Out of nowhere, a clone of the popular and well-respected data breach platform ‘Have I Been Pwned’ (HIBP) has popped up and is looking to extort you of Bitcoin (or other cryptos) to protect your leaked data from prying eyes.
This fake website claims to have data of over 1.4 billion compromised user accounts and associated passwords. It functions in a manner similar to HIBP, meaning you’re free to search for your leaked data, but there’s a catch. This website will display your password in plain text, making it visible to any and all.
This is a troubling fact, for which the cloned website has come up with the perfect plan to make money. It is asking you for a one-time crypto donation (read ransom) in the form of Bitcoin, Ethereum, Bitcoin Cash, or Litecoin to hide your all leaked passwords.
Note: If you’re unfamiliar with the functionality of Have I Been Pwned, it’s an online database for leaked credentials and data dumps. You can check whether your account (e-mail address) was compromised in the past or not.
This website was first discovered by journalist Daniel Verlaan and the legitimacy of the data has been confirmed by The Next Web. It’s been found that the database has been lifted from a public torrent and could be years old. Verlaan also has reason to believe that the data is similar to that stored by popular breach lookup service Gotcha.
The platform hasn’t garnered much traffic and no one seems to have fallen for the scam, where you need to fess out a $10 Bitcoin (or other cryptocurrencies) donation to protect your data.
It is also not sure of its business model, if you want to call it that, and has now shifted to using your computer resources in the background via in-browser crypto miners. It means you nothing to worry about, but changing your age-old passwords and switching 2-factor authentication on for your online accounts will be a good idea.