Lockdown hacking, blackmail and security
- Tessa K
- Light of Blast
- Posts: 4734
- Joined: Tue Nov 12, 2019 5:07 pm
- Location: Closer than you'd like
Lockdown hacking, blackmail and security
Is anyone else having more problems with security? I just got my first ever email from someone saying they'd got my Facebook password (which they had) and would reveal all my embarrassing secrets if I didn't pay them. I've now changed the pw. The end of the email said 'if you don't know how to buy bitcoin, don't waste my time'. Huh?
A friend of mine who works in security in the City said that hacking etc has gone up a lot since lockdown.
I've also noticed that the cold calls I got on my landline (despite being signed up to the Telephone Preference Service) have completely stopped. I suspect that's because before lockdown they came during the day when it would be mostly old people at home, who are considered more susceptible to con men calling. Now we're all home.
Anyway, I don't keep my embarrassing stuff on FB, it's in a box under the floorboards.
A friend of mine who works in security in the City said that hacking etc has gone up a lot since lockdown.
I've also noticed that the cold calls I got on my landline (despite being signed up to the Telephone Preference Service) have completely stopped. I suspect that's because before lockdown they came during the day when it would be mostly old people at home, who are considered more susceptible to con men calling. Now we're all home.
Anyway, I don't keep my embarrassing stuff on FB, it's in a box under the floorboards.
Last edited by Stephanie on Thu May 14, 2020 9:46 am, edited 1 time in total.
Reason: Moved from Weighty Matters
Reason: Moved from Weighty Matters
-
- After Pie
- Posts: 2029
- Joined: Mon Nov 25, 2019 1:23 pm
Re: Lockdown hacking, blackmail and security
As long as it is safe, so you can use it in your memoirs.
Masking forever
Putin is a monster.
Russian socialism will rise again
Putin is a monster.
Russian socialism will rise again
-
- Stargoon
- Posts: 127
- Joined: Mon Nov 11, 2019 4:44 pm
- Location: Stourbridge
Re: Lockdown hacking, blackmail and security
I have had a few of those Tessa, the last two said they had my password, they had a password I once used for Facebook but changed it some years ago.Tessa K wrote: ↑Thu Apr 23, 2020 11:31 amIs anyone else having more problems with security? I just got my first ever email from someone saying they'd got my Facebook password (which they had) and would reveal all my embarrassing secrets if I didn't pay them. I've now changed the pw. The end of the email said 'if you don't know how to buy bitcoin, don't waste my time'. Huh?
A friend of mine who works in security in the City said that hacking etc has gone up a lot since lockdown.
I've also noticed that the cold calls I got on my landline (despite being signed up to the Telephone Preference Service) have completely stopped. I suspect that's because before lockdown they came during the day when it would be mostly old people at home, who are considered more susceptible to con men calling. Now we're all home.
Anyway, I don't keep my embarrassing stuff on FB, it's in a box under the floorboards.
There is something here about it, dated July 2018. https://www.businessinsider.com/new-ema ... ?r=US&IR=T
- Bird on a Fire
- Princess POW
- Posts: 10142
- Joined: Fri Oct 11, 2019 5:05 pm
- Location: Portugal
Re: Lockdown hacking, blackmail and security
You can check which of your accounts have been compromised here https://haveibeenpwned.com/ - it searches leaked files of user accounts for the email address you enter.
Worth changing your password for any that appear on that list.
Worth changing your password for any that appear on that list.
We have the right to a clean, healthy, sustainable environment.
- Tessa K
- Light of Blast
- Posts: 4734
- Joined: Tue Nov 12, 2019 5:07 pm
- Location: Closer than you'd like
Re: Lockdown hacking, blackmail and security
That's useful, thanks. It shows how long it is since I changed my FB password. I knew there was nothing 'embarrassing' they could have on me but I was concerned about my security online generally so it was a salutary reminder about password management.Blackcountryboy wrote: ↑Thu Apr 23, 2020 2:22 pmI have had a few of those Tessa, the last two said they had my password, they had a password I once used for Facebook but changed it some years ago.Tessa K wrote: ↑Thu Apr 23, 2020 11:31 amIs anyone else having more problems with security? I just got my first ever email from someone saying they'd got my Facebook password (which they had) and would reveal all my embarrassing secrets if I didn't pay them. I've now changed the pw. The end of the email said 'if you don't know how to buy bitcoin, don't waste my time'. Huh?
