Cactiguide passwords hacked?

[tumamoc]

Hey, did anybody else here get a ransom message threatening to send videos to your contacts unless you pay x amount of bitcoin? My message goes something like this, "I know ******** is one of your passwords. Lets get right to purpose. No one has paid me to check you. You may not know me and you're probably thinking why you are getting this e mail?...First alternative is to disregard this message. in this scenario, i am going to send out your very own videotape to every bit of your contacts and also just consider concerning the humiliation you can get. Do not forget if you happen to be in a relationship, precisely how it can affect?...Second solution will be to compensate me $978. We will call it a donation. Consequently, i most certainly will promptly erase your video. You could go on with your daily life like this never occurred and you never will hear back again from me."

Anyway, I think I only use the compromised password on this site, so that's why I ask.
I've heard this is a pretty common phishing scam.

[mikethecactusguy]

Its a scam. I have been hit 12 times with it. Funny thing is I have no cameras attached to any of my computers so even if I was being a naughty boy. I could not be video'd . Its because these devices can be hacked that they are not allowed in our home. No Alexa or Siri or any other device that can listen to me. AI is starting to get too smart. Someone posted some videos a few months ago showing devices talking to each other when no one was around and they were supposed to be off.

[teo]

These scam mails are (usually) from a big password leak in 2012 where 117 million accounts/passwords were published on Internet

[walker87]

So this is the site that was the problem!?
I got this email a while back, they did have a valid password of mine but I use multiple passwords so no big deal.
A secondary email was sent but it had even worse English and grammar, the first email matches OP closely.

[DaveW]

Did you use the password on any other sites in the past? As long as it is not an important password regarding finance and is just for a Forum what can they do that is of any harm to you with it? I occasionally get the usual one locking my browser when I am searching for information from other sites, telling me I have a bug on the computer and to ring this number to get the bug removed. I just use the free version of C-Cleaner to wipe them off, plus to remove all cookies apart from those of regular sites I use. If they tell you not to switch off the computer before phoning them or they will have to disable it to prevent damage to the system, that is the very thing they do not want you to do since that in itself will unlock the browser and cut them off. If you phone them that is when they can access your computer and put malware on, probably telling you to temporarily switch off your antivirus to do it.

"in this scenario, I am going to send out your very own videotape to every bit of your contacts and also just consider concerning the humiliation you can get. Do not forget if you happen to be in a relationship, precisely how it can affect?"

It is really a phishing email hoping to contact somebody who is making iffy videos of him and his girlfriends his wife may not know about who will pay up. Obviously the wording is not aimed at any specific person they know anything about. It used to amuse me when I got phishing emails from the bank regarding my account, only thing was it was not my current bank and neither had I ever banked with the bank concerned. It's a case of them sending out hundreds of similar emails in hopes that at least a few will get a financial response from somebody having iffy videos on computer they may not want distributing.

However there is ransomware out there that can really tie up your computer, so best to keep your antivirus up to date.

See:-

https://www.ransomware.it/en/email-rans ... word-leak/

[teo]

Sorry, I missed the key word in my post: it was from LinkedIn that the leak originated

[DaveW]

Would one of pollinating a cactus flower count as a sex video? Just think of the humiliation of it, a time lapse video of a flowering cactus being distributed to all and sundry, would we ever live it down?

Have a job with this computer it has no camera or microphone on it and I have taken no videos anyway.

[tumamoc]

^^^Ha!

I guess it is possible this hack dates back to 2012, but I have never received anything until now that disclosed an actual password. The IT guy at my office suggested I check out this website to check if passwords I use have been found in databases of hacked websites:

https://haveibeenpwned.com/Passwords

He states, "you just type or cut and paste your password into the password field, and click the pwned? button. It is searching the password string separate from any username it might be associated with against a bunch of "dark web" databases of breached information collected by hackers. This is not in any way comprehensive but is basically using the hacker's leaked databases against them".

Fortunately for me, only my cactiguide password has been "pwned".

This is what it says: "Oh no — pwned! This password has been seen 2 times before.This password has previously appeared in a data breach and should never be used. If you've ever used it anywhere before, change it!"

[DaveW]

If it's off this site strange that we did not all get the email then? Did anybody else here get it?

Was it a password containing both letters and numbers, otherwise if just normal words they can automatically run through an online dictionary to find them. A lady I stayed with on holiday said I could use her computer, but went out and forgot to tell me it needed a password to open it. Therefore I just tried her dogs name and it opened immediately, so never use anything that's obvious, even if it's easier to remember and preferably a mixture of letters and numbers that are not immediately obvious such as birthdays and dates of birth.

[Spikylover]

Last year i received emails to my cactiguide only email about ads for plastic surgery, boob jobs and vaginal restoration...with pictures. I was horrified. The old cactiguide server was terrible and made me leave the forum for a while.

Rachel.

[DaveW]

You do get the odd scammer getting onto the site occasionally Rachel before they are removed. Therefore I wonder if when they do they can simply click on a members name and in their profile PM them with unwanted adds, or if an email address is given use that?

[toadstar]

I've gotten phishing attempts to my cactiguide only email address two years ago. So at some point it seems the forum's user information was compromised. viewtopic.php?f=5&t=38466

[tumamoc]

If it's off this site strange that we did not all get the email then? Did anybody else here get it?

Was it a password containing both letters and numbers, otherwise if just normal words they can automatically run through an online dictionary to find them. A lady I stayed with on holiday said I could use her computer, but went out and forgot to tell me it needed a password to open it. Therefore I just tried her dogs name and it opened immediately, so never use anything that's obvious, even if it's easier to remember and preferably a mixture of letters and numbers that are not immediately obvious such as birthdays and dates of birth.

It was letters and numbers. Nothing obvious.

The email I received was just plain weird. The subject line was my username and password. Originally, I had planned to copy and paste the text of the email in this thread. However, when I highlighted the text, I could see that my password and various alphanumeric garbage (code?) were interspersed throughout as hidden text (white text on white background). Needless to say, that email was deleted.