Sextortion with actual password not found in leaksCan people let me know why this command was ran and why he typed "network hacked…clampi foundFound scam site that tricks you into giving them more contact info to remove your existing public infoMessage telling me that I bought something with credit cardSent text by bank I don’t have an account with- Is this a scam?Email from a hacker with my passwordI entered my password in a possible scam website. What should I do?Hacker used my account to place an order, but not my credit card. Why?Why would a scammer not reply with the same email?

Sextortion with actual password not found in leaks

Can GPL and BSD licensed applications be used for government work?

Navigating the multiverse of bifurcated parallel realities

I have a domain, static IP address and many devices I'd like to access outside my house. How do I route them?

How may I shorten this shell script?

What's the explanation for this joke about a three-legged dog that walks into a bar?

How could an engineer advance human civilization by time traveling to the past?

Extrapolation v. Interpolation

Why are MEMS in QFN packages?

How important is a good quality camera for good photography?

Character Frequency in a String

Other than a swing wing, what types of variable geometry have flown?

Are glider winch launches rarer in the USA than in the rest of the world? Why?

Company requiring me to let them review research from before I was hired

Can a character with a low Intelligence score take the Ritual Caster feat and choose the Wizard class?

How to write a sincerely religious protagonist without preaching or affirming or judging their worldview?

Why must API keys be kept private?

What the purpose of the fuel shutoff valve?

How can I deal with someone that wants to kill something that isn't supposed to be killed?

Historicity doubted by Romans

how to add 1 milliseconds on a datetime string?

Idioms: Should it be " the internet is a seemingly infinite well of information" or "the internet is a seemingly infinite wealth of information"

What was the rationale behind 36 bit computer architectures?

USA: Can a witness take the 5th to avoid perjury?



Sextortion with actual password not found in leaks


Can people let me know why this command was ran and why he typed "network hacked…clampi foundFound scam site that tricks you into giving them more contact info to remove your existing public infoMessage telling me that I bought something with credit cardSent text by bank I don’t have an account with- Is this a scam?Email from a hacker with my passwordI entered my password in a possible scam website. What should I do?Hacker used my account to place an order, but not my credit card. Why?Why would a scammer not reply with the same email?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).



That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?










share|improve this question
























  • Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.

    – John Dvorak
    9 hours ago






  • 1





    I don't see how this relates to the question.

    – user32849
    9 hours ago






  • 2





    No breach site can ever claim to be complete.

    – schroeder
    9 hours ago











  • Do you know where this password came from?

    – schroeder
    9 hours ago











  • Unfortunately not.

    – user32849
    9 hours ago

















3















I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).



That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?










share|improve this question
























  • Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.

    – John Dvorak
    9 hours ago






  • 1





    I don't see how this relates to the question.

    – user32849
    9 hours ago






  • 2





    No breach site can ever claim to be complete.

    – schroeder
    9 hours ago











  • Do you know where this password came from?

    – schroeder
    9 hours ago











  • Unfortunately not.

    – user32849
    9 hours ago













3












3








3








I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).



That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?










share|improve this question
















I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).



That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?







scam






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 9 hours ago







user32849

















asked 9 hours ago









user32849user32849

1164 bronze badges




1164 bronze badges












  • Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.

    – John Dvorak
    9 hours ago






  • 1





    I don't see how this relates to the question.

    – user32849
    9 hours ago






  • 2





    No breach site can ever claim to be complete.

    – schroeder
    9 hours ago











  • Do you know where this password came from?

    – schroeder
    9 hours ago











  • Unfortunately not.

    – user32849
    9 hours ago

















  • Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.

    – John Dvorak
    9 hours ago






  • 1





    I don't see how this relates to the question.

    – user32849
    9 hours ago






  • 2





    No breach site can ever claim to be complete.

    – schroeder
    9 hours ago











  • Do you know where this password came from?

    – schroeder
    9 hours ago











  • Unfortunately not.

    – user32849
    9 hours ago
















Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.

– John Dvorak
9 hours ago





Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.

– John Dvorak
9 hours ago




1




1





I don't see how this relates to the question.

– user32849
9 hours ago





I don't see how this relates to the question.

– user32849
9 hours ago




2




2





No breach site can ever claim to be complete.

– schroeder
9 hours ago





No breach site can ever claim to be complete.

– schroeder
9 hours ago













Do you know where this password came from?

– schroeder
9 hours ago





Do you know where this password came from?

– schroeder
9 hours ago













Unfortunately not.

– user32849
9 hours ago





Unfortunately not.

– user32849
9 hours ago










1 Answer
1






active

oldest

votes


















7














While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.






share|improve this answer























  • Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.

    – Polynomial
    1 hour ago













Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214048%2fsextortion-with-actual-password-not-found-in-leaks%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









7














While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.






share|improve this answer























  • Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.

    – Polynomial
    1 hour ago















7














While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.






share|improve this answer























  • Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.

    – Polynomial
    1 hour ago













7












7








7







While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.






share|improve this answer













While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.







share|improve this answer












share|improve this answer



share|improve this answer










answered 9 hours ago









john doejohn doe

735 bronze badges




735 bronze badges












  • Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.

    – Polynomial
    1 hour ago

















  • Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.

    – Polynomial
    1 hour ago
















Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.

– Polynomial
1 hour ago





Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.

– Polynomial
1 hour ago

















draft saved

draft discarded
















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214048%2fsextortion-with-actual-password-not-found-in-leaks%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單