Rent-a-Coder Hacked?


#1

Received below 25th September 2018. I hadn’t used Rent-a-coder for over 10 years, and just tried it on Elancer and it doesn’t have my old account copied over. checked the Bitcoin address and it had two transactions, checked about 15 minutes later and it had four, total 0.25 Bitcoin. If any body wants a look at the email source let me know.

Hello! I’m a member of an international hacker group. As you could probably have guessed, your account (ONE OF MY EMAIL ADDRESSES) was hacked, I sent message you from it. Now I have access to you accounts! You still do not believe it? So, this is your password: (PASSWORD UNIQUE TO RENT-A-CODER) , right? Within a period from July 5, 2018 to September 21, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we’ve gotten full damps of these data. We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know… But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched! I think you are not interested show this video to your friends, relatives, and your intimate one… Transfer $700 to our Bitcoin wallet: 1DzM9y4fRgWqpZZCsvf5Rx4HupbE5Q5r4y I guarantee that after that, we’ll erase all your “data” :smiley: A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount. Your data will be erased once the money are transferred. If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection. You should always think about your security. We hope this case will teach you to keep secrets. Take care of yourself.


(Howard) #2

If you haven’t you should report immediately to Elancer. This sexstortion con is making the rounds. But if your name is still associated with the account that could be problematic. I would call them immediately and let them know your account was compromised. As the con artist has your credentials and he’s obviously left it in your name and presumably collecting bitcon and you don’t want to be part of his/her con.


(Jiri Sokol) #3

@ches42 I’d be interested in looking at those email headers, as I’m working with the current owners of rent-a-coder on this. You can send them to my @gmail sokoljiri9 thanks!


(Robert Thompson) #4

exact same issue for us, as haven’t used the site in 6-7 Years, but received Sexploit email stating user name and password for the site demanding we pay the ransom. Spoofed our email domain, but the headers show it originated from a blacklisted IP.


(Sherif Shiha) #5

No, they are not hacked , it looks like a browser you have been using and was not updated, or you have used this account someday on an old PC/browser which is now infected.
So, they gained the saved passwords on that browser and linked it with your email account thinking that this is the password of your email account to try to blackmail you…
it’s a fake email.


(Howard) #6

The recent content of these emails are being sent in bulk. They are now being flagged as spam in Outlook 365.This spam campaign has been going on since July and seems to be increasing in volume. In most cases the passwords seem to be over 7 years old and in some cases 10 years. The messages have very sight variations, and the bitcoin addresses are different and can be tracked online through various public bitcoin abuse web sites. See: https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/


#7

Had another email using a password that I setup and still use on one site, but not with the email they have quoted.

Now a couple of years ago I bought a cleaner product online and it didn’t work crashed tthe computer, had to get into safe mode and restore to an earlier date, That notebook has since died, but I stil have it.

So I’m waiting to see if they come up with any of my more complex passwords, I’ve beenround the financial sites and changed all my passwords any way


#8

Received more emails with slight variations the one below, has normal text then from the source the embedded text version, it’s using 8 bit characters but the 8th bit is gettin stripped off in normal display?

The sight won’t let me copy the whole source in ( no more than two links because I’m a newbie) I’ve been reading Stu Sjouwerman’s publishings for over 20 years

Hi, victim.
This is my lаst wаrning .
I write you becаuse I рut a malwаre on the wеb pаge with porn which yоu hаve visited.
My virus grаbbed all yоur реrsоnаl info and turnеd оn yоur сamerа whiсh cаptured thе рrоcess оf your onаnism. Just аftеr that thе sоft sаvеd your cоntасt list.
I will dеlеtе thе comprоmising video and info if you рay me 600 EURO in bitcоin. This is address for pаyment: 1DVygmW3KSRwAPut2R58dTN9Vw3CV799UB

I give yоu 24 hоurs aftеr yоu оpen my messagе for mаking thе transасtiоn.
As sооn аs yоu rеаd the mеssаge I’ll sее it right away.
It is nоt nесеssary tо tеll me thаt you havе sent mоney to mе. This аddress is соnnected to yоu, my system will deletе еverything autоmаtiсally aftеr trаnsfеr confirmatiоn.
If yоu need 48 h just reply оn this lettеr with +.
Yоu cаn visit the рolice stаtion but nobody сan help yоu.
I dont livе in your cоuntry. Sо they саn not trасk my locatiоn еvеn fоr 8 mоnths.
Gооdbye. Dоnt fоrgеt abоut the shаme and tо ignore, Your lifе can bе ruined.

Hi, victim.
This is my l=D0=B0st w=D0=B0rning .
I write you bec=D0=B0use I =D1=80ut a malw=D0=B0re on the w=D0=B5b p=D0=B0=
ge with porn which y=D0=BEu h=D0=B0ve visited.
My virus gr=D0=B0bbed all y=D0=BEur =D1=80=D0=B5rs=D0=BEn=D0=B0l info and=
turn=D0=B5d =D0=BEn y=D0=BEur =D1=81amer=D0=B0 whi=D1=81h c=D0=B0ptured =
th=D0=B5 =D1=80r=D0=BEcess =D0=BEf your on=D0=B0nism. Just =D0=B0ft=D0=B5=
r that th=D0=B5 s=D0=BEft s=D0=B0v=D0=B5d your c=D0=BEnt=D0=B0=D1=81t lis=
t.
I will d=D0=B5l=D0=B5t=D0=B5 th=D0=B5 compr=D0=BEmising video and info if=
you =D1=80ay me 600 EURO in bitc=D0=BEin. This is address for p=D0=B0yme=
nt: 1DVygmW3KSRwAPut2R58dTN9Vw3CV799UB

