Firstly, since people keep mentioning keeper.io - I should clarify that this is likely a new listing from a few months ago, since I haven’t seen this before yesterday. The source db appears to be clearly the same.
The original listing was done on https://vigilante.pw/, nearly 3 years ago. Soon after this, we were contacted by someone telling us that they have access to a breached database, and that they want a certain amount of money in bitcoin for them to not share this with the world. There was no actual proof offered (hint hint), and all that was offered as a proof was a link to https://vigilante.pw/. If we did not pay this money, the database would be leaked publicly.
There were holes in this story:
- If there was a breach, we would likely know about it.
- We did not have 20k accounts in Nov 2016. This number was far off.
- We used to use default whmcs behavior of emailing passwords a long long time ago (as did many other providers with very high reputation today), we were flamed for it, and this was changed. There were no 20k (or even 2k) plaintext passwords.
- Breaches like this, especially if there were plaintext passwords, do not remain hidden. They spread like wildfire. Remember Staminus?
If there was even a sliver of a chance of this being real, we would have informed the customers, and force reset all passwords - like any responsible company would do.
We knew this person was lying, he was blocked, and the case was over. His threat to “publicly leak the db” never became a reality.
In 3 years, not even a single customer has contacted us or me, asking about the listing on vigilante.pw, or anywhere else. It was a non-issue. So I never bothered with it and went on living my life.
Now I assume it either began with this (Hi Hurley, or Theseus) or before this, but I was only made aware of it yesterday, that some troll appears to be making rounds on hostballs, making snarky comments with no evidence whatsoever about a db breach.
I have seen the “database” in question. It is a text file called “hosthatch.com_plain.txt” with email:password pairs, none of which belong to us. A lot of it is “123456” and “ab123d”. None of the emails are registered with us. So obviously someone was trolling with it, or it was simply created to blackmail us a few years ago.
Following is the email from Vigilante.pw after I let them know of this story yesterday:
Thanks for letting us know.
This must have slipped through our verification process as every database we add should be verified before we add it, so we apologize for having added it.
We have removed it from Vigilante.pw.
Now I hope @Theseus is not the person who created this text file to blackmail us for money that never came. Considering no one else has ever cared in 3 years, he seems to be quite sure and motivated. So can I ask what the punishment is on this forum for attacking businesses with no proof? What is next, “He definitely murdered someone because I saw it on some hole in the internet”?