Extortion email possibly tied to a previously hacked EA account

I received an email today. The author threatened to expose my love of streaming porn sites along with web cam footage of my drooling unless I gave them xxx amount of bitcoin. An empty and laughable threat since, hell, I don't even have a web cam, but whatever. What piqued my interest is the password they said they had obtained. It was the one I used to access my EA account and one that was hacked a couple years ago, by, I believe a person from Russia since the answer to a challenge question for my account was changed to Cyrillic. I never used the account much, since I don't play many EA games, but two years ago, I bought ME:A ( yuck , serves me right ) and I never bothered to implement 2 factor like I did for Steam. Now, thankfully, I was able to get my account back after calling EA and I was never foolish enough to tie a credit card to the account. I read shortly after my experience that a lot of EA accounts were affected by a hack.

Which is why I'm posting here. Was anybody affected by this hack and have you received an email like I described?

With stuff like this you tend to get really weird associations. Maybe yours came from a compromised EA account and your neighbor's was from Best Buy and your sister's was from her university's IRC server

The gist of it is that when a breach happens, the data is sold. Group X might sift through, take the good stuff, and then sell it again. And so on and so on. And eventually you just have the bottom feeders of the scumbags selling the dregs of twenty or thirty different breaches.

Then someone either buys that or gets it off a message board and does a mail merge

There are several sites and services out there, like the unfortunately named https://haveibeenpwned.com, that will help you identify if your data was part of any known data breaches that are being distributed among unsavory types online.

I think I remember Jeff saying something like that happened to him.

Yeah, I've also received a similar email before. Not about an EA account, but someone who had an old password of mine and tried the same trick. As Gundato said above, it's pretty common after any kind of data breach, huge lists of passwords and emails get sold around shady places, and eventually, probably after they've all been tested as unusable, someone gets them and sends out mass emails to all the ones they have, hoping they get someone on the hook (because hey, they send a real password, that can be spooky!).

Often there's nothing you can do about it directly. Breaches happen. Best thing is to not use the same passwords everywhere.

@methodman008: Yeah, that was crazy, and I'd imagine he would be even more of a target with just how much he has to use online IDs everywhere and being a public personality.

Jeff said he didn't fall for it, but after he explained how convincing the email was, I can't even fathom how many other people have fallen for those scams!

Scary stuff, and with more and more people information getting out there with leaks, government / companies really need to better safeguard people's information, or reduce the amount of information that these companies can request in order to create an accohbt.

Lol. Yeah, these threats that have no connection to anything you have done, been too, or seen are weird. With that said I have many devices that I own, I never steam video on any of them, and only the camera on teh smartphone is actually "useful" for unlocking my phone...so I have a "punched-out" circle of blue painters tape on the camera of most of my devices. I'm 99% sure my camera will never be compromised, but since I never use them - I just tape them over.

Not sure where they got the password from but yeah, I got the same scam e-mail. As far as spam goes, it was honestly pretty convincing. I was freaked out for a couple minutes but googled it and pretty quickly realized how common it was. Still kind of scary though.

Yeah, I got something very like this years ago, it went straight to my spam but I happened to look in the spam folder and saw it. Like the OP, they had a real password of mine from somewhere, and it also made reference to recording me on my webcam, except at the time I didn't even own a webcam. As far as I know this particular extortion scheme is inspired by a Black Mirror episode, though maybe it had been done before and I just don't know about it.

That URL feels like it was created in 1999 and somehow stuck around to be an actual service adults need.

Source:I still have an old email from that time. I never use it.

@atheistpreacher: Schemes like this are pretty common, especially adding the webcam hack threat. It's just a broad spam email that cuts/pastes the pertinent information so whether or not you have a webcam doesn't matter, they're sending thousands of them a day.

I find it hilarious they'd threaten anyone under 50 with "exposing their love of streaming porn" as...I mean, that's not much of a threat these days.