@Klaatu_Veratta_Nectarine Looks like it may be a phishing attempt - I’d still recommend a password change, especially if you used the link in the email, and also do an immediate AV/Malware scan.
Likely someone grabbed your email address from one of your other contacts that did actually get compromised and they’re sending out phishing attempts based on that.
@Klaatu_Veratta_Nectarine IT IS ENTIRELY POSSIBLE that they used the same IP address, but DHCP is typically used on ISP networks (source: I work for an ISP and we use DHCP) so they’d have a different IP a year later, odds are…. Unless they have static for some reason and… why would a non-state, malevolent entity use a static IP…? Heck why would a state malevolent entity use a static IP?
@Exitpass @EnochianEntropy Thank you? But couldn't they use a vpn?
@Exitpass @EnochianEntropy I am kind of dumb. Not super worried but wow
@Klaatu_Veratta_Nectarine @Exitpass VPN or a proxy - they can both mask an IP.
@EnochianEntropy @Exitpass it's just weird because i didn't get a Coso alert that info was compromised. I'm gonna blame the bird site because it makes me cranky.
@Klaatu_Veratta_Nectarine @Exitpass Those are going to be based on data that is known to be compromised - if it’s kept in the back pocket and not exposed to the internet at large, then it won’t be shown as compromised because the only one who knows that it’s compromised is the one who did the compromising or bought it from someone who didn’t share it out.
@EnochianEntropy @Exitpass
Ah. Makes sense.
@EnochianEntropy @Exitpass
What would be the point of them logging in and not changing the password. So not keeping stuff. They logged in every day at roughly the same time for a series of days. If they just wanted to peek why not download it all and go undetected? If they wanted to take the account over to try bribe me to pay them they would change the password. It's weird.
@Klaatu_Veratta_Nectarine @EnochianEntropy @Exitpass Not at all weird. If you are truly hacked then most likely they want to leverage their access to make a profit. But how? If they locked you out how would they contact you for ransom? They need to know who you are. If you have unique access to important accounts or sites then that's a way to profit. They're looking to see what they can use. In the meantime, they don't do anything to alert you that anything is wrong like changing your password.
@danielbsmith @Klaatu_Veratta_Nectarine @Exitpass Yeah, I had someone who, going by the sent emails, was compromised for a month or so, the sender sending emails from them and clearing out the responses but forgetting the sent folder. Didn’t want to rock the boat and get noticed.
Then the dummy wanted me to change his password to “Superman” when we found it was compromised….
@EnochianEntropy @Klaatu_Veratta_Nectarine @Exitpass That tells you everything you need to know about how he got hacked in the first place. Still, it's better than "monkey". 🙄😁
@danielbsmith @EnochianEntropy @Exitpass
I've been trying to think of anything i did different in giving out that email. The only thing is I subscribed to substacks and mastodons of people I followed on the birb site that are leaving. And nobody knows who owns all the mastodon servers. So realistically they could have got it anywhere... But really those are probably highest chance. Which makes me really sad. Maybe i need a separate thing for just those. Also just said last night. -
@danielbsmith @EnochianEntropy @Exitpass about the bluesky thing and this morning i look and John Scott Railton who I like to read is like here is my blue sky account .
They're killing me.
@Klaatu_Veratta_Nectarine @danielbsmith @Exitpass Meh - since email addresses are a requisite for signing up for 99% of services, you didn’t “mess up” doing it because otherwise it wouldn’t work.
The email relay system of iCloud+ or Mozilla Relay isn’t too bad an idea if you want to keep your actual email address out of the hands of bad actors.
@Klaatu_Veratta_Nectarine @EnochianEntropy @Exitpass Duck Duck Go also has a an email forwarding option for privacy.
https://duckduckgo.com/email/
@danielbsmith @EnochianEntropy @Exitpass oooh nice!