Hello everybody! 👋 Somebody I do know lately bought an e-mail informing them that their account had been hacked. The topic of the e-mail had their password and the e-mail went like this:

𝙸𝚝 𝚜𝚎𝚎𝚖𝚜 𝚝𝚑𝚊𝚝, xxxxxxxx, 𝚒𝚜 𝚢𝚘𝚞𝚛 𝚙𝚊𝚜𝚜𝚠𝚘𝚛𝚍.

𝙸 𝚛𝚎𝚚𝚞𝚒𝚛𝚎 𝚢𝚘𝚞𝚛 𝚌𝚘𝚖𝚙𝚕𝚎𝚝𝚎 𝚊𝚝𝚝𝚎𝚗𝚝𝚒𝚘𝚗 𝚏𝚘𝚛 𝚝𝚑𝚎 𝚝𝚑𝚎 𝚗𝚎𝚡𝚝 𝟸𝟺 𝚑𝚘𝚞𝚛𝚜, 𝚘𝚛 𝙸 𝚠𝚒𝚕𝚕 𝚌𝚎𝚛𝚝𝚊𝚒𝚗𝚕𝚢 𝚖𝚊𝚔𝚎 𝚜𝚞𝚛𝚎 𝚢𝚘𝚞 𝚝𝚑𝚊𝚝 𝚢𝚘𝚞 𝚕𝚒𝚟𝚎 𝚘𝚞𝚝 𝚘𝚏 𝚎𝚖𝚋𝚊𝚛𝚛𝚊𝚜𝚜𝚖𝚎𝚗𝚝 𝚏𝚘𝚛 𝚝𝚑𝚎 𝚛𝚎𝚜𝚝 𝚘𝚏 𝚢𝚘𝚞𝚛 𝚕𝚒𝚏𝚎.

𝙷𝚎𝚕𝚕𝚘, 𝚢𝚘𝚞 𝚍𝚘 𝚗𝚘𝚝 𝚔𝚗𝚘𝚠 𝚖𝚎 𝚙𝚎𝚛𝚜𝚘𝚗𝚊𝚕𝚕𝚢. 𝙱𝚞𝚝 𝙸 𝚔𝚗𝚘𝚠 𝚎𝚟𝚎𝚛𝚢𝚝𝚑𝚒𝚗𝚐 𝚌𝚘𝚗𝚌𝚎𝚛𝚗𝚒𝚗𝚐 𝚢𝚘𝚞. 𝚈𝚘𝚞𝚛 𝚎𝚗𝚝𝚒𝚛𝚎 𝚏𝚋 𝚌𝚘𝚗𝚝𝚊𝚌𝚝 𝚕𝚒𝚜𝚝, 𝚜𝚖𝚊𝚛𝚝𝚙𝚑𝚘𝚗𝚎 𝚌𝚘𝚗𝚝𝚊𝚌𝚝𝚜 𝚊𝚕𝚘𝚗𝚐 𝚠𝚒𝚝𝚑 𝚊𝚕𝚕 𝚝𝚑𝚎 𝚟𝚒𝚛𝚝𝚞𝚊𝚕 𝚊𝚌𝚝𝚒𝚟𝚒𝚝𝚢 𝚒𝚗 𝚢𝚘𝚞𝚛 𝚌𝚘𝚖𝚙𝚞𝚝𝚎𝚛 𝚏𝚛𝚘𝚖 𝚙𝚛𝚎𝚟𝚒𝚘𝚞𝚜 𝟷𝟽𝟼 𝚍𝚊𝚢𝚜.

