Sextortion with actual password not found in leaksCan people let me know why this command was ran and why he typed "network hacked…clampi foundIs it safe to check password against the HIBP Pwned Passwords API during account registration?Message telling me that I bought something with credit cardEmail from a hacker with my passwordWhy check your email in haveibeenpwned rather than regularly changing your password regardless of any leaks?Email pwned versus password not pwnedWhy would a scammer not reply with the same email?
Export economy of Mars
On the expression "sun-down"
Subverting the essence of fictional and/or religious entities; is it acceptable?
How to call made-up data?
Is an "are" omitted in this sentence
Why isn't the new LEGO CV joint available on Bricklink or Brickowl?
Can an unintentional murderer leave Ir Miklat for Shalosh Regalim?
What does Argus Filch specifically do?
Why is the Vasa Museum in Stockholm so Popular?
Does the problem of P vs NP come under the category of Operational Research?
Lower bound for the number of lattice points on high dimensional spheres
How does shared_ptr<void> know which destructor to use?
What does "autolyco-sentimental" mean?
Accurately recalling the key - can everyone do it?
Have you been refused entry into the Federal Republic of Germany?
Using Forstner bits instead of hole saws
Why do my fried eggs start browning very fast?
Skipping same old introductions
Is law enforcement responsible for damages made by a search warrant?
Can you shove a friendly creature?
Basic CPA walkthrough
What is a summary of basic Jewish metaphysics or theology?
How to understand "...to hide the evidence of mishandled magic, or else hidden by castle-proud house-elves" in this sentence
Can't understand an ACT practice problem: Triangle appears to be isosceles, why isn't the answer 7.3~ here?
Sextortion with actual password not found in leaks
Can people let me know why this command was ran and why he typed "network hacked…clampi foundIs it safe to check password against the HIBP Pwned Passwords API during account registration?Message telling me that I bought something with credit cardEmail from a hacker with my passwordWhy check your email in haveibeenpwned rather than regularly changing your password regardless of any leaks?Email pwned versus password not pwnedWhy would a scammer not reply with the same email?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).
That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?
scam have-i-been-pwned
edited Jul 25 at 11:47
unor
1,0711 gold badge14 silver badges33 bronze badges
asked Jul 24 at 15:13
user32849user32849
2642 silver badges6 bronze badges
|
show 9 more comments
I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).
That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?
scam have-i-been-pwned
edited Jul 25 at 11:47
unor
1,0711 gold badge14 silver badges33 bronze badges
asked Jul 24 at 15:13
user32849user32849
2642 silver badges6 bronze badges
2
I don't see how this relates to the question.
– user32849
Jul 24 at 15:19
47
No breach site can ever claim to be complete.
– schroeder♦
Jul 24 at 15:20
2
Interesting you mention MyFitnessPal - I had the same email this morning, to an address I rarely use online, with an old password. I also went to HaveIBeenPwned and the only site that comes up for that email is MyFitnessPal, and same as you the password for that was different anyway (I still changed it though). I did a deep dive through Last Pass to find anywhere else is used that password (it brought up a few really old logins I haven't used in years), so it may have been any of those (they'll all get updated)
– Midavalo
Jul 25 at 4:36
7
@RonJohn I think they just sent a message implying that they filmed him ("we have full access to your system and can see you naked through your webcam, we have this password to prove it"). As in they didn't ever have access to the webcam, but they're hoping OP believes them.
– JMac
Jul 25 at 11:40
4
It is also worth noting that HaveIBeenPwned will not show you breaches for more sensitive (adult) sites like AshleyMadison unless you go through the email verification process to prove that you own the affected email, associated with the breach record.
– shellster
Jul 25 at 17:21
|
show 9 more comments
I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).
That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?
scam have-i-been-pwned
edited Jul 25 at 11:47
unor
1,0711 gold badge14 silver badges33 bronze badges
asked Jul 24 at 15:13
user32849user32849
2642 silver badges6 bronze badges
I have received one of those typical sextortion scams ("drive-by exploit", filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don't even remember where I used it), but searching the password on HaveIBeenPwned returns nothing (I have previously been notified of two leaks, Last.FM and MyFitnessPal, but those accounts use different passwords).
