login   |    register
Site Talk
Site announcements, comments, or feedback about the site.
Hacked
ACESES5
Visit this Community
Indiana, United States
Joined: April 04, 2010
KitMaker: 71 posts
Armorama: 26 posts
Posted: Monday, December 03, 2018 - 12:15 PM UTC
I am going to not post here for a month or two my account was hacked I have received 2 emails from someone saying he had my password. I changed it so if anything shows up with my name ignor it's not me. See you all later ACESES5
RobinNilsson
Staff MemberTOS Moderator
KITMAKER NETWORK
Visit this Community
Stockholm, Sweden
Joined: November 29, 2006
KitMaker: 4,695 posts
Armorama: 3,969 posts
Posted: Monday, December 03, 2018 - 11:06 PM UTC
I have heard a similar story before, from another user of this forum.
Make sure that you change your password and DO NOT use the same password on different sites since that only makes it easier for hackers.
Did the email suggest that you take any actions? Sometimes they try to scare people into doing something stupid.
"WARNING! Your account at xyz-site has been hacked and your password stolen. Use this recovery link, link/to/bogus/web-site.crime, to recover your passwords."

Almost nobody falls for this trick but if they are able to fool say 5% they have still fooled a large number of people.
/ Robin
staff_Jim
Staff MemberPublisher
KITMAKER NETWORK
#002
Visit this Community
New Hampshire, United States
Joined: December 15, 2001
KitMaker: 12,434 posts
Armorama: 6,570 posts
Posted: Tuesday, December 04, 2018 - 03:52 AM UTC
Hi Mark (and everyone),
I am sorry you were targeted with one of these emails. Our database has been breached in the past and there is not much chance it is not going to get breached in the future either. Here is a list of companies that got hacked in 2018...

https://www.businessinsider.com/data-breaches-2018-4#best-buy-7

And they have tech staffs in the 100s most likely so it's not like me (one guy) is going to create a hack-proof site.

As to how they got your password it's also pretty simple. Once they hack a database and get all the encrypted passwords they run them through a reverse database of encryptions. So even passwords like 'gandalf1458' for example will be easy for them to decrypt. This is why hardly ANY large corporate site with data like credit card info or banking access is not doing dual login verification. People are simply not choosing complex enough passwords for their accounts. Multiple special characters ($%*#) are highly advisable and the longer the better. Many of my accounts use passwords like 6fX#si8-4sZ4QasU6% and I store them in a secured text file.

The emails that hackers are sending out to people are a bit laughable though. Here is one:


Quoted Text



I greet you!

I have bad news for you.
07/08/2018 - on this day I hacked your operating system and got full access to your account jim@silver-star.net
On that day your account (jim@silver-star.net) password was: test1234

It is useless to change the password, my malware intercepts it every time.

How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I'm talking about sites for adults.

I want to say - you are a big pervert. You have unbridled fantasy!

After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.

I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $901 is a very small amount for my silence.
Besides, I spent a lot of time on you!

I accept money only in Bitcoins.
My BTC wallet: 12ziVv4aQkZTA1gj86Y9uYQByG4CcdVcTA

You do not know how to replenish a Bitcoin wallet?
In any search engine write "how to send money to btc wallet".
It's easier than send money to a credit card!

For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!

After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys".

I want you to be prudent.
- Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
This is a hacker code of honor.

From now on, I advise you to use good antiviruses and update them regularly (several times a day)!

Don't be mad at me, everyone has their own work.
Farewell.





Again sorry for any worries. He hasn't hacked your PC or put malware on your PC.

Also this isn't just happening here, it's going on with literally every site on the net. This has been a national news story on one network recently specifically regarding emails like the one above.

Best wishes,
Jim
MikeyBugs95
Visit this Community
New York, United States
Joined: May 27, 2013
KitMaker: 2,195 posts
Armorama: 1,697 posts
Posted: Wednesday, December 05, 2018 - 08:15 AM UTC
I've gotten those emails too. You're account hasn't actually been hacked. Change your password for your emails and whatever other passwords you want to change and you should be fine.
brekinapez
Visit this Community
Georgia, United States
Joined: July 26, 2013
KitMaker: 1,673 posts
Armorama: 1,450 posts
Posted: Wednesday, December 05, 2018 - 09:11 AM UTC

Quoted Text

I've gotten those emails too. You're account hasn't actually been hacked. Change your password for your emails and whatever other passwords you want to change and you should be fine.


Quoted Text

put quote text here



I received two of those long ones (different wording but basically the same) a week apart. I ignored them and nothing came of it. It is what is called, "scareware"; that is they are trying to scare ignorant people into sending money for nothing.

The chicks are free.
Frenchy
Visit this Community
Rhone, France
Joined: December 02, 2002
KitMaker: 11,746 posts
Armorama: 11,542 posts
Posted: Wednesday, December 05, 2018 - 10:36 AM UTC
https://www.theregister.co.uk/2018/07/13/hacker_extortion_scam/

https://techcrunch.com/2018/07/12/ransomware-technique-uses-your-real-passwords-to-trick-you/?guccounter=1

https://www.techlicious.com/blog/is-the-porn-blackmail-scam-real/

In the two emails I have received, the wise guys used my callsign, not my password. In both cases they were ill-informed...I don't have any webcam

H.P.
drabslab
Visit this Community
European Union
Joined: September 28, 2004
KitMaker: 2,149 posts
Armorama: 179 posts
Posted: Thursday, December 06, 2018 - 08:01 PM UTC

Quoted Text



And they have tech staffs in the 100s most likely so it's not like me (one guy) is going to create a hack-proof site.

Best wishes,
Jim



I agree, its very difficult to be completely fail safe but there are some measures that could help a lot:

for instance, upgrade to PHP 7.x instead of the outdated version 5.3.29.

and implement oauth/openid which moves some of the security worries to the large companies such as Microsoft and Google that can afford those hundreds of dedicated IT staff.
sherb
Visit this Community
New York, United States
Joined: August 25, 2004
KitMaker: 670 posts
Armorama: 322 posts
Posted: Tuesday, February 05, 2019 - 08:31 AM UTC
Just thought I'd bounce this thread back up to the top. Today I found a similar email to the one Jim posted in this thread on December 4th, in my spam mail folder.

The email I got said they know I use _____ as a password. Which happens to be the password I use for this site. Obviously, I've since changed it.

They must be having a hard time getting people to pay the $900 in bitcoin because my price for their silence dropped to $800 and change

I know it's a scam but seeing this thread helped put my mind at ease.
CReading
#001
Visit this Community
California, United States
Joined: February 09, 2002
KitMaker: 1,706 posts
Armorama: 880 posts
Posted: Tuesday, February 05, 2019 - 11:33 AM UTC
I've received several of these types of 'scareware' emails. I don't have a webcam and "sites for adults" don't hold any interest for me so right away I was suspicious. I changed passwords (they weren't the password I use on this site) and ignored the emails. Haven't heard back from the hacker.

Cheers,
C.
Buckeyes57
Visit this Community
Ohio, United States
Joined: September 14, 2010
KitMaker: 123 posts
Armorama: 121 posts
Posted: Tuesday, February 05, 2019 - 12:00 PM UTC
I got one of these also, too bad I do not have a camera set up.