What you missed is that the scam included a password that this guy used only on this and some four other mailman lists so this suggests one of these has been compromised

--srs
 

From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of peter h <peter@hk.ipsec.se>
Sent: Tuesday, October 23, 2018 2:19 AM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Mailman
 
Yes, we have.

This is a Ccommon hoax send as SPAM and the intention is to scare folks to pay.

SPAM is the problem here!



On Monday 22 October 2018 07.50, ac wrote:
>
> Hi All,
>
> I will be repeating this post on four Mailman mailing lists....
>
> I received one of these: "I hacked your account, here is your password
> and pay me bitcoin" scam emails - to andre@ox.co.za with the password I
> used on anti-abuse-wg@ripe.net (and three other Mailman lists only...)
>
> As I use different passwords, change my passwords (up to now, except
> for mailing lists), every 7 to 30 days, I am usually able to know
> exactly where, when so that I can go look for the how, etc. As
> unfortunately I used the same email and same password on four lists, I
> do not know which list data has been compromised.
>
> If anyone else receives similar email with a password used on
> anti-abuse, please let us know...
>
> For abuse discussion purposes: With which frequency should one change
> mailing list passwords? And, is it even that important? Compromising a
> mailing list password allows whomever to change my digest options and
> nothing much else, so, does it really matter?
>
> One should have one password for each mailing list (and not one for
> four...) but, is it important enough, in terms of abuse itself, to
> even change these monthly? or maybe yearly? or maybe not at all?
>
> Andre
>
>

--
Peter Håkanson

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )