Consequences of Leaked Passwords

As a result of "leaked" access data, blackmail emails are sent out again and again in which people try to make you believe that they had i access to your computer and therefore know the access data.

However, if you use a separate password for each system (as we have been recommending for years), you will also know from the password on which system the data was probably leaked and you can then check with have i been pwned? or Firefox Monitor whether this is true.

In Generally, you will be able to ignore the blackmail attempt - often written with strange characters (Whαt do Ι kηow abοuτ yοu? etc.), so that it is not immediately recognized as spam by anti-spam methods (but we usually do recognize it) - but it is generally an indication that your credentials are known and if the same credentials are

  1. are still current (change them regularly!)
  2. are also used on other systems (please do not re-use! As a result of leaked passwords, credential stuffing attacks occur very often, where automated attempts are made to access other accounts of the affected person with these passwords).
then there is an urgent need for action:
Immediately change the password for all systems for which you have used these credentials - choose a separate password for each system and i remember to change it regularly!

If it is possible, make sure they use multi-factor authentication (MFA) - for systems that are integrated into the SSO system of TU Graz, by using the mobile phone signature.