Friday, April 26, 2019 - 11:03 AM UTC

Quoted Text

Maybe the Feds were using a hacked GPS which keeps on sending them on the wrong way ...



Or the unpatched iPhone app.
HARV
#012
Visit this Community
Wyoming, United States
Joined: November 07, 2003
KitMaker: 2,962 posts
Armorama: 1,161 posts
Posted: Sunday, June 16, 2019 - 03:04 AM UTC
I just received an e-mail stating that someone knows my password, and they did have my password for this site, and to send them bitcoin money or they would post compromising photos of me. Well, that part isn't possible but they do have my password. Luckily I don't use the password for this site anywhere else.

Anyway, just letting everyone know that they are out there and are getting our passwords somehow.

Randy
RadekZ
Visit this Community
Warszawa, Poland
Joined: March 12, 2013
KitMaker: 123 posts
Armorama: 36 posts
Posted: Sunday, June 16, 2019 - 05:52 PM UTC
Hello guys,

just for your information - there's a very good website that provides information when, where and what was compromised regarding your accounts on various websites etc.
It's called Have I been pwned .

And as for email many of us got some mutation of this message - it's just a scam that uses one of the leaked addresses/passwords database from one of data breaches.

If you change a password on particular website you are pretty much safe from hacker (until next data breach ).

Cheers,
Radek

PS. Yes, I've been "pwned" too, 5 times, got scam mail few months ago, and no... nothing happened ... secret video recorded on non-existent webcam on my pc was not shared with my friends
brekinapez
Visit this Community
Georgia, United States
Joined: July 26, 2013
KitMaker: 1,874 posts
Armorama: 1,604 posts
Posted: Monday, June 17, 2019 - 08:34 AM UTC
My only uncompromised email was my work email from the high school I was at last. It was an internal system, and definitely not a high-profile target for a hacker, but it was certainly more secure than Comcast, Hotmail, AT&T, or one of the main insurance providers for the Georgia state government.
babaoriley
Visit this Community
California, United States
Joined: June 23, 2017
KitMaker: 180 posts
Armorama: 164 posts
Posted: Monday, June 17, 2019 - 09:23 AM UTC
Are you guys sure this is a scam? I suppose next you'll be telling me that Nigerian prince isn't really going to deposit five million dollars in my bank account for which I just wired only a couple of thousand bucks to cover handling fees. People are so cynical these days.
brekinapez
Visit this Community
Georgia, United States
Joined: July 26, 2013
KitMaker: 1,874 posts
Armorama: 1,604 posts
Posted: Monday, June 17, 2019 - 10:21 AM UTC

Quoted Text

Are you guys sure this is a scam? I suppose next you'll be telling me that Nigerian prince isn't really going to deposit five million dollars in my bank account for which I just wired only a couple of thousand bucks to cover handling fees. People are so cynical these days.



Oh, yes, this is the scam.

In the real one the guy has also hacked into your favorite grocer's app and knows all your guilty-pleasure snacks, which info he will sell to pop-up marketers if you don't pay up, bub.