---

Am 22.10.2018 um 07:50 schrieb ac:
>
> Hi All,
>
> I will be repeating this post on four Mailman mailing lists....
>
> I received one of these: "I hacked your account, here is your password
> and pay me bitcoin" scam emails - to andre@ox.co.za with the password I
> used on anti-abuse-wg@ripe.net (and three other Mailman lists only...)
>
> As I use different passwords, change my passwords (up to now, except
> for mailing lists), every 7 to 30 days, I am usually able to know
> exactly where, when so that I can go look for the how, etc. As
> unfortunately I used the same email and same password on four lists, I
> do not know which list data has been compromised.

there are two places a list password is stored.
- @mailman itself
- @your-mua by regular "this is your subsription overview" messages sent out by mailman.

if you find a password that (you think) is current, what is the more likely place it was stolen?


--
A. Schulze
DATEV eG