For some time now, I have been a loyal LastPass customer. Passwords can be tricky and a serious issue to keep track of. However recently I came across an unexpected advantage of using such a password manager.
On the 22nd of October 2018 I received the following email:
My nickname in darknet is zippy82.
I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
So, your password from REDACTED is vj5twntysofa
Even if you changed the password after that — it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.
I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.
I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!
During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!
I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $857 is quite a fair price to destroy the dirt I created.
Send the above amount on my BTC wallet (bitcoin): 1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.
Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I’ll send to everyone your contact access to your email and access logs, I have carefully saved it!
Since reading this letter you have 48 hours!
After your reading this message, I’ll receive an automatic notification that you have seen the letter.
I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don’t enter your passwords anywhere!
Many people have started receiving these. In fact, around this time the emails started including a password in an attempt to validate claims that your PC had been compromised. In this instance there are a couple of problems.
- I have never used the supplied password for my email account.
- I use a password manager.
- I had no idea what that password was for (I don't need too, see 2)
This got me thinking. I actually trusted that this is indeed a password I had used but did not know for what site. I always let my password manager choose my passwords and never remember them.
In steps LastPass. LastPass has functionality that alows you to create an export of your database, therefore I performed an export of my password list. No matter how hard you try, changing passwords is a laborious task that often takes a back seat. Luckily, in this case, the password was for a site I had neglected. I could be safe in the knowledge the password was unique due to the format and that it was clearly created by a password manager.
The site in question had not notified me that my account had been compromised, therefore I emailed the owner, to which I received a prompt reply advising that they were not aware of a breach, they are built on another sites platform and will begin an investigation.
Finally, after 6 weeks of waiting (06/12/2018) I finally received the following email:
Dear Peter McDonald,
We are writing to inform you of a suspected data breach involving accounts created between September 17, 2013 and November 21, 2015. We have reason to suspect that personal information related to accounts on Edurila (joined 2014–12–13) may have been compromised. This includes the email addresses and passwords associated with the school’s Teachable (formerly Fedora) account.
As a precaution we are enforcing password resets for potentially affected users.
You can reset your password here: https://sso.teachable.com/secure/teachable_accounts/password/new
If you happen to use this password with any other service, we highly recommend updating your password there as well.
We apologize for the inconvenience, and thank you for your understanding in helping us keep Teachable safe.
Moral of the story. If you receive one of these emails, take a look at the password that is mentioned. If it is unique, investigate where you used it and ensure that the site has been notified. By taking such action you can help identify breaches and to ensure that those affected can be notified.
If you are not already doing so, ensure that you are using a password manager such as LastPass or 1Password. Both supply browser plugins and mobile apps that help you no matter what type of device you are on.
If you would like to know how too export your LastPass database I have written a quick guide entitled “Exporting Your LastPass Data”