𝙸𝚗𝚌𝚕𝚞𝚍𝚒𝚗𝚐, 𝚢𝚘𝚞𝚛 𝚜𝚎𝚕𝚏 𝚙𝚕𝚎𝚊𝚜𝚞𝚛𝚎 𝚟𝚒𝚍𝚎𝚘, 𝚠𝚑𝚒𝚌𝚑 𝚋𝚛𝚒𝚗𝚐𝚜 𝚖𝚎 𝚝𝚘 𝚝𝚑𝚎 𝚙𝚛𝚒𝚖𝚊𝚛𝚢 𝚖𝚘𝚝𝚒𝚟𝚎 𝚠𝚑𝚢 𝙸 ‘𝚖 𝚌𝚘𝚖𝚙𝚘𝚜𝚒𝚗𝚐 𝚝𝚑𝚒𝚜 𝚜𝚙𝚎𝚌𝚒𝚏𝚒𝚌 𝚎𝚖𝚊𝚒𝚕 𝚝𝚘 𝚢𝚘𝚞.

𝚆𝚎𝚕𝚕 𝚝𝚑𝚎 𝚙𝚛𝚎𝚟𝚒𝚘𝚞𝚜 𝚝𝚒𝚖𝚎 𝚢𝚘𝚞 𝚠𝚎𝚗𝚝 𝚝𝚘 𝚝𝚑𝚎 𝚙𝚘𝚛𝚗 𝚖𝚊𝚝𝚎𝚛𝚒𝚊𝚕 𝚠𝚎𝚋𝚜𝚒𝚝𝚎𝚜, 𝚖𝚢 𝚜𝚙𝚢𝚠𝚊𝚛𝚎 𝚠𝚊𝚜 𝚝𝚛𝚒𝚐𝚐𝚎𝚛𝚎𝚍 𝚒𝚗𝚜𝚒𝚍𝚎 𝚢𝚘𝚞𝚛 𝚌𝚘𝚖𝚙𝚞𝚝𝚎𝚛 𝚜𝚢𝚜𝚝𝚎𝚖 𝚠𝚑𝚒𝚌𝚑 𝚎𝚗𝚍𝚎𝚍 𝚞𝚙 𝚛𝚎𝚌𝚘𝚛𝚍𝚒𝚗𝚐 𝚊 𝚎𝚢𝚎-𝚌𝚊𝚝𝚌𝚑𝚒𝚗𝚐 𝚟𝚒𝚍𝚎𝚘 𝚏𝚘𝚘𝚝𝚊𝚐𝚎 𝚘𝚏 𝚢𝚘𝚞𝚛 𝚜𝚎𝚕𝚏 𝚙𝚕𝚎𝚊𝚜𝚞𝚛𝚎 𝚙𝚕𝚊𝚢 𝚋𝚢 𝚊𝚌𝚝𝚒𝚟𝚊𝚝𝚒𝚗𝚐 𝚢𝚘𝚞𝚛 𝚠𝚎𝚋 𝚌𝚊𝚖.
(𝚢𝚘𝚞 𝚐𝚘𝚝 𝚊 𝚒𝚗𝚌𝚛𝚎𝚍𝚒𝚋𝚕𝚢 𝚜𝚝𝚛𝚊𝚗𝚐𝚎 𝚝𝚊𝚜𝚝𝚎 𝚋𝚢 𝚝𝚑𝚎 𝚠𝚊𝚢 𝚕𝚖𝚊𝚘)

𝙸 𝚘𝚠𝚗 𝚝𝚑𝚎 𝚎𝚗𝚝𝚒𝚛𝚎 𝚛𝚎𝚌𝚘𝚛𝚍𝚒𝚗𝚐. 𝙸𝚏, 𝚙𝚎𝚛𝚑𝚊𝚙𝚜 𝚢𝚘𝚞 𝚝𝚑𝚒𝚗𝚔 𝙸 𝚊𝚖 𝚏𝚘𝚘𝚕𝚒𝚗𝚐 𝚊𝚛𝚘𝚞𝚗𝚍, 𝚓𝚞𝚜𝚝 𝚛𝚎𝚙𝚕𝚢 𝚙𝚛𝚘𝚘𝚏 𝚊𝚗𝚍 𝙸 𝚠𝚒𝚕𝚕 𝚋𝚎 𝚏𝚘𝚛𝚠𝚊𝚛𝚍𝚒𝚗𝚐 𝚝𝚑𝚎 𝚛𝚎𝚌𝚘𝚛𝚍𝚒𝚗𝚐 𝚛𝚊𝚗𝚍𝚘𝚖𝚕𝚢 𝚝𝚘 𝟷𝟸 𝚙𝚎𝚘𝚙𝚕𝚎 𝚢𝚘𝚞’𝚛𝚎 𝚏𝚛𝚒𝚎𝚗𝚍𝚜 𝚠𝚒𝚝𝚑.

