SPAM email on unique mios address only known in UI5 cp.mios.com. is it hacked?

OMG Vera! I registered on the old platform with an email adress SPECIFICALLY made for mios… Never used it anywhere else, only for that purpose…

I do this all the time, the mail addres was “mios@mydomain.com”. I now received an email targeted directly to that mail address with the below. This can mean only 1 thing: my email address was leaked… hacked or stolen or…

I do this all the time for all systems or platform I register for… domainname@mydomain.com so I can easily see what site/system leaked my email address…

SUBJECT:
Security Alert. Your accounts were compromised. You need to change password!

BODY:
Hello!

I am a hacker who has access to your operating system.

I also have full access to your account.

I’ve been watching you for a few months now.

The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.

Trojan Virus gives me full access and control over a computer or other device.

This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?

Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.

With one click of the mouse, I can send this video to all your emails and contacts on social networks.

I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,

transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: 377H9PUAqEkdDbVYarFrpmx9zy9bW75DKK

After receiving the payment, I will delete the video and you will never hear me again.

I give you 50 hours (more than 2 days) to pay.

I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.

I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

Adult site huh… and satisfying yourself? I think they got you there! You gotta pay.

More seriously though, I think these are being sent to randomly generated email addresses or worst case you have a cookie leak through some malware in your computer.

Where is @mydomain registered? Where is it hosted? Where is DNS hosted for the domain? Is every client device 100% clean?

Methinks Vera is not the culprit here, and I say that as I migrate everything to HA, so not exactly a fanboi.

I do this as well, in terms of unique addresses. My get spam all the time to these addresses. It happens.

C

Sender, I’m sorry to hear about this.

That’s quite an assumption and a scandalous title but definitely not related to MiOS security as a platform, maybe the old forum security at most. I’ve checked and all your historic logins are from IP’s in your region so unless it’s your neighbour that’s hacking you, this is something else.

This are scam emails. I get them once is a while on several of my domains. Like any spam/scam, just delete them. It is all fake, there is no video, nothing got hacked. They only know how to click a send button, no hacking skills what so ever.

Cheers Rene

Hello,

I can officially say that this is not related to our platform.
I have a dozen of emails like this during the last 3 months, on one older email that I still sometimes use.

Please file a report for that bitcoin address here:
https://www.bitcoinabuse.com/reports/377H9PUAqEkdDbVYarFrpmx9zy9bW75DKK

Ah, and mine are sent by the outlook.com servers, even though some of them appear to be from a different domain.

Hello, I have several (a lot: every site I register to I use a different) mail adresses "registereddomain"@mydomain.com. some are powned, some are not. mios@mydomain.com is.
All others are not (for some there are) I can easily check on haveibeenpwnd.com. https://haveibeenpwned.com/

I am NOT saying vera is compromised, or Vera is insecure, I am saying that the site I used mios@mydomain.com leaked my mail address.

Edit: I am 99% sure this is the site I used it for… UI5 portal I tinks it was:
https://cp.mios.com/login.php

Edit: 100%, the mail address is still in there under “my contact info”… you have a security problem mios/vera/micasaverde…

Edit: I have changed the address to…
mios-thisisauniqueemailthatyoucannotguess3082019@mydomain.com

But if it was already copied I will not receive anything there anymore I geass…

I’m going to enjoy watching this play out, actually

C

One of my emails checked says:

image1017×356 159 KB

On another email I seem to have been pwned in 4 breaches.

The site also shows you this data, for your email, so unless the site states that the pwnage was from getvera/mios, it wasn’t us.

My email was not found — does that mean I haven’t been pwned?

Whilst HIBP is kept up to date with as much data as possible, it contains but a small subset of all the records that have been breached over the years. Many breaches never result in the public release of data and indeed many breaches even go entirely undetected. “Absence of evidence is not evidence of absence” or in other words, just because your email address wasn’t found here doesn’t mean that is hasn’t been compromised in another breach.

Still, you can not be sure the pwnage came from this site.
I mean, if for example the domain is a common word (eg. mios means mine, in spanish), it can just be “computed”.
If you would have used email+ph0r00m-m1os-n0spam@domain, that would have been different indeed.

Sure not to be sure. All pownages on haveibeenpwnd are published by their owners.

The email I used for vera was gotten as well a few years ago. I emailed support, they ignored me. Its obvious their database was/is accessible/compromised/sold. Thats the way of the internet, you have to protect yourself and not rely on the sites you visit to keep your information secure, thus the custom email for each site.

Vera, I jusy received another spam message on a uniquely registered address on cp.mios.com. In my key vault I see I created this address “vera2user@mydomain.nl” on 6-2-2014 15.09. I am very sure the information kept in the database of this site cp.mios.com has been compromised. The information is leaked. See attached, since I am on a .nl domain the spam is in Dutch and sent to the uniquely registered address.

Screenshot_20191002-122445_Email913×1543 388 KB

I received the same email on my email account specially for Vera: mios@…nl. So I’m not sure what has been hacked, but this email is only used for Vera (cp.mios.com, not the forum).

We have ovewr 100k addresses in our ui5 database only. Out of these, only a couple of hundreds match .nl domains. Less than 50 match ; out of 100000, only 210 are emails like .

Every request like this has to be backed by a message to one admin on the forum, with all the required details, like domain, who hosts it, so we then can investigate.
Some of the .nl domains are hosted in gapps, some in dds.nl, some in one.com, some by others.

@Vinx I saw you have multiple addresses that you registered with us, and you only received spam on one of them.

Some more info:
A random address is something like r4nD0m-ized-w0rd @ something, not word @ domain.
I got some self hosted domains (non work related) that have emails not published on the internet. Still, I have been receiving sextortion emails in english, similar to the one posted by @slelieveld.

image650×863 51.9 KB

Why is it so hard to admit/believe? Why would I make it up? I have only a few of "specific mail adresses which receive SPAM. I have never before received SPAM on a “random”@mydomain.nl. All adresses which recrive spam I block and change on the specific site. I had 2 accounts on cp.mios.com and the previous forum mios@ and vera2user@ both mydomain.

Sorry couldn’t help it…

seeing as though 2 days ago comodo cybersecurity’s forum got hacked … comodo is owned by MAVeCap who also own Ezlo … wouldnt surprise me