<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> </head> <body> <div> <div> <div> <div>That's there. However this gang has generally operated by downloading out of date password dumps </div> </div> <div><br> </div> <div class="ms-outlook-ios-signature"> <div style="direction: ltr;">--srs</div> </div> </div> <div> </div> <hr style="display:inline-block;width:98%" tabindex="-1"> <div id="divRplyFwdMsg" dir="dir="ltr""><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Andreas Schulze <andreas.schulze@datev.de><br> <b>Sent:</b> Wednesday, October 24, 2018 3:52 PM<br> <b>To:</b> anti-abuse-wg@ripe.net<br> <b>Subject:</b> Re: [anti-abuse-wg] Mailman <div> </div> </font></div> Am 22.10.2018 um 07:50 schrieb ac: <br> > <br> > Hi All, <br> > <br> > I will be repeating this post on four Mailman mailing lists.... <br> > <br> > I received one of these: "I hacked your account, here is your password <br> > and pay me bitcoin" scam emails - to andre@ox.co.za with the password I <br> > used on anti-abuse-wg@ripe.net (and three other Mailman lists only...) <br> > <br> > As I use different passwords, change my passwords (up to now, except <br> > for mailing lists), every 7 to 30 days, I am usually able to know <br> > exactly where, when so that I can go look for the how, etc. As <br> > unfortunately I used the same email and same password on four lists, I <br> > do not know which list data has been compromised. <br> <br> there are two places a list password is stored. <br> - @mailman itself <br> - @your-mua by regular "this is your subsription overview" messages sent out by mailman. <br> <br> if you find a password that (you think) is current, what is the more likely place it was stolen? <br> <br> <br> -- <br> A. Schulze <br> DATEV eG <br> <br> </div> </body> </html>