That got me wondering: since this seems to be a rather old password, how complete are databases like HaveIBeenPwned, and where could I report such a new exploit, other than the authorities?
scam have-i-been-pwned
scam have-i-been-pwned
edited Jul 25 at 11:47
unor
1,0711 gold badge14 silver badges33 bronze badges
asked Jul 24 at 15:13
user32849user32849
2642 silver badges6 bronze badges
edited Jul 25 at 11:47
unor
1,0711 gold badge14 silver badges33 bronze badges
asked Jul 24 at 15:13
user32849user32849
2642 silver badges6 bronze badges
edited Jul 25 at 11:47
unor
1,0711 gold badge14 silver badges33 bronze badges
edited Jul 25 at 11:47
unor
1,0711 gold badge14 silver badges33 bronze badges
edited Jul 25 at 11:47
unor
1,0711 gold badge14 silver badges33 bronze badges
1,0711 gold badge14 silver badges33 bronze badges
asked Jul 24 at 15:13
user32849user32849
2642 silver badges6 bronze badges
asked Jul 24 at 15:13
user32849user32849
2642 silver badges6 bronze badges
asked Jul 24 at 15:13
user32849user32849
2642 silver badges6 bronze badges
2642 silver badges6 bronze badges
2
I don't see how this relates to the question.
– user32849
Jul 24 at 15:19
47
No breach site can ever claim to be complete.
– schroeder♦
Jul 24 at 15:20
2
Interesting you mention MyFitnessPal - I had the same email this morning, to an address I rarely use online, with an old password. I also went to HaveIBeenPwned and the only site that comes up for that email is MyFitnessPal, and same as you the password for that was different anyway (I still changed it though). I did a deep dive through Last Pass to find anywhere else is used that password (it brought up a few really old logins I haven't used in years), so it may have been any of those (they'll all get updated)
– Midavalo
Jul 25 at 4:36
7
@RonJohn I think they just sent a message implying that they filmed him ("we have full access to your system and can see you naked through your webcam, we have this password to prove it"). As in they didn't ever have access to the webcam, but they're hoping OP believes them.
– JMac
Jul 25 at 11:40
4
It is also worth noting that HaveIBeenPwned will not show you breaches for more sensitive (adult) sites like AshleyMadison unless you go through the email verification process to prove that you own the affected email, associated with the breach record.
– shellster
Jul 25 at 17:21
|
show 9 more comments
2
I don't see how this relates to the question.
– user32849
Jul 24 at 15:19
47
No breach site can ever claim to be complete.
– schroeder♦
Jul 24 at 15:20
2
Interesting you mention MyFitnessPal - I had the same email this morning, to an address I rarely use online, with an old password. I also went to HaveIBeenPwned and the only site that comes up for that email is MyFitnessPal, and same as you the password for that was different anyway (I still changed it though). I did a deep dive through Last Pass to find anywhere else is used that password (it brought up a few really old logins I haven't used in years), so it may have been any of those (they'll all get updated)
– Midavalo
Jul 25 at 4:36
7
@RonJohn I think they just sent a message implying that they filmed him ("we have full access to your system and can see you naked through your webcam, we have this password to prove it"). As in they didn't ever have access to the webcam, but they're hoping OP believes them.
– JMac
Jul 25 at 11:40
4
It is also worth noting that HaveIBeenPwned will not show you breaches for more sensitive (adult) sites like AshleyMadison unless you go through the email verification process to prove that you own the affected email, associated with the breach record.
– shellster
Jul 25 at 17:21
2
2
I don't see how this relates to the question.
– user32849
Jul 24 at 15:19
I don't see how this relates to the question.
– user32849
Jul 24 at 15:19
47
47
No breach site can ever claim to be complete.
– schroeder♦
Jul 24 at 15:20
No breach site can ever claim to be complete.
– schroeder♦
Jul 24 at 15:20
2
2
Interesting you mention MyFitnessPal - I had the same email this morning, to an address I rarely use online, with an old password. I also went to HaveIBeenPwned and the only site that comes up for that email is MyFitnessPal, and same as you the password for that was different anyway (I still changed it though). I did a deep dive through Last Pass to find anywhere else is used that password (it brought up a few really old logins I haven't used in years), so it may have been any of those (they'll all get updated)
– Midavalo
Jul 25 at 4:36
Interesting you mention MyFitnessPal - I had the same email this morning, to an address I rarely use online, with an old password. I also went to HaveIBeenPwned and the only site that comes up for that email is MyFitnessPal, and same as you the password for that was different anyway (I still changed it though). I did a deep dive through Last Pass to find anywhere else is used that password (it brought up a few really old logins I haven't used in years), so it may have been any of those (they'll all get updated)
– Midavalo
Jul 25 at 4:36
7
7
@RonJohn I think they just sent a message implying that they filmed him ("we have full access to your system and can see you naked through your webcam, we have this password to prove it"). As in they didn't ever have access to the webcam, but they're hoping OP believes them.
