It came to our attention recently that our members database must have been breached at some point a few years ago and that the email addresses and passwords of registered ToffeeWeb users at the time were stolen.
A text file of that information — it contained no other data beyond email address and password — was published on the Web (it has since disappeared) and was picked up by a would-be scammer who is now sending emails to those captured addresses attempting to extort money via Bitcoin.
The email purports to be someone from the darknet who claims to have hacked your computer, planted a trojan, downloaded your web history, passwords, etc and threatens to expose embarrassing information it has on your browsing habits unless you pay him in cryptocurrency (the amounts vary) within a set amount of time.
If you have received one of these phishing emails, rest assured that it is safe to ignore. Your computer has not been compromised by this person. We at ToffeeWeb have received a number of them to our Support address from different aliases which is a good indication that they’re bogus. The nature of the information he claimed to have also made it obvious that it was nonsense.
The security issue that would have enabled a ”SQL injection” hack of our database like this has long since been resolved but we continue to strongly encourage you to use a password unique to ToffeeWeb and not one that you use anywhere else on the web.
If you need to update your password in light of this, you can do so via the Edit Profile page.
If you have any further questions on this matter, please feel free to email email@example.com.
Reader Comments (12)
Note: the following content is not moderated or vetted by the site owners at the time of submission. Comments are the responsibility of the poster. Disclaimer
1 Posted 30/10/2018 at 17:51:08
2 Posted 01/11/2018 at 23:04:42
3 Posted 02/11/2018 at 08:25:52
4 Posted 02/11/2018 at 12:03:20
Michael & Lyndon, I don't know if anyone else has told you or has issue accessing the site on their mobiles in the States? Within 10 seconds of loading up the page, it will freeze and a pop-up for a fake "Congratulations! You've been selected as a lucky user for a $1000 Amazon Gift Card" takes over the site.
At first I thought it was a virus, but it only happens on the ToffeeWeb site. This has been happening for about 9 months. It will be fine for a week or so, and then unreachable for another.
5 Posted 02/11/2018 at 16:39:15
I've seen this message before on the NewsNow site, but now I only see it on ToffeeWeb.
6 Posted 02/11/2018 at 17:02:31
7 Posted 02/11/2018 at 17:23:37
8 Posted 03/11/2018 at 22:20:05
9 Posted 25/12/2018 at 09:13:31
10 Posted 25/12/2018 at 10:12:09
11 Posted 25/12/2018 at 10:40:39
12 Posted 09/01/2019 at 23:09:07
Add Your Comments
In order to post a comment, you need to be logged in as a registered user of the site.
Or Sign up as a ToffeeWeb Member — it's free, takes just a few minutes and will allow you to post your comments on articles and Talking Points submissions across the site.