Ransom Demands
I recently received an email containing a ransom demand. It was addressed to my personal email account and as proof, the sender quoted one password - the password I had been using to login to DAZ3D. Thankfully this was the only one quoted and fortunately I use different passwords for different internet accounts. Also, thorough scans of all of my equipment have come up clean, what does concerm me is the fact that the account on this website has been compromised. According to information available about this particular scam, certain servers have been hacked and lists of usernames/passwords have been published. The same scam email has been received by many of those on the list. needless to say that I was very upset by the whole thing.
I hope that I am an isolated case but I would advise anyone reading this to change your password as a precaution.
Comments
Happened to me, too. They knew my DAZ password, which I didn't use anywhere else.
...interesting. The store's been acting up today again during the last 1.99$ flash sale where it kept giving an error message that the order could not be put through, not just when I entered my card number, but several others had the it happen to them as well.
I just changed my Daz password. No ransom email as of yet, but just to be on the safe side...
Thanks for the heads up!
...when i try to change mine to a new one, I keep getting the error message:
This makes no sense at all as the current one I entered is the one saved in Chrome that I have been using. The last thing I want to do is lock myself out of my account by accident.
We've seen this going around.
A couple of our accounts that have not been used in years were hit by this email using passwords that were never on our site but on third party sites that have been hacked.
Password reuse is quite common, so be sure to use different passwords on every site you visit, and using password managers or password generators are highly recommended.
I can assure you that I do make a point of using different passwords on different sites, as I mentioned in my OP. The password they quoted in the spam email was the one I used here and nowhere else. Before I retired I was employed in computer and network security so I do have some clue about such procedures. By the way, I do use a paid-for password manager (keeping track of all those passwords securely would be a nightmare otherwise).
I use Kaspersky password vault & I have not gotten any ransom notes . but in case i changed my Daz pass word anyway and added daz to kaspersky password vault I use a different password for every account as well but i know cyber thieves are getting clever these days with fishing expeditions . stay safe people
Thanks. My account wasn't lost - in fact I don't believe the spammers knew what site the password came from. I only noticed the email because I was looking for another that I thought might have been wrongly marked as spam so I checked my spam bin. Luckily my eye was drawn to my DAZ3D password which was prominently displayed in the spam email subject title. I immediately changed it, of course.
Thanks for the heads up - change mine just to be safe
that's a good password - I changed mine to 12345 (I got the idea from Spaceballs) :p
(and yes, I'm only kidding ;) )
hunter2
Just FYI, the Credit Cards being denied earlier tonight were due to the high volume of very low priced checkouts (thanks to those crazy blink sales).
Our CC authorization system thought that looked out of the ordinary so it shut things down until we could manually review and approve things. Everything should be back to normal now.
Silent Winter:
That's amazing! I've got the same combination on my luggage!
marble:
Thank you, for the heads up!
You can check where you email and password were hacked from haveibeenpwned.com
It's generally a good idea to check your email address once a month.
Boy I sure hope the site hasn't been hacked (doesn't sound good tho). After being burned at Rendo, I sure don't want another one. Ever since I change all passwords regularly, but did change my Daz password anyway.
Laurie
...well, in spite of the error message I got, looks like the new password was accepted as when I opened the DIM I received an invalid password error (DIM uses the same password as the site login). I then entered the new password (which I had written down) and it opened fine.
Security experts have long said good practice is to change your passwords on a regular basis.
I change my passwrods as soon as I can remember them without looking them up. I do not keep any note of my passwords on my computer.
And Daz is still sending me newsletters on an email account that I no longer use for anything except as a spam catcher.
Speaking of, is there anything besides email that connects daz and user? i mean, things like connection to phone number or smth
I use 8 asterisks as mine ... failing that having seen thefact that 'passowrds should not be trivial or obvious' I use either 'trivial' or 'obvious' as no-one woudl ever think they were being used as you are told not to use them
And yes, kidding - I used to a mainframe and Unix SystAdmin and I twitch a lot about security, even going so far as to tell people (inpolite ways) where they are goign wrong (such as in Blockbusteer where they had a password on a bit of paper stuck to the wall behind the counter, and a doctor leavng the consulting room with her PC still logged in ot the NHS systems ...)
I got one of these scams a while back and was taken aback by it, then I noticed that the password they quoted was similar to, but not actually the password I had used on an old, old account (so old I am not even sure I could rememebr where!)
Hm, my email and other data have leaked from 10 sites now, last time I checked there it was far less.
I've recently started getting scam mails containing both my name and phone number, never happened before.
I always use passwords like this wherever I can: xRfPs?xCZ2fpnmQe[oAw and both user name and password unique for every site, unfortunately there are still sites out there which only allow short alphanumeric passwords.
Requiring email address as user name is also a bad idea IMO, that makes it easier to identify or spam/scam a person if the login data leaks. A random user name and a password is pretty useless for tracking down someone.
I would think forum passwords are stored as hashes, not plain text passwords, so I would be very surprised if this was true. Sorry, I don't believe it.
Well, that sucks... I hope they didn’t get my password... if they read my password aloud, it would unleash a scourge of demons upon the earth the likes of which humanity has never known... I knew that was a bad idea using an ancient Sumerian curse as my password.
Megh... well, if anyone is attacked by demons... my bad... sorry.
EDITED TO ADD -
Well, I checked my spam folder and didn’t see anything as described above, (on a side note... damn... spam has gotten crazy lately... weird mostly)... anyway, I decided to change my password just in case...
I also noticed I misspelled the curse, so I fixed that in the new password...
Oh... dang... I probably should of used a different password... I’ll fix that as soon as can I get around to that...
Recovering passwords from hashes can be practically impossible, difficult or easy, it depends on the password, so hashing is no guarantee for anything.
I use very long complicated passwords but some sites don't allow passwords longer than 16 or even fewer characters. I know there is no chance any one has ever guessed, dictionary attacked, or cracked my passwords successfully.
Since in Dec 2016, one of my passwords was stolen and two of my credit cards too, that meant a business on the internent had been broken into. The theives resided in California, Oregon, and Wisconsin. They were likely given or bought my CC information from another person. At least one of the thieves was a college student at the University of Wisconsin at Madison.
Also, all my private information I had to give since my birth, which was very extensive and very comprehensive, to obtain my secret security clearence, was stolen directly from the US government servers back before 2015. The USA federal government offered to pay for one year subscription at an identity theft monitoring business that they chose in a pork barrel bit of conflict of interest. I declined their offer. Luckily I had already quit the contracted job with the government that needed me to have that clearance so they weren't exposed by their exposure of me but now I know that some criminal foreign government has essentially my life history. LOL, who would of thought I could make such a contribution to world peace by wasting the valuable limited amount time of hostile foreign agents?! Enjoy, guys & gals! Don't hit your forehead too hard on your desk when you fall asleep.
I now use different passwords and different email addresses for each internent account I have.
A lot of the leaks that the site lists are just recompiliations of previously leaked information. But since they are technically new leaks, he lists them as well as the originals just to be sure. Also, a lot of the leaks are only partial information leaks, so they may have your email but nothing else, or email/birthday, but no password. It's a great site, and if you do find your email on one of the lists you have to be careful, by all means. But it doesn't neccessarily mean your password has been cracked.