Hi, I just received following scam email with my real (old) password in the subject line.
The first lines of text are as follows:
"I'm going to cut to the chase. I'm aware xxx is your pass word. Most importantly, I know your secret and I've proof of your secret. You don't know me and nobody paid me to investigate you. "
Blabla...
Demanding $1900.
I found this site has other variants of the scam email:
https://krypt3ia.wordpress.com/2018/07/16/extortion-phish-your-password-is-xxxx/I'm currently trying to find out which of the site leaked that password. I'm suspecting the linkedin.com leak, where I used that password, but some linkedin leak checkers do not list that password. I can't remember if I used same password elsewhere (I think not).
The site
https://haveibeenpwned.com/ and
https://haveibeenpwned.com/Passwords lists both my mail and password as leaked and about 4 lists (datasets) are included.
I'm trying to download the various SHA1 password datasets and figure out what leak was that. Linkedin is my prime suspect now.