" I hacked you "

Catweazle

@ketalar, he don't, it is very possible that he used some mirror codes in the email, which show the passwords locally. There is also something like this in some forums, a code like {username} where everyone sees their own nickname in a message (or his IP or other data).

That is, everyone he send this email will see their own password in it.
But he can receive your data when you reply to this email, which you should never ever do. In any case, changing this password anyway does not hurt, if only for peace of mind.

sgunhouse

@Catweazle As I've said before, if someone had hacked your device why would they need to email you? They supposedly have direct access to your computer, just pop up a message on the screen.

Also, trojans and viruses are different things.

Catweazle

@sgunhouse, agree, it's a simple scammer which can be deleted. The code I mencioned in this mail isn't a trojan or virus, it,s also used often in circular messages to show automaticly name and userdata of every receptor. it's a simple "mirror" script. But naturally scared when a user see his password in a mail, which is the intention of the scammer, that the user fall in the trap, responding to this mail or even pay him.

ketalar

@Catweazle said in " I hacked you ":

it is very possible that he used some mirror codes in the email, which show the passwords locally.

You mean that my (incomplete) password is added in the message at the moment I receive it ??
Again, how is it possible ?
That should not happen.

BTW, as I have been simultaneously hacked in my other addresses (different provider), I consider that Vivaldi mail client looks unsecure.
Of course, I changed passwords, added dual authentification, ...and changed the sync code.
Regards,

Catweazle

@ketalar, yes, it's just this, this part of your password in the mail never leave your PC. In the past in some forums we used it for pranks, moderators in their signature "I'm watching you {username} with your {IP}" and similar things.

LonM

@ketalar They have not hacked your Vivaldi account or PC. What likely happened is a different hacker hacked some service you use. They steal everyone's passwords on this other service and sell these password-email lists on the web. Then the hackers that contacted you put this info in an email, pretending that they have hacked your current account when really all they have done it download a password that was stolen a long time ago. I still get emails from hackers pretending they know my password which I last used decades ago.

This is why it is important to use a different password for each service (not similar, really different and unique). That way if one service gets hacked, it won't affect any others.

Catweazle

@LonM, also possible, but it's really the worst case. I also received mails like this and I use different passwords, because of this I believe more in this old good known mirror code. @DoctorG for sure also know this script, which has served for a lot of jokes to newbees in the past.

far4

@Catweazle said in " I hacked you ":

In the past in some forums we used it for pranks, moderators in their signature "I'm watching you {username} with your {IP}" and similar things.

The problem is that showing username (e.g. on a forum) and ip is not a privacy violation. But inserting a password in this way.... ??! How should the password be stored so that the script can access it?

DoctorG

@ketalar The passwords can not be hacked from Vivaldi mail server, all these are encrypted.
The local mail passwords can not be read as they are encrypted by OS password encryption.
The only way t o get users passwords is to have a trojan malware on your PC which reads password while you are typing it.

far4

@ketalar
If your password looked something like "Ketchican1723b", it could have been picked up through social engineering or bruteforce. A normal password should be long and random.

And if you didn't have 2fa enabled until now and didn't use application passwords for email clients (separate password for each, on each device) - then here is a possible reason for the hack. Add to this the mandatory antivirus and properly configured firewall on all devices, including android. If you download programs from software collection sites, you should always check them on VirusTotal before installing. On windows, never run as Administrator in a persistent mode. Never store passwords in a browser password manager, any, on any platform - only in encrypted form in a password manager like keepassdx.

1Z0FPMeRD5I

@ketalar so you do visit XXX sites quite frequently, or?
if the description of your behavior do not match what you really are doing, then you know it's just a fake.

DoctorG

@ketalar said in " I hacked you ":

including your password: Ketchican1723b>

There are wordlists in Internet where blackhat (=malicious) hackers can create passwords themselves by combination of words and numbers.
And they are sending to millions of users scam mails blackmailing bitcoins.

