So I got one of those scam emails "I hacked your email account, so send me bitcoin or I'll show the world the porn you look at" ... it had my email address and said what the password was. While that's not the PW for that email address it is one I've used other places (although not in a long time since I let LastPass generate them now).

I think the guy doesn't have anything on me but it is disconcerting.

My guess is he got a list of usernames (many sites use your email address) and pws and is just assuming that a lot of people use just one or two pws so he'd get lucky frightening someone. But it does illustrate why a pw manager is the way to go and you should NEVER re-use passwords.


I downloaded my password list off LastPass and cross referenced all the sites I used that combination of password and email-address-as-username ... and found about a dozen. Only a couple of which are sites I actually use (so I changed those).



Anyway Justin sent me the following link when I talked to him about it https://haveibeenpwned.com/ and it looks like I had been "pwned" and two of the web sites I use had been breached (disqus and plex). So glad I changed those PWs today.