Guest Mary_West Posted July 24, 2019 Report Posted July 24, 2019 Hello there! I’ve suddenly had a flood of email in my mailbox of the “Hi, I know your password and I’ve infected your machine with spyware and my goodness you look at naughty stuff!” However, I use individual passwords for all my accounts, and can tell from the password which one was hacked. The password they’re mentioning is the one I use for AFF logons. So someone’s vacuumed up your password list. (Because of course I’d never watch the naughty stuff on my computer. What sort of a girl do you think I am? Oh. I write smut. That’s right. I *am* that sort of girl) Anyway, a heads-up. If, like I *used* to, you use the same password on a lot of sites, now’s the time to change that. Use a base (eg MyMaidenNameBackwards) then add a number (not *1) and an identifier. Example: htimS99AFF. Keep a secret list somewhere safe, like an encrypted file on your computer. Then, when the blighters try to convince you they’ve been watching you through the bit of cardboard you have taped over your camera while you … ahem … enjoy the loveliness that is this site, you can a) laugh at them, b) let the admins know. By the way, that’s not the password I use now. Just in case you were thinking of being clever. I may be a middle-aged fan-fic-smut writing woman, but I’m a SMART middle-aged fan-fic-smut writing woman. Quote
JayDee Posted July 24, 2019 Report Posted July 24, 2019 I got one of those! I googled a chunk of the wording, and it seemed someone just obtained the data from the previous hack and used it to spam every email address from the database with the the same text, but the related password pasted in. I just ignored it - I mean, I don’t even have a webcam. Mirrored surfaces like lenses crack around me. Quote
Thundercloud Posted July 24, 2019 Report Posted July 24, 2019 I have got such emails for the email that is attached to thethundercloud acount that I lost access to, but not anything to email connected to my new thundercloud account. This support the idea that its not a recent hack but using the email for previous leak of passwords. JayDee 1 Quote
BronxWench Posted July 24, 2019 Report Posted July 24, 2019 We’re pretty sure it’s related to the forum hack from last year. We definitely recommend changing your passwords, just to be safe, but I’ve been deleting this type of email frequently from the staff email address with impunity. I’ve avoided the temptation to point out that this is an adult fiction site, so really, it’s not like I’m going to be embarrassed that I read adult material. The email addresses sending the extortion requests are all disposable anyway, so the reply would only bounce back. :sigh: And thank you, Guest Mary_West for a post that was both highly intelligent and delightfully written! GeorgeGlass, CloverReef and JayDee 3 Quote
GeorgeGlass Posted July 25, 2019 Report Posted July 25, 2019 Yeah, it happened to me, too. I’ve changed all the passwords that I should have changed a year ago. BronxWench and JayDee 2 Quote
lizziemay84 Posted July 25, 2019 Report Posted July 25, 2019 I tried to change my archive password, but all I get is a message saying “This password reset is no longer valid”. Could I get some help, please? JayDee 1 Quote
BronxWench Posted July 25, 2019 Report Posted July 25, 2019 22 minutes ago, lizziemay84 said: I tried to change my archive password, but all I get is a message saying “This password reset is no longer valid”. Could I get some help, please? I’m going to contact you at the email address we have on file for you, just to make sure our information is current. JayDee and GeorgeGlass 2 Quote
lizziemay84 Posted July 25, 2019 Report Posted July 25, 2019 I changed my email address from a hotmail to a gmail and was able to reset things just fine. I should’ve done a little more poking around the boards before I posted. Sorry for the trouble. JayDee and BronxWench 2 Quote
BronxWench Posted July 25, 2019 Report Posted July 25, 2019 Oh! Wonderful—glad that worked! JayDee 1 Quote
DemonGoddess Posted July 25, 2019 Report Posted July 25, 2019 I also get the webcam emails, and that cracks me up. I’ve NEVER had a webcam. I don’t WANT a webcam, and that they think they can scare me with webcam usage that never existed is just plain silly. Yes, this is an OLD issue, and these emails have been popping up ever since. GeorgeGlass, BronxWench and JayDee 3 Quote
lizziemay84 Posted July 25, 2019 Report Posted July 25, 2019 Me too. Thank you for your help. It was your post in another thread that made me try updating my email. JayDee, GeorgeGlass and BronxWench 3 Quote
