Have you recently received an email with one of your actual passwords in the subject line?
There is a new email attack circulating where scammers claim they’ve stolen your password and hijacked your webcam. Your password was most likely found in one of the many databases of leaked emails and passwords circulating on the internet.
I know this because it happened to me.
A few days ago, I was trying to track down an old email and ended up looking in my “Junk” folder. The subject of one of the emails caught my eye. It displayed one of my personal email addresses followed by an old password that I recall using long ago for social media accounts.
Knowing that my mail client is set not to download remote content—and against my better judgment—I clicked to preview the email. It contained the message below:
After a quick read, I knew it was a scam. But the idea that my email address and an actual password were “out there” and up for grabs was more than a little disconcerting.
I knew I had been vigilant about changing passwords, using stronger ones, and relying on a password manager like 1Password to keep control of my logins. Even with this confidence, I spent a few hours checking accounts to ensure that password wasn’t still in use. I actually found one account still using it—and changed it immediately.
After some research, I found that this scam has been spreading for months. It appears my password was leaked from one of the well-known data breaches: Adobe, Dropbox, Yahoo, eBay—or even Myspace (yes, I had a Myspace account).
You can check if you’ve been impacted by one of these breaches at Have I Been Pwned.
This incident reinforced everything I already knew about password security. Unfortunately, it can still happen to anyone—even someone who works in cybersecurity.
Steps to protect yourself:
-
Check if your email and passwords have been leaked: https://haveibeenpwned.com
-
Use strong, unique passwords
-
Use a password manager
-
Enable two-factor authentication wherever possible
At the end of the day, this attack was a non-event—but it cost me time. You can never be too safe, so be smart about managing your passwords.
Take control of your cybersecurity
Protect your users and systems with proactive security solutions.