SPAM email on unique mios address only known in UI5 is it hacked?

OMG Vera! I registered on the old platform with an email adress SPECIFICALLY made for mios… Never used it anywhere else, only for that purpose…

I do this all the time, the mail addres was "". I now received an email targeted directly to that mail address with the below. This can mean only 1 thing: my email address was leaked… hacked or stolen or…

I do this all the time for all systems or platform I register for… so I can easily see what site/system leaked my email address…

Security Alert. Your accounts were compromised. You need to change password!


I am a hacker who has access to your operating system.

I also have full access to your account.

I’ve been watching you for a few months now.

The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.

Trojan Virus gives me full access and control over a computer or other device.

This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?

Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.

With one click of the mouse, I can send this video to all your emails and contacts on social networks.

I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,

transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: 377H9PUAqEkdDbVYarFrpmx9zy9bW75DKK

After receiving the payment, I will delete the video and you will never hear me again.

I give you 50 hours (more than 2 days) to pay.

I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.

I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

Adult site huh… and satisfying yourself? I think they got you there! You gotta pay. :laughing::laughing::laughing:

More seriously though, I think these are being sent to randomly generated email addresses or worst case you have a cookie leak through some malware in your computer.

Where is @mydomain registered? Where is it hosted? Where is DNS hosted for the domain? Is every client device 100% clean?

Methinks Vera is not the culprit here, and I say that as I migrate everything to HA, so not exactly a fanboi.

I do this as well, in terms of unique addresses. My get spam all the time to these addresses. It happens.


Sender, I’m sorry to hear about this.

That’s quite an assumption and a scandalous title but definitely not related to MiOS security as a platform, maybe the old forum security at most. I’ve checked and all your historic logins are from IP’s in your region so unless it’s your neighbour that’s hacking you, this is something else.

This are scam emails. I get them once is a while on several of my domains. Like any spam/scam, just delete them. It is all fake, there is no video, nothing got hacked. They only know how to click a send button, no hacking skills what so ever.

Cheers Rene


I can officially say that this is not related to our platform.
I have a dozen of emails like this during the last 3 months, on one older email that I still sometimes use.

Please file a report for that bitcoin address here:

Ah, and mine are sent by the servers, even though some of them appear to be from a different domain.

Hello, I have several (a lot: every site I register to I use a different) mail adresses “registereddomain” some are powned, some are not. is.
All others are not (for some there are) I can easily check on

I am NOT saying vera is compromised, or Vera is insecure, I am saying that the site I used leaked my mail address.

Edit: I am 99% sure this is the site I used it for… UI5 portal I tinks it was:

Edit: 100%, the mail address is still in there under “my contact info”… you have a security problem mios/vera/micasaverde…

Edit: I have changed the address to…

But if it was already copied I will not receive anything there anymore I geass…

I’m going to enjoy watching this play out, actually


One of my emails checked says:

On another email I seem to have been pwned in 4 breaches.

The site also shows you this data, for your email, so unless the site states that the pwnage was from getvera/mios, it wasn’t us.

My email was not found — does that mean I haven’t been pwned?

Whilst HIBP is kept up to date with as much data as possible, it contains but a small subset of all the records that have been breached over the years. Many breaches never result in the public release of data and indeed many breaches even go entirely undetected. “Absence of evidence is not evidence of absence” or in other words, just because your email address wasn’t found here doesn’t mean that is hasn’t been compromised in another breach.

Still, you can not be sure the pwnage came from this site.
I mean, if for example the domain is a common word (eg. mios means mine, in spanish), it can just be “computed”.
If you would have used email+ph0r00m-m1os-n0spam@domain, that would have been different indeed.

Sure not to be sure. All pownages on haveibeenpwnd are published by their owners.

The email I used for vera was gotten as well a few years ago. I emailed support, they ignored me. Its obvious their database was/is accessible/compromised/sold. Thats the way of the internet, you have to protect yourself and not rely on the sites you visit to keep your information secure, thus the custom email for each site.