Every once and a while, I check my email's spam folder for fun phishing attempts and stumped upon one in particular that was rather interesting:
Title: [Some old password]
Of course it goes without saying, This is "definately"1 non-sense, yet you might ask how did he managed to get the old password?
This answer is from one of many data breaches that happens almost every few months. Almost every major company had a data breach in some point (Adobe, Dropbox, LinkedIn, ...) and you can check your email using one of the following services:
have i been pwned?
have i been pwned? checks if you have an account that has been compromised in a data breach and offer to notify you if your email appears in any public accounts dump or spam list.
DeHashed is similar to the other solutions but it takes this process one step further by offers a cheap subscription plan that allows anyone to get the list of publicly plaintext password for any email address.
If you happen to receive a similar email, you can report the bitcoin address to:
Bitcoin Abuse Database
BitcoinAbuse.com is a public database of bitcoin addresses used by scammers, hackers, and criminals. Bitcoin is anonymous if used perfectly. Luckily, no one is perfect. Even hackers make mistakes. It only takes one slip to link stolen bitcoin to a hacker's their real identity. It is our hope that by making a public database of bitcoin addresses used by criminals it will be harder for criminals to convert the digital currency back into fiat money.
The miss-spelling was intentional.↩︎