I give y=D0=BEu 24 h=D0=BEurs aft=D0=B5r y=D0=BEu =D0=BEpen my messag=D0=B5=
for m=D0=B0king th=D0=B5 trans=D0=B0=D1=81ti=D0=BEn.
As s=D0=BE=D0=BEn =D0=B0s y=D0=BEu r=D0=B5=D0=B0d the m=D0=B5ss=D0=B0ge I=
'll s=D0=B5=D0=B5 it right away.
It is n=D0=BEt n=D0=B5=D1=81=D0=B5ssary t=D0=BE t=D0=B5ll me th=D0=B0t yo=
u hav=D0=B5 sent m=D0=BEney to m=D0=B5. This =D0=B0ddress is =D1=81=D0=BE=
nnected to y=D0=BEu, my system will delet=D0=B5 =D0=B5verything aut=D0=BE=
m=D0=B0ti=D1=81ally aft=D0=B5r tr=D0=B0nsf=D0=B5r confirmati=D0=BEn.
If y=D0=BEu need 48 h just reply =D0=BEn this lett=D0=B5r with +.
Y=D0=BEu c=D0=B0n visit the =D1=80olice st=D0=B0tion but nobody =D1=81an =
help y=D0=BEu.
I dont liv=D0=B5 in your c=D0=BEuntry. S=D0=BE they =D1=81=D0=B0n not tr=D0=
=B0=D1=81k my locati=D0=BEn =D0=B5v=D0=B5n f=D0=BEr 8 m=D0=BEnths.
G=D0=BE=D0=BEdbye. D=D0=BEnt f=D0=BErg=D0=B5t ab=D0=BEut the sh=D0=B0me a=
nd t=D0=BE ignore, Your lif=D0=B5 can b=D0=B5 ruined.


(Howard) #9

Here’s the latest update I’ve read in a blog article posted on Spiceworks from the Barkly blog.
Sextortion Email Scam Nets Criminals $4 Million, Continues to Evolve

"One of the most successful email scams in years has added new tricks and shows no sign of stopping.

Key Details

  • What’s happening:

Criminals are continuing to successfully trick people into thinking their computers have been infected with malware that recorded videos of them watching porn. The criminals threaten to share the videos with all the victim’s contacts unless they receive payment in Bitcoin.

  • New tricks:

To make their claim more believable, criminals have been revealing they know a real password the victim has used. On top of that, new versions of the scam are spoofing victims’ email addresses, making it appear the messages are being sent from the victim’s own “hijacked” account.

  • All a big bluff:

The criminals aren’t actually infecting victims with malware. They’ve simply gained access to email addresses and passwords previously leaked in large data breaches (ex: the 2012 LinkedIn breach). People who receive these emails should NOT pay.

  • $4 million and counting:

Unfortunately, the scam has been remarkably effective. Criminals have netted over $4 million in Bitcoin payments over the span of just three months."


(Peter åstrand) #10

Today, I got a similar email. However, I’ve used an email and password unique for Rent-a-Coder; both were included in the email. This means that the data cannot come from other leaks; Rent-a-Coder/Freelancer was/is hacked.


(Jutta Uhr) #11

My rentacoder.com password has been hacked too.


#12

Was definitely Renacoder specifically that were hacked, as others such as Peter_Astrand have said. They sent a ransom to me using an an email and login that I used nowhere else. I don’t save passwords in my browser, I type them in each time, so they didn’t get them from there either. I suppose a keylogger is technically possible, but they’d have had to have logged me 6 or so years ago when I made the account and logged in once and then sat on it for about 7 years. I also got a similar email containing the password I used for a company called SVP, which I also haven’t used for at least 10 years.

Sherif_Shiha you’re just wrong, sorry.


(Mykle Hansen) #13

Ditto that. Both the email address and the password were specific to rent-a-coder.com, and neither has been used in years. I wouldn’t be surprised if that data was liberated in some already well-known security breach, but I was not aware of one specific to rent-a-coder (or their later identity, freelancer.com).


#14

Same here: e-mailaddress and password exclusively used for rentacoder, (now freelancer.com apparently. Was able to login with the data as well… So no knowledge about this at freelancer or no bother. Have issued a ticket, waiting for the response.


(Howard) #15

I think its still an open question in my mind. I’m not saying your wrong. But unless you have only a handful of passwords it’s hard to say with 100% certainty that the possibility of re-use of a password once or twice over six years ago might have happened. But you may be absolutely correct. I’ve used an encrypted password manager for over 15 years. So I have a record of several thousand passwords I’ve used and those don’t include those I’ve purged. Even so, there were times 10 years ago or more when passwords were not as top of mind as they are now and handled very loosely by those outside the security business. And human inertia, memory and convenience make us totally susceptible to reusing easy passwords. So many reasons for passwords to go away. It’s good that some of the password managers now have a security feature that flags reuse of the same password. Some even have the ability to flag and reset to a stronger password! Bleeping Computer just reported that two recent waves of the Sextortion scam have utilized the Necurs Botnet. https://www.bleepingcomputer.com/news/security/necurs-botnet-distributing-sextortion-email-scams/