𝙸𝚝 𝚖𝚊𝚢 𝚋𝚎 𝚢𝚘𝚞𝚛 𝚏𝚛𝚒𝚎𝚗𝚍, 𝚌𝚘 𝚠𝚘𝚛𝚔𝚎𝚛𝚜, 𝚋𝚘𝚜𝚜, 𝚙𝚊𝚛𝚎𝚗𝚝𝚜 (𝙸’𝚖 𝚗𝚘𝚝 𝚜𝚞𝚛𝚎! 𝙼𝚢 𝚜𝚘𝚏𝚝𝚠𝚊𝚛𝚎 𝚠𝚒𝚕𝚕 𝚛𝚊𝚗𝚍𝚘𝚖𝚕𝚢 𝚜𝚎𝚕𝚎𝚌𝚝 𝚝𝚑𝚎 𝚌𝚘𝚗𝚝𝚊𝚌𝚝𝚜).

𝚆𝚒𝚕𝚕 𝚢𝚘𝚞 𝚋𝚎 𝚌𝚊𝚙𝚊𝚋𝚕𝚎 𝚝𝚘 𝚕𝚘𝚘𝚔 𝚒𝚗𝚝𝚘 𝚊𝚗𝚢𝚘𝚗𝚎’𝚜 𝚎𝚢𝚎𝚜 𝚊𝚐𝚊𝚒𝚗 𝚊𝚏𝚝𝚎𝚛 𝚒𝚝? 𝙸 𝚚𝚞𝚎𝚜𝚝𝚒𝚘𝚗 𝚝𝚑𝚊𝚝…

𝙱𝚞𝚝, 𝚒𝚝 𝚍𝚘𝚎𝚜 𝚗𝚘𝚝 𝚑𝚊𝚟𝚎 𝚝𝚘 𝚋𝚎 𝚝𝚑𝚊𝚝 𝚛𝚘𝚞𝚝𝚎.

𝙸 𝚠𝚘𝚞𝚕𝚍 𝚕𝚒𝚔𝚎 𝚝𝚘 𝚖𝚊𝚔𝚎 𝚢𝚘𝚞 𝚊 𝚘𝚗𝚎 𝚝𝚒𝚖𝚎, 𝚗𝚘 𝚗𝚎𝚐𝚘𝚝𝚒𝚊𝚋𝚕𝚎 𝚘𝚏𝚏𝚎𝚛.

𝙱𝚞𝚢 $ 𝟸𝟶𝟶𝟶 𝚒𝚗 𝚋𝚒𝚝𝚌𝚘𝚒𝚗 𝚊𝚗𝚍 𝚜𝚎𝚗𝚍 𝚝𝚑𝚎𝚖 𝚝𝚘 𝚝𝚑𝚎 𝚋𝚎𝚕𝚘𝚠 𝚊𝚍𝚍𝚛𝚎𝚜𝚜:

1LdJv9VGFMFdiTc4ckb*WZZNbwkPXG52bep
[𝙲𝙰𝚂𝙴 𝚂𝙴𝙽𝚂𝙸𝚃𝙸𝚅𝙴 𝚜𝚘 𝚌𝚘𝚙𝚢 𝚊𝚗𝚍 𝚙𝚊𝚜𝚝𝚎 𝚒𝚝, 𝚊𝚗𝚍 𝚛𝚎𝚖𝚘𝚟𝚎 * 𝚏𝚛𝚘𝚖 𝚒𝚝]

