Hack - iPhone camera and websites

THAT IS REALLY BAD.

And how is three old, defunct email addresses bad? They're of no use to anyone.

What would your reaction be if YOU got an email with a correct password (even if an old one) of yours.

The same thing you should be doing. Ignore it.

Oh, I just received the same email and I'm living in South Korea.

And I don't ever remember that I approached to a **** site using my phone unless I'm a sleepwalker who's unconsciousness is full of that, (well, happy that I'm not.)

So that was the point I first doubted about the email..

Furthermore, I actually don't give a **** to it and am not quite afraid if everyone in my contact gets to know my private life with photos or video of myself. I got only 40 contacts in my phone anyways. Also, everybody's got dark sides which they try to hide so people will understand and eventually forget about me.

BUT! I'm happy to know clearly that this email is just a scam,

Thanks everyone for sharing ideas.

They just have a partial number. I think somebody hacked a site that sends a code to your phone to prove it's you when you login. A lot like this site does...(Hmmm...). All they can see is part of your number and your email. address. If they really had your entire number I'm sure they wouldn't hesitate to show you. Seeing your entire phone number would scare the crap out of people and would definitely bring in a huge amount of money!!!

You’re welcome.

Some web-site where you have shown your email has been hacked. The scammer then uses the info stolen from the web-site to attempt to extort money from people.

Hi,

Before you register to a website, please make sure that the website is secured; ie. Https instead of http. If they are using http, use a password that is not used in other website login.

Anyone can create a form, make it looks like a password field (but it actually not), and store it in the database as is, not encrypted. And if the database itself not encrypted, well..

Hope it helps.

A.

Sorry, but that doesn't help. The site for a bank or whatever itself can be secure, but that has nothing to do with how the transferred data is stored.

HTTPs only ensures that the site and your browser have negotiated an encryption key that only they know. No one who snags data packets in between can do anything with it since they don't have the decryption key.

But, once the bank (insurance company, etc.) has your data, they can choose to add it to an encrypted, or unencrypted database.

No one here is listening. As I said at the start... HACKERS HAVE STOLEN SO MANY DATABASES AND THEN DECRYPT PASSWORDS... Or even the passwords are stored in plain-text. Once they have that, they have a password you are using on many sites.

And as I said, already... at the start... that no one even listened to...

NONE OF THAT IS EVEN NECESSARY.

Just store a HASH OF THE PASSWORD. A salted-hash using a salt unique to your company.

Don't tell me "use a unique password per site". No one does that... unless they log in to only 2 websites. Anyone who uses the internet a lot... who has used hundreds of websites, will be reusing passwords. That or using some "password solution" to generate unique-passwords per-site... and remember it for them... but that's not built in or standardised... most people are only able to just reuse a few passwords.

Anyone saying anything different is either a hypocrit or has only ever logged into two websites. One being this one apple.com... so they probably only log into one other website in their entire life time.

BoyTheo wrote:

Don't tell me "use a unique password per site". No one does that

I do that. I have a password vault that has a unique random password for each site I visit. It's no trouble at all; the password vault application generates the password. When I log into a site the vault provides the password for that specific site. I have over 400 sites in the vault, each with a unique password. There are quite a few password vault apps. 1password is probably the most popular. I happen to use SplashID Safe, because it was one of the first. It has my passwords back almost 20 years. And if you have Apple products there's a built in one called Keychain.

Anyone saying anything different is either a hypocrit or has only ever logged into two websites. One being this one apple.com... so they probably only log into one other website in their entire life time.

And no, I am not a hypocrite. As I said, I have unique passwords for 400 different logins, websites, apps and servers that I manage. Although I use public/private key pairs for servers these days.

Where am I going wrong in thinking that separate passwords and a vault to manage them, including Keychain, are necessary only because it's not so remote a possibility any one of them might somehow be cracked.

The vault is local, presumably protected by at least a router firewall, and the websites are all accessed remotely; they might have wonderful protection but we have no control over that.

Other than that, why does the original logic not make it scary to put everything in one vault… particularly if it's on a lap-top, whose theft will negate the router firewall and give the thieves all day to hack it, while at the same time presumably leaving the owner locked out of everything and unable even to close down accounts?

Well, you need a strong password for the password vault app. That's a given. Mine is 26 random characters (not random to me, but would be to anyone else). It's a password I don't use anywhere else. And with a good vault it is the encryption key for the contents of the vault. For a password of the length I use the time to hack it would be greater than the lifetime of the Sun.

Tarlin, in his case they only have a email/phone.

But in my case, they actually have 3 old passwords of mine! One very common one I used to use a lot.

This is really bad.

Hi Theo,

How did you react facing to that? because rn the 48hours are done, did something else happen, or it's definitely a scam.

Thank you for your answer (Kind of super nervous rn)