cancel
Showing results for 
Search instead for 
Did you mean: 

Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

britbolton1
Newbie
Posts: 1
Registered: ‎21-08-2021

Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

I have just received an email (sent from my email account) quoting my email account and password and demanding a sum of money to stop disseminating my contacts, emails etc.  The worrying thing is that it came from my email and quoted the correct password.

Has anyone come across this SQL-INJ vulnerability and is there a work around?

9 REPLIES 9
Bogbody
Aspiring Pro
Posts: 181
Thanks: 47
Fixes: 4
Registered: ‎23-02-2020

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Change your email password immeadiatly ......
and tell them to Foxtrot Oscar .......
Mook
Seasoned Champion
Posts: 1,266
Thanks: 870
Fixes: 9
Registered: ‎27-12-2019

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

It my appear to come from your own account but if you check it the email should be in your own sent folder, is this the case?

How do you know this is a SQL Injection attack and not caused by a lack of security elsewhere?

Den1
Rising Star
Posts: 151
Thanks: 9
Fixes: 2
Registered: ‎24-10-2013

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

Change password immediately and on any other account that use the same password also use, https://haveibeenpwned.com/  too see if its been exposed else ware

britbolton
Newbie
Posts: 3
Registered: ‎07-03-2019

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

The email sender was my address but I've checked my Sent emails and it is not there.  Re  "how do I know it is an SQL-INJ".  Only from what the email said "I want to inform you, using a discovered vulnerability sql-inj on the imap.plus.net control of the site was seized by me ".

 

I've changed my password for the account.

Mook
Seasoned Champion
Posts: 1,266
Thanks: 870
Fixes: 9
Registered: ‎27-12-2019

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

@britbolton  As it wasn't in your Sent folder then I doubt it was sent from your account. The references to SQL Injection were, I suspect, there to convince you of the legitimacy of the possibility should you search the subject. By far the best proof your account's been compromised would be to send it direct from your account and leave it in the Sent folder.

Anonymous
Not applicable

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system


@britbolton wrote:

 

I've changed my password for the account.


Does  your email account provider have/use two factor authentication if it has I would set it up.

If not I would change to an email provider who uses two factor authentication as an extra layer of security a pain some times but well worth using.

 

HD

britbolton
Newbie
Posts: 3
Registered: ‎07-03-2019

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

My email provided is Plusnet.  I can't find any info as to whether Plusnet provides TFA.  Do you know?

jab1
Legend
Posts: 16,819
Thanks: 5,343
Fixes: 248
Registered: ‎24-02-2012

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

@britbolton I don't think they do - but I could be wrong.

John
Anonymous
Not applicable

Re: Hack/Blackmail email due to vulnerability sql-inj on the imap.plus.net system

I think John is right  and the storage is very low

GMail has 15GB of storage and TFA  and if you change provider you don't have to mess about  with the email address

I know they look at your account but I do nothing I shouldn't  

 

HD