It would seem that Canada Computers has had a data breach.
Upon checking my pre-filtered email on my server I’ve noticed 3 bitcoin extortion scams forging the from address of my main email account.
SPF (Sender Policy Framework) was of course soft failing those attempts at forging and immediately marking them as spam.
Upon actually reading them I see they are providing an actual password that is supposed to be for my account.
Given the fact that my passwords are unique I was curious and looked up where this supposed password is from.
Lo and behold my randomly generated 30 character password matched the one at Canada Computers.
Upon logging in to the account I see nothing suspicious. I simply changed my password and logged out.
I have informed Canada Computers of the breach; so we’ll see if they take it seriously or not.
The following is a redacted version of one of interesting attempts at extortion.
Hi, dear user of (domain redacted)
We have installed one RAT software into you device.
For this moment your email account is hacked (see on
, I messaged you from your account). Your password for (email address): (Canada Computers password)
I have downloaded all confidential information from your system and I got some more evidence. The most interesting moment that I have discovered are videos records where you masturbating.
I posted my virus on porn site, and then you installed it on your operation system. When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device. After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.
For the moment, the software has collected all your contact information from social networks and email addresses. If you need to erase all of your collected data, send me $800 in BTC (crypto currency). This is my Bitcoin wallet: 1PuYAe7BLxNE6F6zE2PeVthfXCeYH88PmQ You have 48 hours after reading this letter.
After your transaction I will erase all your data. Otherwise, I will send video with your pranks to all your colleagues and friends!!!
And henceforth be more careful! Please visit only secure sites! Bye!
People are sending money sadly.
The amounts donated so far to the following address as are follows:
|Bitcoin Address||Transactions||Bitcoin Amount (as of time of post)||USD Value|
Compromised machines are from all over including:
For a laugh I sent an abuse report over to the folks at bspeedy.com on October 8, 2018. No response of course.
I did receive a brush off email that stated this has been passed to their “IT department” on October 11, 2018. I’m not holding my breath as evidenced by this fellow individual:
Well over a month has passed with no response. I’m not surprised in the least.
UPDATE June 27, 2020
I have not thought of Canada Computers in ages. I had my account closed after much annoyance although I am certain that my information is still in their database. They never bothered to do any followups to their breach as I expected. The others I contacted had no response either.
Lots of extortion emails have been hitting my spambox since the beginning of June 2020. Some now want Ethereum.
They are becoming greedier it seems due to the pandemic. Requests between $800-1400 seem to be the norm now.
Here is the one of the new templates:
Hey, some time ago your computer was infected with my private software, RAT (Remote Administration Tool).
My software gave me access to all your accounts, contacts and it was possible to spy on you over your webcam.
For example, I know one of your passwords is: (Canada Computers password)
Sometimes I was spying on you and then once I was shocked seeing you started to MASTRUBATE, so I recorded you with the software called: Bandicam, Google it if you want.
I can share the video of you with all your friends, contacts, post it on social networks and everywhere else.
You can stop me, send 800$ with the cryptocurrency Ethereum (ETH).
It’s easy to buy Ethereum (ETH), for example here: bitvavo.com , anycoindirect.eu , binance.com , or Google another exchanger.
My Ethereum (ETH) wallet is: 0x887D27dA0a963bDFBc503357F2DC9837eB2c9444
Yes that’s how the wallet looks like, copy and paste it.
After receiving the payment, I will remove everything and you never hear from me again.
You got 2 days time!
Next time update your browser before browsing the web, so you won’t get infected again!