Avast Data Breach or ?

I received email today - definitely a phishing attempt but something different. Here is a Copy :


I am aware, ( REMOVED) , is your password. you don’t know me and you are most likely thinking why you’re getting this e mail, correct?

The answer is, I installed a malware on the adult video clips (porn) and guess what, you visited this site to experience fun (you know what I mean). While you were watching videos, your browser started operating as a Rdp (Remote desktop) having a key logger which gave me access to your display screen and webcam. Just after that, my software program collected every one of your contacts from messenger, social networks, as well as email.

What exactly did I do?
I made a double-screen video. First part displays the video you were watching (you’ve got a good taste lmao), and 2nd part shows the recording of your cam.

Exactly what should you do?
Well, in my opinion, $1900 is a reasonable price tag for our little secret. You’ll make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in google).

BTC ADDRESS: 1CE3Qk4aWoxEnXVTjQgFeBsmo4Cw3AAgXA
(It is CASE sensitive, so copy and paste it)

Notice:
You have one day in order to make the payment. (I have a unique pixel in this email message, and at this moment I know that you’ve read through this message). If I don’t receive the Bitcoins, I will certainly send out your video to all of your contacts including family members, co-workers, and so on. nevertheless, if I do get paid, I’ll erase the video immediately. If you really want proof, reply with “yes!” and I definitely will send out your video to your 15 friends. It is a non-negotiable offer, so kindly do not ruin my time and yours by responding to this email.


Obviously a phishing attempt as I have no web cam and have no such site history. BUT what alarms me is the password they gave WAS my avast forums password .

Has Avast had a Breach or ??
If it were just a random made up password attempting to scare someone I would just laugh it off. I tried to find a way to contact Avast about it but they are so email isolated.

I have given my password to no one and did not use it on any other sites.

Has Avast had a Breach or ??
avast blog 2014 >> https://blog.avast.com/2014/05/26/avast-forum-offline-due-to-attack/

If you want to check for infections, follow instructions and attach requested logs >> https://forum.avast.com/index.php?topic=194892.0

BUT what alarms me is the password they gave WAS my avast forums password .
Change password >> https://my.norton.com/extspa/idsafe?path=pwd-gen

‘I know you cheated on your wife.’ Growing blackmail scam demands payment in bitcoin
https://www.cnbc.com/2018/01/22/growing-blackmail-scam-demands-payment-in-bitcoin.html

https://www.techlicious.com/blog/is-the-porn-blackmail-scam-real/
https://myonlinesecurity.co.uk/attempted-blackmail-scam-watching-porn/

check e-mail >> https://haveibeenpwned.com/
Pwned Passwords >> https://haveibeenpwned.com/Passwords

I received it too. I have never visited a pornography website in my life and don’t use my webcam, so am not worried except for one thing. How did this creep get my real Avast password?

How did this creep get my real Avast password?
Check here and read the result at the bottom if compromised

check e-mail >> https://haveibeenpwned.com/
Pwned Passwords >> https://haveibeenpwned.com/Passwords

My forum mail is listed as compromised from avast forum attack 2014, password is not as i have changed it

I guess that is why i recive mail from people that want to give me money ;D >> https://forum.avast.com/index.php?topic=81030.0

How reliable is this site? I’ve just fed it a series of made-up nonexistent email addresses and it reported every one of them as “pwned”. It suggests to me that this is just a marketing operation for their security products.

You are likely to find lots of emails that aren’t actually in existence as bots could be generating random emails on speculation.

Personally I never use sites like this I’m a trusting sole (NOT), who is to know if the site has been pwned/hacked.

I received the exact same email late last night, the password mentioned was also my old Avast password which was changed years ago, it’s obviously taken this long for the information that was compromised from the Avast hack in late 2014 to do the rounds ::slight_smile:

How reliable is this site?
You are not the first one to ask ;) (google search)

If there was a problem it would be on security websites like “krebs on security” and others but have not seen any
Also the guy who made it “Troy Hunt” is a know security researcher

Got the same email yesterday, suspected it was a result of the Avast breach. Not good Avast.

Unfortunately, Avast is not the first AV company to be hacked, and they certainly won’t be the last.