A friend of mine who works in security in the City said that hacking etc has gone up a lot since lockdown.
I've also noticed that the cold calls I got on my landline (despite being signed up to the Telephone Preference Service) have completely stopped. I suspect that's because before lockdown they came during the day when it would be mostly old people at home, who are considered more susceptible to con men calling. Now we're all home.
Anyway, I don't keep my embarrassing stuff on FB, it's in a box under the floorboards.
There is something here about it, dated July 2018. https://www.businessinsider.com/new-ema ... ?r=US&IR=T
Re: Lockdown hacking, blackmail and security
The haveibeenpwned site tells my that I was pwned by a data breach from MyFitnessPal, which would be very peculiar because thats a service/app I've never used. I guess someone else could have signed up to their service using my email address, but that would be peculiar too. I've just checked my email, and sure enough I did get an alert from MyFitnessPal about two years ago, telling me about the breach.Bird on a Fire wrote: ↑Thu Apr 23, 2020 3:26 pmYou can check which of your accounts have been compromised here https://haveibeenpwned.com/ - it searches leaked files of user accounts for the email address you enter.
Worth changing your password for any that appear on that list.
- Bird on a Fire
- Princess POW
- Posts: 10142
- Joined: Fri Oct 11, 2019 5:05 pm
- Location: Portugal
Re: Lockdown hacking, blackmail and security
I think the same account is used for some other fitness apps, like Endomondo, if you've used that?Nero wrote: ↑Thu Apr 23, 2020 3:49 pmThe haveibeenpwned site tells my that I was pwned by a data breach from MyFitnessPal, which would be very peculiar because thats a service/app I've never used. I guess someone else could have signed up to their service using my email address, but that would be peculiar too. I've just checked my email, and sure enough I did get an alert from MyFitnessPal about two years ago, telling me about the breach.Bird on a Fire wrote: ↑Thu Apr 23, 2020 3:26 pmYou can check which of your accounts have been compromised here https://haveibeenpwned.com/ - it searches leaked files of user accounts for the email address you enter.
Worth changing your password for any that appear on that list.
We have the right to a clean, healthy, sustainable environment.
- shpalman
- Princess POW
- Posts: 8317
- Joined: Mon Nov 11, 2019 12:53 pm
- Location: One step beyond
- Contact:
Re: Lockdown hacking, blackmail and security
The point is that you should change your password on any site you use for which you were using the same password, if you were in the habit of using the same password on different sites (and then get out of that habit).Bird on a Fire wrote: ↑Thu Apr 23, 2020 3:26 pmYou can check which of your accounts have been compromised here https://haveibeenpwned.com/ - it searches leaked files of user accounts for the email address you enter.
Worth changing your password for any that appear on that list.
having that swing is a necessary but not sufficient condition for it meaning a thing
@shpalman@mastodon.me.uk
@shpalman@mastodon.me.uk
- Little waster
- After Pie
- Posts: 2385
- Joined: Tue Nov 12, 2019 12:35 am
- Location: About 1 inch behind my eyes
Re: Lockdown hacking, blackmail and security
My rarely used Amazon account got hacked last month and the hacker locked me out of it and as it very conveniently stores your card details someone has been having a jolly time ordering random things and signing up to Dutch Netflix accounts.
Of course with the lockdown it took hours to get through to the bank to actually cancel the compromised card.
What has then followed is a month of kafkaesque conversations with Amazon where I had to set up a new account to report that the first one had been hacked and then have the same circular conversation with a variety of call centre staff regarding my inability to access my account because it has been hacked so therefore I can't change it's password, email address, or phone numbers because its been hacked and no I can't receive OTPs because you keep texting them to the hacker and no I can't tell you what the last purchase was because my account has been hacked.
Luckily it is only Amazon so it is just as well I can pop to the shops for anything I need ... oh.
Of course with the lockdown it took hours to get through to the bank to actually cancel the compromised card.
