Canada Computers data breach

2018, Oct 05    

It would seem that Canada Computers has had a data breach.

Upon checking my pre-filtered email on my server I’ve noticed 3 bitcoin extortion scams forging the from address of my main email account.

SPF (Sender Policy Framework) was of course soft failing those attempts at forging and immediately marking them as spam.

Upon actually reading them I see they are providing an actual password that is supposed to be for my account.

Given the fact that my passwords are unique I was curious and looked up where this supposed password is from.

Lo and behold my randomly generated 30 character password matched the one at Canada Computers.

Upon logging in to the account I see nothing suspicious. I simply changed my password and logged out.

I have informed Canada Computers of the breach; so we’ll see if they take it seriously or not.

The following is a redacted version of one of interesting attempts at extortion.

Hi, dear user of (domain redacted)

We have installed one RAT software into you device.

For this moment your email account is hacked (see on , I messaged you from your account). Your password for (email address): (Canada Computers password)

I have downloaded all confidential information from your system and I got some more evidence. The most interesting moment that I have discovered are videos records where you masturbating.

I posted my virus on porn site, and then you installed it on your operation system. When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device. After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose.

For the moment, the software has collected all your contact information from social networks and email addresses. If you need to erase all of your collected data, send me $800 in BTC (crypto currency). This is my Bitcoin wallet: 1PuYAe7BLxNE6F6zE2PeVthfXCeYH88PmQ You have 48 hours after reading this letter.

After your transaction I will erase all your data. Otherwise, I will send video with your pranks to all your colleagues and friends!!!

And henceforth be more careful! Please visit only secure sites! Bye!

People are sending money sadly.

The amounts donated so far to the following address as are follows:

Bitcoin Address Transactions Bitcoin Amount (as of time of post) USD Value
1Lughwk11SAsz54wZJ3bpGbNqGfVanMWzk 10 0.54242879 $3545.84
1PuYAe7BLxNE6F6zE2PeVthfXCeYH88PmQ 27 2.55518173 $16703.15
1PwENLsmQ2Z6b4EJfXDeeXKBj9v878uHRf 17 1.40200389 $9164.86
13cyEdT7kyH2f4j9xchvDGhv1o64MYNLUS 20 1.72932905 $11134.35

Compromised machines are from all over including:

  • telecomitalia.it
  • life.com.br
  • bspeedy.com

UPDATE

For a laugh I sent an abuse report over to the folks at bspeedy.com on October 8, 2018. No response of course.

I did receive a brush off email that stated this has been passed to their “IT department” on October 11, 2018. I’m not holding my breath as evidenced by this fellow individual:

Canada Computers and Electronics Appears to Ignore Serious Security Breach

Well over a month has passed with no response. I’m not surprised in the least.