I’ll remind all of you guys. If the information they have is really that crucial, they won’t email you. Emails can be tracked. What they’ll do is use that password to access other information. I had two of my passwords breached in the last week. (Still not sure how they got the second one as it’d never been used elsewhere.)

No, they’ll just straight up steal whatever they can (In this case, the contents of my Bank’s chequing account) and run as fast as they digitally can. If you DO get hacked, don’t panic - for me it was a call to the bank, Paypal (where the breach originated) and a call to the RCMP with information regarding where the idiot lived. Change all of your passwords from a secure computer (for me, I wiped every device in my house, reset my router to factory defaults) and then changed my PWs to 20+ character long passwords. I got all my money back (which wasn’t much as I’ve always feared someone hacking my Paypal.)

Oh, I also wrote a very long message to my bank about their online security (which is nothing but a joke). Mandated fixed-length passwords (all passwords are 6, yes SIX characters long). No symbols. Needless to say, I ripped them a new one in that email. They have some excuse along the lines of “Oh, but your bank card number is randomly generated & not easily tracable” Yup, right up until it gets pickpocketed. It’d would take them about a day to crack your banks password (on a modern system using SHA512 encryption). They also have the standard “reset your password” option if you forget it. Those are based on questions that are so commonly social engineered on Social Media (FB, usually). It’s not mandated for you to physically walk into a bank to change it.

At least the tellers that I dealt with at the bank were understanding and agreed with my concerns.

@ Michael (alan1998),

Sheesh, what a sense of outrage and violation! Good you caught the perp and notified the authorities rather than handle it yourself.

Yup, Avast is not the first nor the last to be hacked; all websites are potential targets.

[OT] As polonus often points out, web site security is mostly shoddily implemented and not updated or addressed in a timely manner.

Always remember: One party is a victim and the other is the perpetrator. Don’t blame the victim if they have taken proper precautions and help address their issues if they didn’t.

I got the same message too, its mail address and password is certainly from the old compromised forum.

BTW the set of address/password in the mail I received is the account for testing (having short password and rarely used). My main account (with longer password) seems not compromised yet. They may be used brute-force attack to crack the hashed passwords.

Me too:


De : Ace Mcaleavey jgcesarohemphillsx@outlook.com
Envoyé : jeudi 12 juillet 2018 21h09
Objet : RE: [motdepasse]

I am aware, [motdepasse], is your password. you do not know me and you are most likely wondering why you’re getting this email, right?

Actually, I installed a malware on the adult vids (pornography) and do you know what, you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser began functioning as a Rdp (Remote desktop) having a key logger which gave me accessibility to your display and also cam. Right after that, my software collected all of your contacts from messenger, fb, and email.

What did I do?
I have made a double-screen video. First part shows the video you were watching (you have a nice taste hehe), and 2nd part displays the recording of your web cam.

What should you do?
Well, in my opinion, $1200 is a reasonable price for our little secret. You will make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in google).

BTC ADDRESS: 1CE3Qk4aWoxEnXVTjQgFeBsmo4Cw3AAgXA
(It is case sensitive, so copy and paste it)

Important:
You have one day in order to make the payment. (I have a specific pixel within this e-mail, and right now I know that you’ve read this e mail). If I do not receive the BitCoins, I will certainly send out your video recording to all of your contacts including family members, coworkers, and many others. nevertheless, if I receive the payment, I’ll destroy the video immediately. If you want to have proof, reply with “yes!” and I definitely will send out your video to your 14 contacts. It’s a non-negotiable one time offer, so kindly don’t waste my personal time and yours by replying to this message.

It was a hacked database somewhere as I received one as well. But the password referenced was one I have not used for many, many years and I do not think I used it on this forum … But as I have no camera on my pc I would love to see the pictures of me :slight_smile: P.s they want $1800 from me, mayhap they think I am rich

Ditto; but I got asked for $1900. Maybe they noticed that you didn’t pay up :wink:

Going back through old backups, I discovered it was from the Avast forum breach (confirmed via haveibeenpwned).

PS: I’m an Essex Boy too ;D

They must like you guys. :slight_smile: My account was never attacked but, I did change the password as soon as I became aware of the breach.
All of this by now, is ancient history.

