In another attempt to leak confidential personal data, an anonymous developer has built a malicious copy of the famous breached passwords database “Have I been pwned.”
Fraudsters ‘Hijack’ Passwords
Similar to “Have I Been Pwned,” the malware initially lets one check if his/her associated email address has been breached previously. However, it also shows leaked passwords of the breached accounts, before asking the legitimate owner to make a one-time donation of $10 in bitcoin to hide the passwords.
As mentioned in the instructions on the website, the leaked passwords will only be removed once the owner has made the payment and successfully shows proof of the same. It has been confirmed that this website does indeed contain a database with legitimate passwords.
1.4 Billion Accounts Reportedly Compromised
Although it is still unclear as to the quantity of compromised data the website has, estimates suggest around 1.4 billion accounts and associated passwords have been breached. Journalist Daniël Verlaan said the site uses the same database as the popular breach lookup service Gotcha.
As advice, BTCManager suggests all account holders update their passwords before the malicious website gets a hold of the existing information and compromises the security of users accounts.
“Smart” Scammer Dupes Investors Of ETH
On April 12, 2018, a Twitter user posted the details of a new scam that made its way to Telegram groups. The tweet went viral, as the alleged scammer made use of a smart contract to extort money, in a first-of-its-kind incident.
Best scam I’ve ever seen:
1. Guy posts his MEW private key in a chat.
2. $5k worth of Minerium in it, no ETH for gas.
3. Half the people in the chat send gas to take it.
4. Smart contract. Auto-sends the $ETH to another address; keeps MNE in the account.
— The Shitcoin Sherpa (@ShitcoinSherpa) April 12, 2018
In a bid to steal the MNE, greedy Telegram users, presumably scammers themselves, quickly sent ETH to the private wallet which then diverted the received coins to another account, courtesy of an inbuilt smart contract.
Even honey pot is somewhat derogatory to the genius who figured this one out, I feel like as long as he didn’t say it as if you could have the contents of the wallet, it’s essentially the same as leaving the keys in a car so a thief assumes they can drive it away.
— The Juice (@CryptOJSimpson) April 12, 2018
Twitter users expressed surprise over the scammer’s methods, with some terming the use of a smart contract as “brilliant.”