Data from Old Breaches Used in “Sextortion” Scam – Barracuda Labs

Last updated June 23, 2021
Written by:
Gabriela Vatu

There are many cybercriminals out there, and they seem to like to scare people quite a bit. The latest ploy uses personal data scavenged from various data breaches - the Sextortion scheme. The worst part is that the targets are threatened with compromising pics; unless they pay some Bitcoin, those pics are getting published.

Dubbed "sextortion," Barracuda Labs says that tens of thousands of emails get sent every month, hoping that someone will fall for the ruse. The emails usually start off with an interesting subject line - an old password.

The emails people received often feature the same scenario - the cybercriminals claim to have had access to the victim's computer for a long time. They say this happened via a Remote Access Trojan (RAT) victims picked up off a porn site. During this time, they claim to have recorded video footage of these people while watching porn.

Whether or not these people actually did watch porn is not the issue here and everyone knows their own business. The thing that catches the eye is the fact that they provide one of the victim's passwords. Since people's emails are on various online lists all over the Internet, it's not hard to pick them up from the public lists.

Barracuda Networks experts believe these come from the AntiPublic Combo List, which features more than 500 million leaked passwords from a number of data breaches, rather than actual malware on the computers. That's not to say that RAT infections aren't popular these days, because they are, but this is most likely a scam.

How Popular Is the Sextortion Scheme?

Barracuda Labs found 24,000 emails since September that use this scheme, but it appears the scheme started back in July. Given the payouts are somewhere between $1,000 and $7,000, chances are they're not going to stop anytime soon.

Thankfully, people don't seem to be falling for this scheme. Out of about 1,000 Bitcoin wallets belonging to the attacker, only four transfers were made. Of course, this whole scheme may have been slightly more successful before media reports started coming in. Even though those passwords may be old, and that people are quite likely to have a lot better security practices nowadays than they did before, the threats are still unsettling.

The scheme has many targets, from all over the world, including countries like Australia, Belgium, Canada, China, Czech Republic, Spain, Guatemala, Hungary, Ireland, Iceland, Japan, Sri Lanka, Netherlands, United Kingdom, and the USA.

How to Stay Safe Online

The best way to combat such attacks is to make sure you have proper security practices in place. That means changing your passwords from time to time, using a password manager like 1Password, keeping your device operating system up to date, having protection software installed, and keeping your eyes open to the permissions you give the websites you visit.

It wouldn't be too bad if you check to see if your email addresses and passwords were ever involved in any data breaches, either, and you can do that easily on Have I Been Pwned. We actually recently had an interview with the author of the site, Troy Hunt, about the cyber dangers surrounding us, which you can also check out.

Also, if you get one of these emails in your inbox, don't react out of fear and do a security sweep first, or ask someone else to do one for you. Paying out these criminals will only encourage them to do this again and again.

Have you been a victim of any of these scams? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle. 



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: