Website Threatens To Make Email Password Public, Demands Bitcoin as Ransom
In another attempt to leak confidential personal data, an anonymous developer has built a malicious copy of the famous breached passwords database “Have I been pwned.”
Fraudsters ‘Hijack’ Passwords
Similar to “Have I Been Pwned,” the malware initially lets one check if his/her associated email address has been breached previously. However, it also shows leaked passwords of the breached accounts, before asking the legitimate owner to make a one-time donation of $10 in bitcoin to hide the passwords.
As mentioned in the instructions on the website, the leaked passwords will only be removed once the owner has made the payment and successfully shows proof of the same. It has been confirmed that this website does indeed contain a database with legitimate passwords.
1.4 Billion Accounts Reportedly Compromised
Although it is still unclear as to the quantity of compromised data the website has, estimates suggest around 1.4 billion accounts and associated passwords have been breached. Journalist Daniël Verlaan said the site uses the same database as the popular breach lookup service Gotcha.
As advice, BTCManager suggests all account holders update their passwords before the malicious website gets a hold of the existing information and compromises the security of users accounts.
“Smart” Scammer Dupes Investors Of ETH
On April 12, 2018, a Twitter user posted the details of a new scam that made its way to Telegram groups. The tweet went viral, as the alleged scammer made use of a smart contract to extort money, in a first-of-its-kind incident.
In a bid to steal the MNE, greedy Telegram users, presumably scammers themselves, quickly sent ETH to the private wallet which then diverted the received coins to another account, courtesy of an inbuilt smart contract.
Twitter users expressed surprise over the scammer’s methods, with some terming the use of a smart contract as “brilliant.”