Bitcoin Forum
September 21, 2018, 01:15:58 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [2018-04-12]This site will leak your password to everyone unless you donate Btc  (Read 56 times)
vit05
Sr. Member
****
Offline Offline

Activity: 406
Merit: 289



View Profile WWW
April 12, 2018, 07:39:42 PM
 #1

nextweb

This is pretty nasty. Someone has built a malicious copycat of the popular breach database Have I Been Pwned that will reveal your password in plaintext – unless you pay up a cryptocurrency ransom in Bitcoin, Ethereum, Bitcoin Cash, or Litecoin.

Just like Have I Been Pwned, the malicious copycat will let you check whether your associated email address has been breached in the past. The disturbing part is that it will also display leaked passwords of such compromised accounts. The website then asks users for a one-off $10 donation in cryptocurrency to hide the passwords.

According to the instructions on the website, leaked passwords will only be removed after users have successfully provided proof of payment. It is worth nothing that – depending on how widely you used your passphrase – it might be faster to update your old password than to pay up the ransom.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
1537492558
Hero Member
*
Offline Offline

Posts: 1537492558

View Profile Personal Message (Offline)

Ignore
1537492558
Reply with quote  #2

1537492558
Report to moderator
1537492558
Hero Member
*
Offline Offline

Posts: 1537492558

View Profile Personal Message (Offline)

Ignore
1537492558
Reply with quote  #2

1537492558
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537492558
Hero Member
*
Offline Offline

Posts: 1537492558

View Profile Personal Message (Offline)

Ignore
1537492558
Reply with quote  #2

1537492558
Report to moderator
1537492558
Hero Member
*
Offline Offline

Posts: 1537492558

View Profile Personal Message (Offline)

Ignore
1537492558
Reply with quote  #2

1537492558
Report to moderator
squatter
Hero Member
*****
Offline Offline

Activity: 896
Merit: 601


STOP SNITCHIN'


View Profile
April 12, 2018, 08:13:48 PM
 #2

nextweb

This is pretty nasty. Someone has built a malicious copycat of the popular breach database Have I Been Pwned that will reveal your password in plaintext – unless you pay up a cryptocurrency ransom in Bitcoin, Ethereum, Bitcoin Cash, or Litecoin.

Just like Have I Been Pwned, the malicious copycat will let you check whether your associated email address has been breached in the past. The disturbing part is that it will also display leaked passwords of such compromised accounts. The website then asks users for a one-off $10 donation in cryptocurrency to hide the passwords.

According to the instructions on the website, leaked passwords will only be removed after users have successfully provided proof of payment. It is worth nothing that – depending on how widely you used your passphrase – it might be faster to update your old password than to pay up the ransom.

What they're doing is pretty reprehensible, but it's probably not actually a big deal. It's mostly just riding the coattails of the ransomware craze and duping dumb people. If you're info is already on Have I Been Pwned, then it should be considered completely compromised. It's all data from past breaches, a lot of which goes back many years.

This will hurt some people who are very sloppy about their security, but those same people will compromise themselves in various other ways anyway. Fortunately for them, a lot of services like banks, Amazon, etc. are now monitoring for customer information involved in these data breaches and prompting customers to update passwords.

hatshepsut93
Hero Member
*****
Offline Offline

Activity: 910
Merit: 600


Vires in numeris


View Profile
April 12, 2018, 11:41:57 PM
 #3

It's an extremely dumb idea to pay them to hide your password, because first you have to trust that they will actually do it and second, if they know it, than a whole lot of other hackers also do, because they sell this kind of databases to each other on a daily basis. If the password is stored in plaintext, than it either means that the original password was so weak that it got cracked or that some site was storing it in plaintext in the first place - these two possibilities already mean huge security flaws and paying $10 won't solve them.

bbc.reporter
Hero Member
*****
Online Online

Activity: 868
Merit: 516



View Profile
April 13, 2018, 12:09:33 AM
 #4

The good thing is that it appears the platform does not store plaintext passwords for all compromised accounts found in its database.

Could this also be a trick to scare you? They can mix in the compromised accounts with accounts they do not have the passwords to but pretend they do. That's an easy $10 extorted per person. How can they prove that they can have access to your account? What would stop me from changing my passwords today?

Also, most email accounts today do not contain important information anymore, only social media notifications hehehe.



       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██

       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
.Better. Quick..

.Transparent....






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
1Referee
Legendary
*
Offline Offline

Activity: 1638
Merit: 1196


View Profile
April 13, 2018, 07:36:00 AM
 #5

It's an extremely dumb idea to pay them to hide your password, because first you have to trust that they will actually do it and second, if they know it, than a whole lot of other hackers also do, because they sell this kind of databases to each other on a daily basis. If the password is stored in plaintext, than it either means that the original password was so weak that it got cracked or that some site was storing it in plaintext in the first place - these two possibilities already mean huge security flaws and paying $10 won't solve them.

You know this, and I know this. However, many of the regulars don't know what to do or have any idea about how things like this work. I checked the email address of relatives and surprised them with mentioning what sites they registered on. Their response was how did I know they were registered there, and what the first or last letters of their passwords were, etc. At that point they started to panic, and people who panic are desperate and very likely to pay to get themselves "removed" from these databases. People here often blame regulars for not understanding Bitcoin, but they fail to understand that regulars don't even understand the basics of the internet. I would say that spreading awareness and knowledge is the best thing that you can do within your own environment. Not everyone knows how to deal with these things.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!