Sextortion with actual password not found in leaksCan people let me know why this command was ran and why he typed "network hacked…clampi foundFound scam site that tricks you into giving them more contact info to remove your existing public infoMessage telling me that I bought something with credit cardSent text by bank I don’t have an account with- Is this a scam?Email from a hacker with my passwordI entered my password in a possible scam website. What should I do?Hacker used my account to place an order, but not my credit card. Why?Why would a scammer not reply with the same email?
Sextortion with actual password not found in leaks
Can GPL and BSD licensed applications be used for government work?
Navigating the multiverse of bifurcated parallel realities
I have a domain, static IP address and many devices I'd like to access outside my house. How do I route them?
How may I shorten this shell script?
What's the explanation for this joke about a three-legged dog that walks into a bar?
How could an engineer advance human civilization by time traveling to the past?
Extrapolation v. Interpolation
Why are MEMS in QFN packages?
How important is a good quality camera for good photography?
Character Frequency in a String
Other than a swing wing, what types of variable geometry have flown?
Are glider winch launches rarer in the USA than in the rest of the world? Why?
Company requiring me to let them review research from before I was hired
Can a character with a low Intelligence score take the Ritual Caster feat and choose the Wizard class?
How to write a sincerely religious protagonist without preaching or affirming or judging their worldview?
Why must API keys be kept private?
What the purpose of the fuel shutoff valve?
How can I deal with someone that wants to kill something that isn't supposed to be killed?
Historicity doubted by Romans
how to add 1 milliseconds on a datetime string?
Idioms: Should it be " the internet is a seemingly infinite well of information" or "the internet is a seemingly infinite wealth of information"
What was the rationale behind 36 bit computer architectures?
USA: Can a witness take the 5th to avoid perjury?
Sextortion with actual password not found in leaks
Can people let me know why this command was ran and why he typed "network hacked…clampi foundFound scam site that tricks you into giving them more contact info to remove your existing public infoMessage telling me that I bought something with credit cardSent text by bank I don’t have an account with- Is this a scam?Email from a hacker with my passwordI entered my password in a possible scam website. What should I do?Hacker used my account to place an order, but not my credit card. Why?Why would a scammer not reply with the same email?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).
That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?
scam
asked 9 hours ago
user32849user32849
1164 bronze badges
add a comment |
I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).
That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?
scam
asked 9 hours ago
user32849user32849
1164 bronze badges
Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.
– John Dvorak
9 hours ago
1
I don't see how this relates to the question.
– user32849
9 hours ago
2
No breach site can ever claim to be complete.
– schroeder♦
9 hours ago
Do you know where this password came from?
– schroeder♦
9 hours ago
Unfortunately not.
– user32849
9 hours ago
add a comment |
I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).
That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?
scam
asked 9 hours ago
user32849user32849
1164 bronze badges
I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).
That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?
scam
scam
asked 9 hours ago
user32849user32849
1164 bronze badges
asked 9 hours ago
user32849user32849
1164 bronze badges
edited 9 hours ago
user32849
asked 9 hours ago
user32849user32849
1164 bronze badges
asked 9 hours ago
user32849user32849
1164 bronze badges
asked 9 hours ago
user32849user32849
1164 bronze badges
1164 bronze badges
Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.
– John Dvorak
9 hours ago
1
I don't see how this relates to the question.
– user32849
9 hours ago
2
No breach site can ever claim to be complete.
– schroeder♦
9 hours ago
Do you know where this password came from?
– schroeder♦
9 hours ago
Unfortunately not.
– user32849
9 hours ago
add a comment |
Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.
– John Dvorak
9 hours ago
1
I don't see how this relates to the question.
– user32849
9 hours ago
2
No breach site can ever claim to be complete.
– schroeder♦
9 hours ago
Do you know where this password came from?
– schroeder♦
9 hours ago
Unfortunately not.
– user32849
9 hours ago
Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.
– John Dvorak
9 hours ago
Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.
– John Dvorak
9 hours ago
1
1
I don't see how this relates to the question.
– user32849
9 hours ago
I don't see how this relates to the question.
– user32849
9 hours ago
2
2
No breach site can ever claim to be complete.
– schroeder♦
9 hours ago
No breach site can ever claim to be complete.
– schroeder♦
9 hours ago
Do you know where this password came from?
– schroeder♦
9 hours ago
Do you know where this password came from?
– schroeder♦
9 hours ago
Unfortunately not.
– user32849
9 hours ago
Unfortunately not.
– user32849
9 hours ago
add a comment |
1 Answer
1
active
oldest
votes
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered 9 hours ago
john doejohn doe
735 bronze badges
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
1 hour ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214048%2fsextortion-with-actual-password-not-found-in-leaks%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered 9 hours ago
john doejohn doe
735 bronze badges
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
1 hour ago
add a comment |
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered 9 hours ago
john doejohn doe
735 bronze badges
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
1 hour ago
add a comment |
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered 9 hours ago
john doejohn doe
735 bronze badges
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered 9 hours ago
john doejohn doe
735 bronze badges
answered 9 hours ago
john doejohn doe
735 bronze badges
answered 9 hours ago
john doejohn doe
735 bronze badges
answered 9 hours ago
john doejohn doe
735 bronze badges
735 bronze badges
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
1 hour ago
add a comment |
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
1 hour ago
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
1 hour ago
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
1 hour ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214048%2fsextortion-with-actual-password-not-found-in-leaks%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Anyone can set up a login form and then dump their database on the Internet. It's up to you to make sure this doesn't jeopardize you in any way.
– John Dvorak
9 hours ago
1
I don't see how this relates to the question.
– user32849
9 hours ago
2
No breach site can ever claim to be complete.
– schroeder♦
9 hours ago
Do you know where this password came from?
– schroeder♦
9 hours ago
Unfortunately not.
– user32849
9 hours ago