What has then followed is a month of kafkaesque conversations with Amazon where I had to set up a new account to report that the first one had been hacked and then have the same circular conversation with a variety of call centre staff regarding my inability to access my account because it has been hacked so therefore I can't change it's password, email address, or phone numbers because its been hacked and no I can't receive OTPs because you keep texting them to the hacker and no I can't tell you what the last purchase was because my account has been hacked.
Luckily it is only Amazon so it is just as well I can pop to the shops for anything I need ... oh.
This place is not a place of honor, no highly esteemed deed is commemorated here, nothing valued is here.
What is here was dangerous and repulsive to us.
This place is best shunned and left uninhabited.
What is here was dangerous and repulsive to us.
This place is best shunned and left uninhabited.
- Bird on a Fire
- Princess POW
- Posts: 10142
- Joined: Fri Oct 11, 2019 5:05 pm
- Location: Portugal
Re: Lockdown hacking, blackmail and security
Good point - that's what I meant to sayshpalman wrote: ↑Thu Apr 23, 2020 4:14 pmThe point is that you should change your password on any site you use for which you were using the same password, if you were in the habit of using the same password on different sites (and then get out of that habit).Bird on a Fire wrote: ↑Thu Apr 23, 2020 3:26 pmYou can check which of your accounts have been compromised here https://haveibeenpwned.com/ - it searches leaked files of user accounts for the email address you enter.
Worth changing your password for any that appear on that list.
I am a shameless password-recycler for the majority of accounts I use, because I'd never remember them all otherwise (although these days it's getting hard to remember which sites want a number and special character vs just a number etc). My computers and primary email have stronger exceptions, but beyond that I'm not enormously worried if somebody can log into my facebook or whatever. There's nothing of interest there anyway.
I should probably look into using a properly secure online password manager, if such a thing can be relied upon to exist, but I don't like the idea of having a single central vulnerability, whether third-party (and therefore hackable) or local (and therefore reliant on my cheap/old/sh.t hardware not failing and/or remembering to back up regularly).
If people want to rearrange my pinterest board or look at naked photos or mod the scrutable forum, good luck to them.
We have the right to a clean, healthy, sustainable environment.
- Bird on a Fire
- Princess POW
- Posts: 10142
- Joined: Fri Oct 11, 2019 5:05 pm
- Location: Portugal
Re: Lockdown hacking, blackmail and security
Yeah I've stopped storing cards on Amazon after I noticed they'll allow you to use the same cards repeatedly without asking for a CCV or anything. Seems totally insecure.Little waster wrote: ↑Thu Apr 23, 2020 4:25 pmMy rarely used Amazon account got hacked last month and the hacker locked me out of it and as it very conveniently stores your card details someone has been having a jolly time ordering random things and signing up to Dutch Netflix accounts.
We have the right to a clean, healthy, sustainable environment.
Re: Lockdown hacking, blackmail and security
Nope, I've never used any fitness apps/services of any flavour.Bird on a Fire wrote: ↑Thu Apr 23, 2020 4:12 pmI think the same account is used for some other fitness apps, like Endomondo, if you've used that?
Re: Lockdown hacking, blackmail and security
I've used the free version of LastPass for years and would highly recommend it. Easy to use, I've got the extension on my browsers and the app on my phone and tablet so all I need to remember is one password and it does the rest. I'm a bit lax at changing my passwords but thanks to this this thread I've just updated my main ones.
it's okay to say "I don't know"
- science_fox
- Snowbonk
- Posts: 513
- Joined: Mon Nov 11, 2019 1:34 pm
- Location: Manchester
Re: Lockdown hacking, blackmail and security
Note - many websites let you login using your FB account. It's not just about what's on FB but ti's also all of your contacts who may trust a link sent under your name, but also anything you use FB to login to.Tessa K wrote: ↑Thu Apr 23, 2020 11:31 amIs anyone else having more problems with security? I just got my first ever email from someone saying they'd got my Facebook password (which they had) and would reveal all my embarrassing secrets if I didn't pay them. I've now changed the pw. The end of the email said 'if you don't know how to buy bitcoin, don't waste my time'. Huh?
A friend of mine who works in security in the City said that hacking etc has gone up a lot since lockdown.