Catweazle

It's matemathic, against bruteforce isn't so important to have much upper-, lowercase,-signs or symbols in the password. The only important is how long is the password, or better pasphrase.
All passwords are based on a letterset (depending of the language) of 125 signs which you have in your Ascii table, and so the possibility to crack a password is 125^n, where n is the length of the password. If the password has 12 letters, there is 125^12 or 14.551.915.228.366.851.806.640.625 attempts to find the correct one, good luck, it is advisable to make yourself comfortable with enough food, it will last a long time with brute force systems, even if you suppose that the password is only made with the normal 88 keyset, the result is still 215.671.155.821.681.003.462.656 attempts, adding that all normal systems block the password for a time, if are used more than 3-4 wrong attempts.

Bruteforce isn't the way to crack a password, at lest if you use other than your birthday or the name of your cat.

ketalar

Thank you guys,
Of course I scan regularly with an antivirus, I have different passwords for each site, longer than 8 letters and with special signs.
But what is the best way to store them ?

An external (or extension???) passwd safe ???
Is "notes" secure enough ?
Other mean ?
Regards,

WildEnte

@ketalar Do not use Notes. You can use the password manager which is integrated in Vivaldi.
https://help.vivaldi.com/desktop/privacy/password-management/

An external password manager like Keepassxc or Bitwarden helps when you have passwords required outside of your browser, they can be included in Vivaldi with their respective extensions

far4

@ketalar said in " I hacked you ":

Is "notes" secure enough ?

Depends on the purpose. Android/Vivaldi/Notes do not know how to encrypt information on the device itself, nor do they protect it with a password. But for ordinary, everyday purposes, they're fine. I often save poems, short funny stories, and anecdotes found on the web there. Cooking recipes. Useful computer tips.
Anyone who picks up an unlocked smartphone will be able to read your notes - that's what we're basing this on.

An external (or extension???) passwd safe ???

On android, you can use keepassdx (f-droid) or keepass for android (dev. PhilippC, github). This is safer than keeping passwords and other sensitive information in the browser. At least it is password protected and encrypted.

OakdaleFTL

I know this sounds quite moralistic (but it isn't really...):
Years ago I received an email almost identical to the one the OP showed us. For about 10 minutes, I was freaked out! But — then I re-read it and noted the particulars...

That I hadn't viewed (much... ) porn. That I didn't subscribe to any "service" connected to porn. And, finally, that I'd never had a camera connected to my computer!

The threats we pure BS! (But I still kept a screenshot of that email on my desktop for a few years!

ketalar

@WildEnte
Thank you for the information.
I am already using the very convenient password manager...
...but it is sometimes complicated for rarely visited sites, and seems not so secure to back them up in a csv file.
So, back to Notes.
But are they hackable while running Vivaldi ?
Regards,

WildEnte

@ketalar notes are plain text files. Mega insecure for passwords. The internal password manager stores passwords in an encrypted file, where the encryption is taken care of by your operating system. That is why when you want to view them, you have to enter your OS password to have Vivaldi show it.

Use the password manager for passwords. That's what it is designed for. If it looks insecure to you, it just means they did a good job making it convenient to use so you don't even notice when it encrypts and unencrypts your data

sulegulmen

Scam spam phishing alert: Lyda from eurodetach says she is from vivaldi support but ı do not believe her. so ı am reporting her email. I am reporting here below because the form at vivaldi help to report scam spam phishing spammers is not sending my report

THE SPAM MAİL İS AS FOLLOWS:
This email is suspicious:

Sender "vivaldi . net" Support <lyra @ eurodetach. com>

Dear Customer,

Your domain name is approaching its expiration date. We urge you to renew it promptly to ensure no disruption of services.

Renew Now
date

Renewal Failed

We attempted to renew your domain, but the process was unsuccessful. To ensure you don't lose your domain, please update your billing information at your earliest convenience.

If you have any questions, please do not hesitate to contact our customer support.

Thank you for choosing vivald net

Sincerely,
vivaldi net Customer Service Team