EMAIL FROM HACKER - ADVICE NEEDED

[rhino]

Your information could be posted online, and they could just be contacting you to try to get some money. My info was leaked with an old (3+ year old) password. I don't like the wallet idea, so I have a bunch of encrypted passwords that I typically change 3-4x per year.

So long as they didn't actually gain access and try to CHANGE your 2 step authentication you're fine. My guess is that your email/password combo was listed on some nefarious sites. I think I have 5 old passwords listed when I used search. Oh well. None are current.

I think someone is searching for different combinations of my first and last name and then trying what the find with that old password. The gmail account had my name, but it also had some other characters and obviously the domain was different than the email address that was stolen with the password from the uspsa web site a couple of years ago.

 

[Phase2]

Since it is impossible to keep up with all of the sites that have had their databases breached, this site is a very good resource to check if your e-mail has been linked to any compromised accounts.

https://haveibeenpwned.com

It is a very well-known and widely-used security tool. They get copies of accounts that have been compromised and sold/published and keep them in one place for you to check. It is a handy way to look for places where your credentials may have been compromised that you aren't even aware of.

 

[CHCRandy]

I just got one of these the other day. They had the right password, but that is not a surprise because I use it frequently on many different sites. The bad part is I have no idea what site they got it from. They wanted $7000 from me....I just deleted email and have been trying to change it at the places I could remember.

 

[rhino]

I just got one of these the other day. They had the right password, but that is not a surprise because I use it frequently on many different sites. The bad part is I have no idea what site they got it from. They wanted $7000 from me....I just deleted email and have been trying to change it at the places I could remember.

Yep, it's a good reminder!

 

[bwframe]

Got mine to the USPSA address last week. Happily, I remembered seeing this thread, so no concern.

 

[rhino]

Got mine to the USPSA address last week. Happily, I remembered seeing this thread, so no concern.

I think about 20,000 other people are getting the same thing from the exact same source. I am reminded of how irritated I was by an organization that had essentially zero security measures in place at the time, and worse yet, an unencrypted text file just sitting there with all of the passwords and email addresses. UGH.

 

[SmileDocHill]

I just got almost the exact same email. Part of the password they supposedly hacked had "uspsa" in it. I honestly can't remember if the full password is actually one I have or used to have but it looks similar to something I would come up with. So at some point they hacked someone that likely had a password of mine. Makes you wonder if they got any others in the mix. time to change the 1.3 million passowords I have to various sites.

 

[SmileDocHill]

Since it is impossible to keep up with all of the sites that have had their databases breached, this site is a very good resource to check if your e-mail has been linked to any compromised accounts.

https://haveibeenpwned.com

It is a very well-known and widely-used security tool. They get copies of accounts that have been compromised and sold/published and keep them in one place for you to check. It is a handy way to look for places where your credentials may have been compromised that you aren't even aware of.

That is exactly what a hacker would say to get you to click on a link. I'm not falling for that!



I know its an old post but I can't resist. (-:

 

[GLOCKMAN23C]

I just got almost the exact same email. Part of the password they supposedly hacked had "uspsa" in it. I honestly can't remember if the full password is actually one I have or used to have but it looks similar to something I would come up with. So at some point they hacked someone that likely had a password of mine. Makes you wonder if they got any others in the mix. time to change the 1.3 million passowords I have to various sites.

I received 2 emails in the last week. Virtually identical, from different addresses. It is a pw that I haven't used for a long time.

 

[Hatin Since 87]

You guys actually check your email?

 

[fullmetaljesus]

There have been lots of sensitive info has been leaked. Lots of hacks have happened so it should come to no surprise that somebody your passwords and email addresses have been shared freely online.

You can check via
Haveibeenpwned.com


It would be wise if y'all would change your passwords regularly. And never use the same one for more than one thing. I use LastPass personally. It generates and saves your passwords for you.

 

[KokomoDave]

I use Onion for all my porn surfing. Good luck scammers!

 

[Thor]

I got the same sort of thing this morning...of course he said he had FacePlant account information and computer cam videos which made me LOL as I have neither. Screw you hacker scum!

 

[churchmouse]

I received 2 emails in the last week. Virtually identical, from different addresses. It is a pw that I haven't used for a long time.

I used PayPal (Not my account) to get some stuff for my computer. The next day my card number showed up in my history feed out in the open.

Trust me the hit the fan.

Is everything a scam.

 

[Ingomike]

The major credit reporting agencies have been hacked over 14 times, and that is just what we know. They have it all on most of us.

 

[WebSnyper]

It would be wise if y'all would change your passwords regularly. And never use the same one for more than one thing. I use LastPass personally. It generates and saves your passwords for you.

Agreed, I use LastPass as well, and yes, unique passwords, and where you can set it up (email address, bank, etc) use Multi Factor Authentication, and preferably not just SMS/Text MFA, unless that is all they offer. Unfortunately most banks seem to only want to use text or email MFA. Much better if you can use an actual MFA provider application.

If you use same passwords across accounts and no MFA, you are only as good as the weakest possible website that you use it on.

Can't wait until the world is passwordless. There are some passwordless authentication methods out there in use now. Work pretty well, as long as you have your phone/token, etc available.