Leaked passwords: a security update
People have been receiving an email from an unknown sender saying that an internet account of theirs has been hacked and that their password has been exposed.
The email contains the following elements:
Mentions your account has been hacked.
a REAL password of yours is included in the email. Probably an old password that you will recognize.
A demand that you send money by way of Bitcoin for them to delete the information and move on.
Some type of threat to motivate you to comply.
My advice is:
Don't panic. Don't worry. DELETE THE EMAIL. Do not reply to it.
But how did they get your password?
Online services and databases are hacked all the time. Maybe you signed up for a message board years ago. Perhaps you downloaded software at some point and needed to create an account.
What likely happened was one of the websites, services or databases that happened to contain your information and password was made available on the internet. You may not have used that password for many years, or you may still be using it for other accounts such as your email, work account logins or other internet services. That does not mean that all of your accounts have been compromised.
The goal of this email is to frighten you by sending you information that is familiar to you and make you take action to prevent further damage.
I assure you that no action will be taken from you not paying. I also recommend that you do not reply to the email nor interact with the sender.
What do we learn from this?
Internet services sometimes get hacked and your password could become exposed.
You have not been individually targeted.
It is important to use different passwords for each internet service, website, and database you use.
It is important to change your passwords, especially after receiving an email like this.
If you have trouble remembering multiple passwords, consider using a secure password manager such as Last Pass.
If you would like to have a talk about how we can help make your business more secure or how you can offer security awareness training to your employees, please feel free to reach out.