– JMac
Jul 25 at 11:40
@RonJohn I think they just sent a message implying that they filmed him ("we have full access to your system and can see you naked through your webcam, we have this password to prove it"). As in they didn't ever have access to the webcam, but they're hoping OP believes them.
– JMac
Jul 25 at 11:40
4
4
It is also worth noting that HaveIBeenPwned will not show you breaches for more sensitive (adult) sites like AshleyMadison unless you go through the email verification process to prove that you own the affected email, associated with the breach record.
– shellster
Jul 25 at 17:21
It is also worth noting that HaveIBeenPwned will not show you breaches for more sensitive (adult) sites like AshleyMadison unless you go through the email verification process to prove that you own the affected email, associated with the breach record.
– shellster
Jul 25 at 17:21
|
show 9 more comments
3 Answers
3
active
oldest
votes
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered Jul 24 at 15:20
john doejohn doe
4491 silver badge11 bronze badges
31
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
Jul 24 at 22:37
18
I'd be slightly surprised if they bother filtering out accounts listed on HaveIBeenPwned. To fall for the scam you already have to not know about the scam and not know where to look to find out that it's a widely-reported scam. To also not know about HaveIBeenPwned isn't much of a leap from there, so the scammers might as well send it anyway.
– Steve Jessop
Jul 25 at 13:05
add a comment |
Services like HaveIBeenPwned only store passwords that have been publicly leaked in attacks. They have no way of knowing if you have changed your password since, and they have no way of knowing if your password has been leaked via other means.
EDIT: just noticed that you were searching your passwords on there. You might have better luck searching usernames or email addresses
answered Jul 25 at 10:19
520520
5932 silver badges5 bronze badges
add a comment |
To add, Troy Hunt has previously stated that there are occasions where he has been in receipt of compromised credentials and has decided NOT to include those in HIBP.
https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/
"As a result, I offered to permanently delete the copy I was sent and not load it into HIBP. As of Thursday evening, that's precisely what I did - permanently deleted every trace of it I had. This isn't unprecedented, I took the same steps as part of the clean-up in the wake of the VTech data breach and for all the same reasons it made sense then, it makes sense now. As with VTech, this should give those who were exposed in the incident just a little bit more peace of mind that their data has been contained to the fullest extent possible."
In practice, the ones in HIBPe will have already been in circulation amongst the 'bad guys' for some time, and have either already been exploited or have been determined to be not worth the effort.
answered Jul 26 at 3:27
GaryGary
7646 silver badges12 bronze badges
add a comment |
protected by Rory Alsop♦ Jul 26 at 8:11
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered Jul 24 at 15:20
john doejohn doe
4491 silver badge11 bronze badges
31
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
Jul 24 at 22:37
18
I'd be slightly surprised if they bother filtering out accounts listed on HaveIBeenPwned. To fall for the scam you already have to not know about the scam and not know where to look to find out that it's a widely-reported scam. To also not know about HaveIBeenPwned isn't much of a leap from there, so the scammers might as well send it anyway.
– Steve Jessop
Jul 25 at 13:05
add a comment |
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered Jul 24 at 15:20
john doejohn doe
4491 silver badge11 bronze badges
31
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
Jul 24 at 22:37
18
I'd be slightly surprised if they bother filtering out accounts listed on HaveIBeenPwned. To fall for the scam you already have to not know about the scam and not know where to look to find out that it's a widely-reported scam. To also not know about HaveIBeenPwned isn't much of a leap from there, so the scammers might as well send it anyway.
