Password compromised?

[VredinLad]

Hi everyone,

 

(first, im not sure if this is the right place to post this)

 

today i found a message in my unwanted emails box, the sender claims to know my password and has written it in the title (see picture)

the thing is that the password written there is not a password that is currently in use for my important accounts but it has been some time ago.

 

is this the result of some old database being hacked and this is just to scare people or should i be worried? 

and can i safely open the email to read the full message?

 

help would be greatly appreciated.

[ZeouLs]

There is a whole list of E-Mail + Password combo of hundreds of millions of accounts on the web. He most likely found one of these, and contacted the E-Mail thinking the password is still in use. Change all your passwords just to be safe and he shouldnt be able to do anything.

 

EDIT: lookin at the numbers we are actually talkin about billions of accounts, not millions.

 

EDIT2: https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

Appearently leaked this January

[VredinLad]

8 minutes ago, ZeouLs said:

There is a whole list of E-Mail + Password combo of hundreds of millions of accounts on the web. He most likely found one of these, and contacted the E-Mail thinking the password is still in use. Change all your passwords just to be safe and he shouldnt be able to do anything.

 

EDIT: lookin at the numbers we are actually talkin about billions of accounts, not millions.

 

EDIT2: https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

Appearently leaked this January

thank you for letting me know.

 

i have not used the exact mentioned password for ages so i thought it might have been from some ancient game that was hacked.

 

i will change my password just to be sure though.

 

EDIT: but do you know if it is safe to read the email?

Edited January 30, 2019 by VredinLad
question added

[Origami Cactus]

Use https://haveibeenpwned.com/.

If your email is pwned, then change the passwords.

4 minutes ago, VredinLad said:

but do you know if it is safe to read the email?

Probably, if you don't click on anything and have scripts disabled. Emails are usually secure and don't allow scripts.

[ZeouLs]

I would run in a VM, you never know what's inside

[myselfolli]

Opening the email itself won't do any harm. It looks like you're using the GMail web interface, Google is pretty good at protecting you from malicious Emails.

 

Don't open any links from the email, don't download any attatched files and probably don't respond and you'll be good.

[VredinLad]

ill just delete it and change my password, thanks for the help everyone

[NunoLava1998]

I got one of these types of emails (pretty much same template)

There are no images, links or anything, just a lot of text saying that you went to a infected NSFW site with viruses, and that he recorded you ************* and will send it to your contacts if you don't send him a sum of money (typically around 1k$), through Bitcoin. There's a bitcoin address attached. You can't reply as it's a spoofed email. No viruses attached. This is because of the recent Collection 1 databreach. It simply means some 12 year old went through the list and messaged stuff like this to many people. For me it was actually quite useful, as it helped me identify what password was leaked from my account so I could ahead and reset my accounts's passwords which had that password (excluding 2FA ones).