I’m the OP on this thread - thanks to all for all the info. I had already changed my Avast password. As Mentioned Avast was the only place I used that password.
Appreciate everyones time to reply - feeling much better now that I understand what must have happened,

Thanks Again

Now if I can just get past the Verification - LOL - the voice thing never works for me and its so embedded in clutter that it took about a dozen refreshes last time.

Only used for the first three posts as a Spam deterrent.

Is there a link to the Netlog website?

De : noreply@netlogmail.com
Envoyé : mardi 31 juillet 2018 21h42
Objet : Avis important de Netlog

INCIDENT DE SECURITE NETLOG

Bonjour,

Nous vous écrivons car vous vous êtes inscrit avant décembre 2012 sur Netlog, ancienne plateforme de réseaux sociaux exploitée par la société Massive Media, sise en Belgique, qui gérait également plusieurs autres plateformes, dont Twoo. Bien que Netlog ait été interrompu en 2015, nous vous informons que nous avons récemment eu connaissance d’un incident de données survenu en novembre 2012 concernant votre compte Netlog.

Détails de l’incident. Grâce à une surveillance proactive de la sécurité des données, notre équipe en charge de la sécurité a récemment découvert que notre base de données avait été compromise en novembre 2012. Celle-ci contenait l’adresse électronique ainsi que le mot de passe des utilisateurs de Netlog inscrits avant décembre 2012. Nous avons pu confirmer que celle-ci ne contenait pas de numéros d’identification délivrés par le gouvernement, d’informations relatives aux cartes de paiement ou d’informations financières et nous n’avons pas de raison de penser que cet incident ait affecté tout autre donnée ou service.

Comment avons-nous réagi ? En réponse à cet incident, nous avons notamment informé tous les utilisateurs concernés de Netlog ainsi que les autorités compétentes, comme l’exige la loi.

Que devez-vous faire ? Vous ne devez rien faire sur la plateforme Netlog puisque celle-ci n’est plus opérationnelle.

Si vous utilisez encore l’adresse électronique et le mot de passe que vous utilisiez sur Netlog en 2012 sur d’autres comptes en ligne actifs, nous vous conseillons de mettre à jour votre mot de passe pour ces comptes dans les meilleurs délais.

Voici quelques conseils utiles pour créer et protéger vos mots de passe :

-choisissez un mot de passe unique que vous n’utilisez pas sur d’autres sites Internet
-ne choisissez pas une information personnelle ou un mot répandu
-choisissez un mot de passe d’au moins 8 caractères composé de lettres, de chiffres et de symboles
-mettez régulièrement à jour votre mot de passe (tous les 90 jours)

Pour toute question supplémentaire, veuillez contacter security@netlog.com.


ENGLISH:

Subject: Important notice from Netlog

NETLOG SECURITY INCIDENT

Hello,

We are writing because you registered for Netlog before December 2012. Netlog was a social networking platform operated by Massive Media, a Belgium-based company which also operated a number of social platforms, including Twoo. While the Netlog service was discontinued in 2015, we are writing to let you know that we recently learned that in November 2012 there was a data compromise that involved your Netlog account.

Incident Details. Through proactive data security monitoring, our security team recently discovered that a database compromise occurred in November of 2012. The database contained users’ email address and password information if they registered on Netlog prior to December 2012. We have confirmed that the database did not contain any government issued identification numbers, payment card, or banking information and we have no reason to believe any other data or service was compromised.

Our Response. As part of our response, we notified all known affected Netlog users, as well as those authorities as required by law.

Actions You Should Take. Netlog is not operational, so there is nothing for you to do on Netlog.

In the event you are still using the email and password combination you used for Netlog in 2012 on other active Internet accounts, we advise you to promptly update your password for those accounts.

Here are some helpful tips for creating and maintaining your passwords:

-Use a unique password that is not used on other websites
-Don’t use personal information or common words
-Use a mix of letters, numbers, and symbols in your password and make sure it’s at least 8 characters
-Update your passwords on a regular basis (every ninety days)

If you have any additional questions, please contact security@netlog.com.