I've also noticed that the cold calls I got on my landline (despite being signed up to the Telephone Preference Service) have completely stopped. I suspect that's because before lockdown they came during the day when it would be mostly old people at home, who are considered more susceptible to con men calling. Now we're all home.
Anyway, I don't keep my embarrassing stuff on FB, it's in a box under the floorboards.
Can anyone explain very simply to a not very IT savvy person how password managers work in practice?
I'm not afraid of catching Covid, I'm afraid of catching idiot.
Re: Lockdown hacking, blackmail and security
I'm not very IT savvy person but the way it seems to work - and I'm happy to be corrected - is that a password-protected list of passwords with a few extra bells and whistles. Every time you make a new password for a site it asks if you want to save it and then next time you're on the site it recognises that and logs in for you. If they get hacked then obviously you're vulnerable but I've not heard of any cases of that happening and because they're designed to keep passwords secure I'm guessing - fervently hoping - that they have all sorts of tech that is designed to prevent breaches. They're a more sophisticated version of using a password-protected document or carrying around a notebook of passwords.science_fox wrote: ↑Thu Apr 23, 2020 8:41 pmCan anyone explain very simply to a not very IT savvy person how password managers work in practice?
it's okay to say "I don't know"
Re: Lockdown hacking, blackmail and security
I use Password Safe, which is an offline password manager.
Install software. Choose a memorable passphrase for it. Whenever a new site wants to create an account, you create a new entry in PWS with the name of the site and your username, and tell it to create a password* for you. When you need to login to a site, open PWS (entering your passphrase), scroll down to the site you want, and press Ctrl+C, then paste it into the website.
Make lots and lots of backups of the PWS database file.
A bit of a faff but if you let your browser remember the password to unimportant sites (Scrutable) it's not particularly burdensome. If there's a site you use frequently but which is security-critical (webmail, bank) you might be better using high-quality unique passphrases for them.
*You can specify the rules for the password, and I think I go with 20-character alphanumeric ones which are strong enough.
I believe LastPass and online managers streamline this a bit, but have larger but still hopefully small risk of being compromised. But I started used PWS before those were invented (or before I heard of them) so I never bothered changing.
Install software. Choose a memorable passphrase for it. Whenever a new site wants to create an account, you create a new entry in PWS with the name of the site and your username, and tell it to create a password* for you. When you need to login to a site, open PWS (entering your passphrase), scroll down to the site you want, and press Ctrl+C, then paste it into the website.
Make lots and lots of backups of the PWS database file.
A bit of a faff but if you let your browser remember the password to unimportant sites (Scrutable) it's not particularly burdensome. If there's a site you use frequently but which is security-critical (webmail, bank) you might be better using high-quality unique passphrases for them.
*You can specify the rules for the password, and I think I go with 20-character alphanumeric ones which are strong enough.
I believe LastPass and online managers streamline this a bit, but have larger but still hopefully small risk of being compromised. But I started used PWS before those were invented (or before I heard of them) so I never bothered changing.
Re: Lockdown hacking, blackmail and security
I use the Chrome password manager as it works seamlessly across my android phone, PC and laptop. It remembers passwords when you first enter them, and pre-fills them when you are logging in again. It also generates randomised passwords when logging in to a new site, which avoids the temptation to have the same password for multiple sites.
You can check what password you have for each site via the browser 'settings' tab - which is helpful if an earlier password is shown to have been hacked (particularly if it's one that you might have reused).
You can check what password you have for each site via the browser 'settings' tab - which is helpful if an earlier password is shown to have been hacked (particularly if it's one that you might have reused).
My avatar was a scientific result that was later found to be 'mistaken' - I rarely claim to be 100% correct
ETA 5/8/20: I've been advised that the result was correct, it was the initial interpretation that needed to be withdrawn
Meta? I'd say so!
ETA 5/8/20: I've been advised that the result was correct, it was the initial interpretation that needed to be withdrawn
Meta? I'd say so!
-
- After Pie
- Posts: 2029
- Joined: Mon Nov 25, 2019 1:23 pm
Re: Lockdown hacking, blackmail and security
So is it safer than sites that store your passwords online but are encrypted?Sciolus wrote: ↑Thu Apr 23, 2020 9:15 pmI use Password Safe, which is an offline password manager.
