the following screenshot is an email which entered my spam folder today. i have a “sense” for emails with a bad intent and tend to delete them straight away. but this one caught my attention because in the subject line and in the first line of the email i found a password which i often used in the past. the password was not depicted completely correct, a lower/uppercase variation was missing, but basically it was quite a shock. image you’ve used a password like, say, 666the-Devil, hundreds of times, and then an email arrives which states: i know, 666the-devil [lowercase d] is your password – this would trigger alarm bells.

the spam attack was → easy to google. this invasion vector is well known. but the password riddled me. until i found out that it was from a yahoo breach which ran through the years 2013–17. basically all yahoo accounts were hacked, and obviously the passwords were spread all over the darknet. i changed my password long ago, but it’s still stunning to read it.

oh, my PC has no camera. sorry, you greedy black hat!