Hello everyone,
Today I received a blackmail email that contained my password for my Spiderbasic account in the subject line. That's the account on SpiderBasic.com – not the account here in the forum.
Some of you may already be familiar with this type of blackmail email. It always contains similar text suggesting that the blackmailer has access to all devices that they claim to have infected with a Trojan virus and that they have secretly recorded webcam and screen videos of compromising situations, which they are now using to attempt blackmail. However, that's not the point here, because the password information has been put in the wrong context, so it's clear that the blackmailer (script kiddie?) picked it up somewhere but doesn't know the context.
Long story short: Since I don't know myself whether I am the weak link in the password leak or whether there was a hack involving several SpiderBasic account details (password + associated email address), I wanted to publish this here so that others who may have received a similar email can put it into context. Perhaps Fred knows something about a past hacker attack on the Spiderbasic server?
I have already checked my affected email address at [haveibeenpwned.com] and [sec.hpi.uni-potsdam.de/leak-checker/search]. However, no data leak involving my affected email address was found there. If the attacker had obtained the information due to a data leak on my computer (screen recorder or similar), they would also have obtained the correct context for the password. However, this does not seem to be the case, as the blackmail email clearly states that the blackmailer associates the password with the email account – which is clearly incorrect.
My recommendation for these cases:
- Do not reply to this email, but delete it.
- If the email accesses external graphics and your email reader prevents these graphics from reloading, do not click on the button that would reload them.
- Change your Spderbasic account password. I also changed the one for PureBasic at the same time.
Regards, Kurzer
My SpiderBasic account password has been leaked. However, the vulnerability is unknown.
My SpiderBasic account password has been leaked. However, the vulnerability is unknown.
SB 2.32 x86, Browser: Iron Portable V. 88.0.4500.0 (Chromium based), User age in 2023: 55y
"Happiness is a pet." | "Never run a changing system!"
"Happiness is a pet." | "Never run a changing system!"