DemonGoddess Posted July 25, 2019 Report Posted July 25, 2019 On an unrelated note, I’ve actually been working with the hosting company to fix the hotmail/outlook issues (where the emails just disappear that send to users). Everything thus far I’ve tried that SHOULD have worked, has not. So, they’re digging deeper and I should that have fixed soonish. When the old issue occurred, Nexcess was a major help at that time as well. They tracked down the IPs of the persons who did this, and blocked them from the domain entirely. They have tools at their disposal I don’t, so if something happens, they’re the ones I go to help stop whatever the issue is. GeorgeGlass, BronxWench and JayDee 3 Quote
CloverReef Posted July 25, 2019 Report Posted July 25, 2019 For those of you who looked in the body of the email, and the sextortionist provided a bitcoin address, you can report it at “bitcoin abuse” here: https://www.bitcoinabuse.com/ JayDee, BronxWench and GeorgeGlass 2 1 Quote
JayDee Posted July 25, 2019 Report Posted July 25, 2019 That’s useful to know! Wish I hadn’t deleted it now or I’d have reported it too. My rule of thumb is I’ll sometimes read spammy emails but I never click the links or open attachments/”view pictures” BronxWench and CloverReef 2 Quote
BronxWench Posted July 25, 2019 Report Posted July 25, 2019 It’s very useful, and I filed the latest one sent to the staff email address (I get a LOT of these in the staff email...) JayDee 1 Quote
Thundercloud Posted July 25, 2019 Report Posted July 25, 2019 18 hours ago, DemonGoddess said: On an unrelated note, I’ve actually been working with the hosting company to fix the hotmail/outlook issues (where the emails just disappear that send to users). Everything thus far I’ve tried that SHOULD have worked, has not. So, they’re digging deeper and I should that have fixed soonish. Just for the record the problem is not that hotmail/outlook does not deliver the email but that Microsofts system does a preflight test to scan for malware. In desktop outlook you can see all links get changed by the ATP Safe Link feature, for hotmail and similar online services you can in the source code of the email see security diagnostics added in the header information from the preflight scan. If you have control of the outlook server it is possible to disable the policy that makes the email server to do the preflight test, butthe likelihood that AFF users have that kind of admin power is negligible. Anyway your password reset feature seems to monitor if somebody has visited the password reset page and not if person wanting a reset press an update button or similar and this will not work if ATP Safe Link is active no matter what Nexcess does. The AFF software would need to be modified if you want solve the issue. I work as system developer so I speak with some authority here even if I have not read your source code so it is an educated guess. 18 hours ago, DemonGoddess said: When the old issue occurred, Nexcess was a major help at that time as well. They tracked down the IPs of the persons who did this, and blocked them from the domain entirely. They have tools at their disposal I don’t, so if something happens, they’re the ones I go to help stop whatever the issue is. A good sanity check would be to check if the archive stores the password in plain text or ifthe passwords are encrypted as something called “a hash”. https://en.wikipedia.org/wiki/Cryptographic_hash_function If you have the passwords stored with a hash function like SHA-2 or better it does not matter as much if the password information are stolen since they cannot be decrypted. If you use a weak hash-function like MD5 or SHA-1 (or even worse plain text) then the passwords are exposed since there are standard methods to reverse the hash and learn what password each account has. JayDee 1 Quote
DemonGoddess Posted July 26, 2019 Report Posted July 26, 2019 I’d have to ask manta2g exactly which hashing system she uses. Years ago, it was plain text. It hasn’t been for quite awhile. Quote
BronxWench Posted December 12, 2019 Report Posted December 12, 2019 And because the Season of the Scam is upon us again, MalwareBytes has a very good article on their blog: https://blog.malwarebytes.com/cybercrime/2019/11/sextortion-scammers-getting-creative/ JayDee 1 Quote
DemonGoddess Posted December 20, 2019 Report Posted December 20, 2019 As to the microsoft server issue, that should now be resolved. There was a particular function that needed to be done that I could not. Nexcess had to do it for me. Quote
Recommended Posts