(𝙸𝚏 𝚢𝚘𝚞 𝚍𝚘𝚗’𝚝 𝚞𝚗𝚍𝚎𝚛𝚜𝚝𝚊𝚗𝚍 𝚑𝚘𝚠, 𝚐𝚘𝚘𝚐𝚕𝚎 𝚑𝚘𝚠 𝚝𝚘 𝚊𝚌𝚚𝚞𝚒𝚛𝚎 𝚋𝚒𝚝𝚌𝚘𝚒𝚗. 𝙳𝚘 𝚗𝚘𝚝 𝚠𝚊𝚜𝚝𝚎 𝚖𝚢 𝚙𝚛𝚎𝚌𝚒𝚘𝚞𝚜 𝚝𝚒𝚖𝚎)

𝙸𝚏 𝚢𝚘𝚞 𝚜𝚎𝚗𝚍 𝚝𝚑𝚒𝚜 𝚙𝚊𝚛𝚝𝚒𝚌𝚞𝚕𝚊𝚛 ‘𝚍𝚘𝚗𝚊𝚝𝚒𝚘𝚗’ (𝚠𝚑𝚢 𝚍𝚘𝚗’𝚝 𝚠𝚎 𝚌𝚊𝚕𝚕 𝚒𝚝 𝚝𝚑𝚊𝚝?). 𝙰𝚏𝚝𝚎𝚛 𝚝𝚑𝚊𝚝, 𝙸 𝚠𝚒𝚕𝚕 𝚐𝚘 𝚊𝚠𝚊𝚢 𝚊𝚗𝚍 𝚗𝚎𝚟𝚎𝚛 𝚎𝚟𝚎𝚛 𝚌𝚘𝚗𝚝𝚊𝚌𝚝 𝚢𝚘𝚞 𝚊𝚐𝚊𝚒𝚗. 𝙸 𝚠𝚒𝚕𝚕 𝚎𝚛𝚊𝚜𝚎 𝚎𝚟𝚎𝚛𝚢𝚝𝚑𝚒𝚗𝚐 𝙸 𝚑𝚊𝚟𝚎 𝚒𝚗 𝚛𝚎𝚕𝚊𝚝𝚒𝚘𝚗 𝚝𝚘 𝚢𝚘𝚞. 𝚈𝚘𝚞 𝚖𝚊𝚢 𝚌𝚊𝚛𝚛𝚢 𝚘𝚗 𝚕𝚒𝚟𝚒𝚗𝚐 𝚢𝚘𝚞𝚛 𝚛𝚎𝚐𝚞𝚕𝚊𝚛 𝚍𝚊𝚢 𝚝𝚘 𝚍𝚊𝚢 𝚕𝚒𝚏𝚎 𝚠𝚒𝚝𝚑 𝚊𝚋𝚜𝚘𝚕𝚞𝚝𝚎𝚕𝚢 𝚗𝚘 𝚜𝚝𝚛𝚎𝚜𝚜.