– Steve Jessop
Jul 25 at 13:05
add a comment |
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered Jul 24 at 15:20
john doejohn doe
4491 silver badge11 bronze badges
While services like HaveIBeenPwned are fairly extensive, there are still many stolen user / password lists that have not been revealed to the public eye. Maybe a company didn't actually disclose what happened, never realized anything happened, and/or no researcher has yet found the list. Unless you somehow find the list that included that password somewhere, there isn't a good option to try and report this incident.
answered Jul 24 at 15:20
john doejohn doe
4491 silver badge11 bronze badges
answered Jul 24 at 15:20
john doejohn doe
4491 silver badge11 bronze badges
answered Jul 24 at 15:20
john doejohn doe
4491 silver badge11 bronze badges
answered Jul 24 at 15:20
john doejohn doe
4491 silver badge11 bronze badges
4491 silver badge11 bronze badges
31
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
Jul 24 at 22:37
18
I'd be slightly surprised if they bother filtering out accounts listed on HaveIBeenPwned. To fall for the scam you already have to not know about the scam and not know where to look to find out that it's a widely-reported scam. To also not know about HaveIBeenPwned isn't much of a leap from there, so the scammers might as well send it anyway.
– Steve Jessop
Jul 25 at 13:05
add a comment |
31
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
Jul 24 at 22:37
18
I'd be slightly surprised if they bother filtering out accounts listed on HaveIBeenPwned. To fall for the scam you already have to not know about the scam and not know where to look to find out that it's a widely-reported scam. To also not know about HaveIBeenPwned isn't much of a leap from there, so the scammers might as well send it anyway.
– Steve Jessop
Jul 25 at 13:05
31
31
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
Jul 24 at 22:37
Also worth noting that this is a very common tactic. They find a forum or website somewhere that has SQLi, dump the passwords, find the ones that aren't yet public, then send sextortion emails to that subset of users using the password as false leverage to "prove" that they know something about you that "couldn't" be known unless they had access to your computer.
– Polynomial
Jul 24 at 22:37
18
18
I'd be slightly surprised if they bother filtering out accounts listed on HaveIBeenPwned. To fall for the scam you already have to not know about the scam and not know where to look to find out that it's a widely-reported scam. To also not know about HaveIBeenPwned isn't much of a leap from there, so the scammers might as well send it anyway.
– Steve Jessop
Jul 25 at 13:05
I'd be slightly surprised if they bother filtering out accounts listed on HaveIBeenPwned. To fall for the scam you already have to not know about the scam and not know where to look to find out that it's a widely-reported scam. To also not know about HaveIBeenPwned isn't much of a leap from there, so the scammers might as well send it anyway.
– Steve Jessop
Jul 25 at 13:05
add a comment |
Services like HaveIBeenPwned only store passwords that have been publicly leaked in attacks. They have no way of knowing if you have changed your password since, and they have no way of knowing if your password has been leaked via other means.
EDIT: just noticed that you were searching your passwords on there. You might have better luck searching usernames or email addresses
answered Jul 25 at 10:19
520520
5932 silver badges5 bronze badges
add a comment |
Services like HaveIBeenPwned only store passwords that have been publicly leaked in attacks. They have no way of knowing if you have changed your password since, and they have no way of knowing if your password has been leaked via other means.
EDIT: just noticed that you were searching your passwords on there. You might have better luck searching usernames or email addresses
answered Jul 25 at 10:19
520520
5932 silver badges5 bronze badges
add a comment |
Services like HaveIBeenPwned only store passwords that have been publicly leaked in attacks. They have no way of knowing if you have changed your password since, and they have no way of knowing if your password has been leaked via other means.
EDIT: just noticed that you were searching your passwords on there. You might have better luck searching usernames or email addresses
answered Jul 25 at 10:19
520520
5932 silver badges5 bronze badges
Services like HaveIBeenPwned only store passwords that have been publicly leaked in attacks. They have no way of knowing if you have changed your password since, and they have no way of knowing if your password has been leaked via other means.
EDIT: just noticed that you were searching your passwords on there. You might have better luck searching usernames or email addresses
answered Jul 25 at 10:19
520520
5932 silver badges5 bronze badges
edited Jul 25 at 10:30
answered Jul 25 at 10:19
520520
5932 silver badges5 bronze badges
answered Jul 25 at 10:19
520520
5932 silver badges5 bronze badges
answered Jul 25 at 10:19
520520
5932 silver badges5 bronze badges
5932 silver badges5 bronze badges
add a comment |
add a comment |
To add, Troy Hunt has previously stated that there are occasions where he has been in receipt of compromised credentials and has decided NOT to include those in HIBP.
https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/
"As a result, I offered to permanently delete the copy I was sent and not load it into HIBP. As of Thursday evening, that's precisely what I did - permanently deleted every trace of it I had. This isn't unprecedented, I took the same steps as part of the clean-up in the wake of the VTech data breach and for all the same reasons it made sense then, it makes sense now. As with VTech, this should give those who were exposed in the incident just a little bit more peace of mind that their data has been contained to the fullest extent possible."