Install software. Choose a memorable passphrase for it. Whenever a new site wants to create an account, you create a new entry in PWS with the name of the site and your username, and tell it to create a password* for you. When you need to login to a site, open PWS (entering your passphrase), scroll down to the site you want, and press Ctrl+C, then paste it into the website.
Make lots and lots of backups of the PWS database file.
A bit of a faff but if you let your browser remember the password to unimportant sites (Scrutable) it's not particularly burdensome. If there's a site you use frequently but which is security-critical (webmail, bank) you might be better using high-quality unique passphrases for them.
*You can specify the rules for the password, and I think I go with 20-character alphanumeric ones which are strong enough.
I believe LastPass and online managers streamline this a bit, but have larger but still hopefully small risk of being compromised. But I started used PWS before those were invented (or before I heard of them) so I never bothered changing.
Do you have to have one for each of your devices?
It seems like a good idea if it works and a really bad one if some hacker breaches it.
Masking forever
Putin is a monster.
Russian socialism will rise again
Putin is a monster.
Russian socialism will rise again
- Tessa K
- Light of Blast
- Posts: 4734
- Joined: Tue Nov 12, 2019 5:07 pm
- Location: Closer than you'd like
Re: Lockdown hacking, blackmail and security
I now store passwords on a bit of paper hidden away. No one's going to hack that.
ETA Oops, just remembered to change my Amazon pw too. I don't log into anything else using my FB account.
ETA Oops, just remembered to change my Amazon pw too. I don't log into anything else using my FB account.
Re: Lockdown hacking, blackmail and security
I am one step more paranoid and have two bits of paper. One lists what the other's passwords are for. Too anally retentive? No, that would be keeping one in the left sock drawer and one in the right.
Yes, I appreciate that the extra security this affords is essentially nothing.
Still, there are a few key passwords which are only in my head so even if you get the list you don't get to log into my phone or laptop, nor my Gmail, bank, PayPal, Microsoft, Facebook (actually I suspect I've forgotten that one, which will be a bridge to cross in due course).
- Tessa K
- Light of Blast
- Posts: 4734
- Joined: Tue Nov 12, 2019 5:07 pm
- Location: Closer than you'd like
Re: Lockdown hacking, blackmail and security
If you've forgotten the FB one they will email you a code to put in to change it. Or text you, however you've set it up.Martin Y wrote: ↑Fri Apr 24, 2020 11:22 amI am one step more paranoid and have two bits of paper. One lists what the other's passwords are for. Too anally retentive? No, that would be keeping one in the left sock drawer and one in the right.
Yes, I appreciate that the extra security this affords is essentially nothing.
Still, there are a few key passwords which are only in my head so even if you get the list you don't get to log into my phone or laptop, nor my Gmail, bank, PayPal, Microsoft, Facebook (actually I suspect I've forgotten that one, which will be a bridge to cross in due course).
- Bird on a Fire
- Princess POW
- Posts: 10142
- Joined: Fri Oct 11, 2019 5:05 pm
- Location: Portugal
Re: Lockdown hacking, blackmail and security
There are a few websites - Student Loans comes to mind - where I can never remember the passwords so I have to rely on resetting it every time I have to log in (annually, to confirm that I'm still in higher education and therefore exempt from repayments). In that case it's because they make you answer some pre-set security questions, and I honestly can't remember who I claimed was my "favourite teacher" or "favourite colour" in 2008.Tessa K wrote: ↑Fri Apr 24, 2020 11:31 amIf you've forgotten the FB one they will email you a code to put in to change it. Or text you, however you've set it up.Martin Y wrote: ↑Fri Apr 24, 2020 11:22 amI am one step more paranoid and have two bits of paper. One lists what the other's passwords are for. Too anally retentive? No, that would be keeping one in the left sock drawer and one in the right.
Yes, I appreciate that the extra security this affords is essentially nothing.
Still, there are a few key passwords which are only in my head so even if you get the list you don't get to log into my phone or laptop, nor my Gmail, bank, PayPal, Microsoft, Facebook (actually I suspect I've forgotten that one, which will be a bridge to cross in due course).
