Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
My nickname in darknet is <soon-to-be-dead>.
I hacked this mailbox more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
So, your password from <email@example.com> is <ultra-secret-password>
Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me.
I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.
I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!
During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!
I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $<Some-Number> is quite a fair price to destroy the dirt I created.
Send the above amount on my BTC wallet (bitcoin): <Some-GUID>
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.
Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!
Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.
I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
It's just phishing.
Password has to be stored has an irreversible hash, any other method of storing passwords would be extremely amateur. That being said, I doubt that WebmasterWorld stores or has ever stored passwords in plain text, isn't it ?
Not what I meant. Phishing to see who takes the bait by responding, then they have you playing on their terms.It's just phishing.
It would be IF they were not showing a real password
SHA-1 is obsolete since 2005, salt is something also common since the end of the 90's, hashing functions even automatically add a sal (eg. PHP 's password hash function adds a different salt automatically since 2004)
Your post sounded like you assumed the plaintext passwords in email situation could only come from databases storing them the same way.
That being said, I doubt that WebmasterWorld stores or has ever stored passwords in plain text, isn't it ?
That being said, I doubt that WebmasterWorld stores or has ever stored passwords in plain textShortly after I started reading this forum, I remember someone posting in great (and understandable) annoyance because they'd got the routine welcome-to-WebmasterWorld letter ... including their newly selected password in plain text. At the time, the post was greeted with general sneering and “so what?” from established members.
Shortly after I started reading this forum, I remember someone posting in great (and understandable) annoyance because they'd got the routine welcome-to-WebmasterWorld letter ... including their newly selected password in plain text. At the time, the post was greeted with general sneering and “so what?” from established members.
I haven't used the site since about 2010, but I find that my account, with the compromised password is still active.
He" was right. A site must NEVER send a password in an emailAs long as the data is encrypted and the connection is secure, I see no issue.
I would worry more about all these unsecure email clients that people use. They get hacked all the time.
[edited by: justpassing at 10:15 am (utc) on Oct 23, 2018]