It came to our attention recently that our members database must have been breached at some point a few years ago and that the email addresses and passwords of registered ToffeeWeb users at the time were stolen.

A text file of that information — it contained no other data beyond email address and password — was published on the Web (it has since disappeared) and was picked up by a would-be scammer who is now sending emails to those captured addresses attempting to extort money via Bitcoin.

The email purports to be someone from the darknet who claims to have hacked your computer, planted a trojan, downloaded your web history, passwords, etc and threatens to expose embarrassing information it has on your browsing habits unless you pay him in cryptocurrency (the amounts vary) within a set amount of time.

If you have received one of these phishing emails, rest assured that it is safe to ignore. Your computer has not been compromised by this person. We at ToffeeWeb have received a number of them to our Support address from different aliases which is a good indication that they’re bogus. The nature of the information he claimed to have also made it obvious that it was nonsense.

The security issue that would have enabled a ”SQL injection” hack of our database like this has long since been resolved but we continue to strongly encourage you to use a password unique to ToffeeWeb and not one that you use anywhere else on the web.

If you need to update your password in light of this, you can do so via the Edit Profile page.

If you have any further questions on this matter, please feel free to email

Reader Comments (12)

Note: the following content is not moderated or vetted by the site owners at the time of submission. Comments are the responsibility of the poster. Disclaimer

Dennis Stevens
1 Posted 30/10/2018 at 17:51:08
Ta for that explanation. I've received the email in question but wouldn't have connected it with ToffeeWeb as I don't even use the same emailaccount.
Stephen Brown
2 Posted 01/11/2018 at 23:04:42
I’m not sure if this is linked but I’ve been on holiday in the US and I’ve been having endless pop ups on ToffeeWeb! Been a nightmare
Eddie Dunn
3 Posted 02/11/2018 at 08:25:52
In the last week I have had my protection software isolate malware on ToffeeWeb 3 times. There have also been several previous incidents in recent months.
Kristian Boyce
4 Posted 02/11/2018 at 12:03:20
Stephen, by any chance do you have an iPhone? ToffeeWeb is pretty much unreachable on Safari at the moment.

Michael & Lyndon, I don't know if anyone else has told you or has issue accessing the site on their mobiles in the States? Within 10 seconds of loading up the page, it will freeze and a pop-up for a fake "Congratulations! You've been selected as a lucky user for a $1000 Amazon Gift Card" takes over the site.

At first I thought it was a virus, but it only happens on the ToffeeWeb site. This has been happening for about 9 months. It will be fine for a week or so, and then unreachable for another.

Ron Marr
5 Posted 02/11/2018 at 16:39:15
I have exactly the same Toffeweb experience on the iPhone as Kristian. I'm in SF. I have the problem just with ToffeeWeb with the "Congratulations Google User" or "you've won an Amazon gift Card" message. It renders ToffeeWeb unusable on the the iPhone with Safari or Chrome. The problem existed about six months ago and it's just started again recently for me.

I've seen this message before on the NewsNow site, but now I only see it on ToffeeWeb.

Stephen Brown
6 Posted 02/11/2018 at 17:02:31
I can confirm it’s an iPhone 5. I’m back in UK now and it’s all working fine!
Jay Harris
7 Posted 02/11/2018 at 17:23:37
Ive had the same issue with an iphone 6 in the US but it was fine when I was in the UK.
Keith Edmunds
8 Posted 03/11/2018 at 22:20:05
Same issue, iPad Australia.
Phil (Kelsall) Roberts
9 Posted 25/12/2018 at 09:13:31
Same issue with a Samsung in the US. And in the UK when I came home? Can't remember
Graeme Hodgkinson
10 Posted 25/12/2018 at 10:12:09
Brian Patrick
11 Posted 25/12/2018 at 10:40:39
I paid them?! But I didn't have any bitcoin so I sent them some British Sterling which they returned saying its pretty worthless?! Eh eh?
Kieran Kinsella
12 Posted 09/01/2019 at 23:09:07
Same iPhone issue in Kansas with fake Amazon though it also effects The Echo website and a tabloid. I installed an ad blocker on my phone which worked to stop it

Add Your Comments

In order to post a comment, you need to be logged in as a registered user of the site.

» Log in now

Or Sign up as a ToffeeWeb Member — it's free, takes just a few minutes and will allow you to post your comments on articles and Talking Points submissions across the site.

© ToffeeWeb