Portuguese banks make you choose multiple pass-numbers of different lengths (between the two banks I use I have 4, 5, 6, 9, 10 and 12 digit numbers I occasionally need). Obviously I have them all written down, in plain text, on the notes app of my phone. OTOH my accounts only have money in for the first week of every month, so if someone hacks me they have a 75% chance of getting nothing.
We have the right to a clean, healthy, sustainable environment.
- Brightonian
- Dorkwood
- Posts: 1447
- Joined: Mon Nov 11, 2019 3:16 pm
- Location: Usually UK, often France and Ireland
Re: Lockdown hacking, blackmail and security
I did the same for my father not long after he declared he was going to use the same password for everything. So now he has one notebook with entries for Gmail, Amazon etc. that each have a reference no. corresponding to an entry in another, hidden notebook that has passwords, CVV nos., account nos. etc. Works well for my technophobe father.Martin Y wrote: ↑Fri Apr 24, 2020 11:22 amI am one step more paranoid and have two bits of paper. One lists what the other's passwords are for. Too anally retentive? No, that would be keeping one in the left sock drawer and one in the right.
Yes, I appreciate that the extra security this affords is essentially nothing.
Still, there are a few key passwords which are only in my head so even if you get the list you don't get to log into my phone or laptop, nor my Gmail, bank, PayPal, Microsoft, Facebook (actually I suspect I've forgotten that one, which will be a bridge to cross in due course).
Re: Lockdown hacking, blackmail and security
I use a formula for creating pretty much unique passwords for any purpose which I'm fairly sure I saw someone suggest on a previous forum and I shamelessly nicked the idea.
I have a sentence, the password is then made up of the first letters of this sentence with the addition of a special character/number or two and then a number of other letters and numbers interspersed, which are all derived from the website/software/whatever that the account is for.
The result is an almost always unique password that is nonetheless completely memorable/work-out-able without needing any password manager or writing anything down. The only downside is that I have, so far, come across 2 websites which don't permit the resulting password - in one case because it doesn't like special characters, in another case because the resulting password is too long (WTF?). Neither is a website I use terribly often, in fact I can't currently recall which they are, so I just reset my password when I come across a situation where my formula doesn't work.
I have a sentence, the password is then made up of the first letters of this sentence with the addition of a special character/number or two and then a number of other letters and numbers interspersed, which are all derived from the website/software/whatever that the account is for.
The result is an almost always unique password that is nonetheless completely memorable/work-out-able without needing any password manager or writing anything down. The only downside is that I have, so far, come across 2 websites which don't permit the resulting password - in one case because it doesn't like special characters, in another case because the resulting password is too long (WTF?). Neither is a website I use terribly often, in fact I can't currently recall which they are, so I just reset my password when I come across a situation where my formula doesn't work.
- Brightonian
- Dorkwood
- Posts: 1447
- Joined: Mon Nov 11, 2019 3:16 pm
- Location: Usually UK, often France and Ireland
Re: Lockdown hacking, blackmail and security
That's almost what I do (some characters from the website name, plus some characters from other words, and a sprinkling of some numbers and special characters), so maybe in a former parish I described what I did. If not, then maybe everyone has the same idea so we should be worried.bagpuss wrote: ↑Fri Apr 24, 2020 1:22 pmI use a formula for creating pretty much unique passwords for any purpose which I'm fairly sure I saw someone suggest on a previous forum and I shamelessly nicked the idea.
I have a sentence, the password is then made up of the first letters of this sentence with the addition of a special character/number or two and then a number of other letters and numbers interspersed, which are all derived from the website/software/whatever that the account is for.
The result is an almost always unique password that is nonetheless completely memorable/work-out-able without needing any password manager or writing anything down. The only downside is that I have, so far, come across 2 websites which don't permit the resulting password - in one case because it doesn't like special characters, in another case because the resulting password is too long (WTF?). Neither is a website I use terribly often, in fact I can't currently recall which they are, so I just reset my password when I come across a situation where my formula doesn't work.
I keep a spreadsheet where I store hints to the words from which I pick characters etc. that make up the passwords.