𝚈𝚘𝚞’𝚟𝚎 𝚐𝚘𝚝 𝟷 𝚍𝚊𝚢 𝚝𝚘 𝚍𝚘 𝚜𝚘. 𝚈𝚘𝚞𝚛 𝚝𝚒𝚖𝚎 𝚠𝚒𝚕𝚕 𝚋𝚎𝚐𝚒𝚗 𝚊𝚜 𝚜𝚘𝚘𝚗 𝚢𝚘𝚞 𝚐𝚘 𝚝𝚑𝚛𝚘𝚞𝚐𝚑 𝚝𝚑𝚒𝚜 𝚎𝚖𝚊𝚒𝚕. 𝙸 𝚑𝚊𝚟𝚎 𝚊𝚗 𝚜𝚙𝚎𝚌𝚒𝚊𝚕 𝚙𝚛𝚘𝚐𝚛𝚊𝚖 𝚌𝚘𝚍𝚎 𝚝𝚑𝚊𝚝 𝚠𝚒𝚕𝚕 𝚒𝚗𝚏𝚘𝚛𝚖 𝚖𝚎 𝚘𝚗𝚌𝚎 𝚢𝚘𝚞 𝚜𝚎𝚎 𝚝𝚑𝚒𝚜 𝚎-𝚖𝚊𝚒𝚕 𝚝𝚑𝚎𝚛𝚎𝚏𝚘𝚛𝚎 𝚍𝚘𝚗’𝚝 𝚝𝚛𝚢 𝚝𝚘 𝚙𝚕𝚊𝚢 𝚜𝚖𝚊𝚛𝚝.

They had been scared though they knew there was no delicate info which the hacker may have accessed. After I bought their name explaining this e-mail I used to be a bit confused. They requested me how the hacker discovered their e-mail and password and I wasn’t positive. I began performing some digging and shortly realized that that is non-trivial. On this publish, I’m going to clarify how a hacker would get entry to your e-mail and password (with out even hacking something) and also you undoubtedly shouldn’t ship any bitcoins to the hacker.

How hackers bought your e-mail/password

The hackers get entry to a public dump of usernames, emails, and hashed passwords (amongst different issues) from totally different web site hacks. There have been quite a few excessive profile hacks within the final couple of years and the hackers often put the hacked databases on-line. These databases often include hashed passwords and over time folks (hackers and safety professionals) can reverse these hashed passwords and get entry to plain-text passwords. Normally, these plaintext passwords additionally discover their solution to on-line database dumps.

Now as soon as the hackers have entry to the emails and unhashed passwords, they mass e-mail all of those customers asking them for cash. They often put the passwords within the topic of the e-mail simply to be sure that their e-mail catches the eye of the hacked consumer. The consumer reads their password and assumes that the hacker has entry to extra compromising details about them.

Over the past couple of years a number of the excessive profile breaches are:

Have I Been Pawned?

Now you may be questioning whether or not your e-mail and password had been ever uncovered on-line as a part of a hack. You aren’t the one one questioning that. Troy Hunt (a safety researcher) runs an internet service, HaveIBeenPawned, the place you’ll be able to sort in your e-mail and it’ll checklist all of the totally different web site breaches wherein your e-mail might need been uncovered.

Have I Been Pawned is a dependable and reliable service and also you don’t must enter your password wherever. You simply sort in your e-mail that’s it.

I looked for my e-mail on Have I Been Pawned and discovered that my particulars had been leaked as a part of 9 separate web site breaches.

Please use password managers

In case your e-mail is listed as having been leaked as a part of a breach it is best to go forward and be sure to change the password on all of the providers the place that e-mail is used. One of the best ways to do this is to make use of a password supervisor. These instruments can help you set robust and random passwords to your on-line accounts after which save them in a database. You solely have to recollect one grasp password to your e-mail supervisor after which you’ll be able to simply see all the opposite saved passwords.

That is safer as a result of the password supervisor permits you to create distinctive passwords for every service so even when a web site is hacked you don’t have to return and alter your password on all different providers. Furthermore, the password managers be sure that your passwords are saved in such a method that even when the password supervisor itself is hacked your saved plaintext passwords aren’t leaked to the general public.

There are quite a few simple to make use of password managers on the market:

Please keep protected and be sure that earlier than you ship any cash to hackers you do your due diligence. In virtually 99.99% of the circumstances, hackers are simply utilizing public breach information to extort cash from unsuspecting customers and don’t have some other of your information. In an identical spirit, COVID-19 associated spam emails have been making rounds as effectively. Keep educated and don’t fall for the entice of really sending any cash to those folks.

I hope you realized a factor or two on this publish. I’ll see you quickly ❤️ 👋