In practice, the ones in HIBPe will have already been in circulation amongst the 'bad guys' for some time, and have either already been exploited or have been determined to be not worth the effort.
answered Jul 26 at 3:27
GaryGary
7646 silver badges12 bronze badges
add a comment |
To add, Troy Hunt has previously stated that there are occasions where he has been in receipt of compromised credentials and has decided NOT to include those in HIBP.
https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/
"As a result, I offered to permanently delete the copy I was sent and not load it into HIBP. As of Thursday evening, that's precisely what I did - permanently deleted every trace of it I had. This isn't unprecedented, I took the same steps as part of the clean-up in the wake of the VTech data breach and for all the same reasons it made sense then, it makes sense now. As with VTech, this should give those who were exposed in the incident just a little bit more peace of mind that their data has been contained to the fullest extent possible."
In practice, the ones in HIBPe will have already been in circulation amongst the 'bad guys' for some time, and have either already been exploited or have been determined to be not worth the effort.
answered Jul 26 at 3:27
GaryGary
7646 silver badges12 bronze badges
add a comment |
To add, Troy Hunt has previously stated that there are occasions where he has been in receipt of compromised credentials and has decided NOT to include those in HIBP.
https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/
"As a result, I offered to permanently delete the copy I was sent and not load it into HIBP. As of Thursday evening, that's precisely what I did - permanently deleted every trace of it I had. This isn't unprecedented, I took the same steps as part of the clean-up in the wake of the VTech data breach and for all the same reasons it made sense then, it makes sense now. As with VTech, this should give those who were exposed in the incident just a little bit more peace of mind that their data has been contained to the fullest extent possible."
In practice, the ones in HIBPe will have already been in circulation amongst the 'bad guys' for some time, and have either already been exploited or have been determined to be not worth the effort.
answered Jul 26 at 3:27
GaryGary
7646 silver badges12 bronze badges
To add, Troy Hunt has previously stated that there are occasions where he has been in receipt of compromised credentials and has decided NOT to include those in HIBP.
https://www.troyhunt.com/the-red-cross-blood-service-australias-largest-ever-leak-of-personal-data/
"As a result, I offered to permanently delete the copy I was sent and not load it into HIBP. As of Thursday evening, that's precisely what I did - permanently deleted every trace of it I had. This isn't unprecedented, I took the same steps as part of the clean-up in the wake of the VTech data breach and for all the same reasons it made sense then, it makes sense now. As with VTech, this should give those who were exposed in the incident just a little bit more peace of mind that their data has been contained to the fullest extent possible."
In practice, the ones in HIBPe will have already been in circulation amongst the 'bad guys' for some time, and have either already been exploited or have been determined to be not worth the effort.
answered Jul 26 at 3:27
GaryGary
7646 silver badges12 bronze badges
answered Jul 26 at 3:27
GaryGary
7646 silver badges12 bronze badges
answered Jul 26 at 3:27
GaryGary
7646 silver badges12 bronze badges
answered Jul 26 at 3:27
GaryGary
7646 silver badges12 bronze badges
7646 silver badges12 bronze badges
add a comment |
add a comment |
protected by Rory Alsop♦ Jul 26 at 8:11
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
2
I don't see how this relates to the question.
– user32849
Jul 24 at 15:19
47
No breach site can ever claim to be complete.
– schroeder♦
Jul 24 at 15:20
2
Interesting you mention MyFitnessPal - I had the same email this morning, to an address I rarely use online, with an old password. I also went to HaveIBeenPwned and the only site that comes up for that email is MyFitnessPal, and same as you the password for that was different anyway (I still changed it though). I did a deep dive through Last Pass to find anywhere else is used that password (it brought up a few really old logins I haven't used in years), so it may have been any of those (they'll all get updated)
– Midavalo
Jul 25 at 4:36
7
@RonJohn I think they just sent a message implying that they filmed him ("we have full access to your system and can see you naked through your webcam, we have this password to prove it"). As in they didn't ever have access to the webcam, but they're hoping OP believes them.
– JMac
Jul 25 at 11:40
4
It is also worth noting that HaveIBeenPwned will not show you breaches for more sensitive (adult) sites like AshleyMadison unless you go through the email verification process to prove that you own the affected email, associated with the breach record.
– shellster
Jul 25 at 17:21