Many computer users are receiving emails that in context are just another scam email, but because the users correct password is shown, they know there has to be an issue.
Most assume that their machine has been hacked, such as what is shown in the scam email:-
Greetings, my victim.
I know your password - Correct password shown here
This is my last warning.
I write you inasmuch as I put a trojan on the web page with pornography which you have visited.
My malware grabbed all your personal data and switched on your webcam which captured the process of your masturbation. Just after that the trojan saved your contact list.
I will remove the compromising video and data if you pay me 500 USD in bitcoin. This is wallet address for payment : 135qVXXBZb3v2tQcLJRA8UAndiUYNybh3J
(you can google on "how to buy bitcoin")
I give you 24 hours after you view my message to make the payment.
As soon as you view the message I'll know it right away.
It is not necessary to tell me that you have sent money to me. This address is connected to you, my system will delete everything automatically after transfer confirmation.
You can visit the police office but no one can't help you.
If you try to cheat me, I'll see it immediately!
I don't live in your country. So nobody can't track my location even for 9 months.
Don't forget about the disgrace and to ignore, Your life can be ruined.
Our Advice Below:-
And I guess some people will actually pay.
The reality is:- your email login and password have been stolen from a database in use by some organisation that have been hacked in the past.
This database is then shared with the underground hacking community, for everyone to have a crack at scamming you.
The major issue is that many users will have used their email address and that password on many sites, and have no idea which one it has been stolen from.
So your machine has not been hacked, a database has been stolen and your details shared.
The best advice is to sit down with a Coffee or Tea, or Beer and list down all the sites you currently use that you use login information for and any sites that control your email such as control panels.
Once the above list is created, systematically go through each one, and either shut down the account (if not required) or if still required change the password to a complex password.
GDPR states that users should be able to request removal of their data amongst other responsible uses of data, however in reality that is never going to be 100% so a regular review of your own login credentials should be conducted.
Even with a complex password, if a database is hacked (in un-encrypted form) the password can still be shared for the underground hacking community. Having said that, do make sure all your passwords are not just your pets name followed by the year you were born and contain numbers substituting letters and symbols if allowed.
For all those who wish to see how badly their email account have been used, click on the link below and type your email address. You will see how badly your email address and/or password has been Pwned.
https://haveibeenpwned.com/
You can also check the minimum number of times a password you are using has been shared using a common pasting service:-
https://haveibeenpwned.com/Passwords
The site above recommend using a password manager, I would not recommend this method as password manager services become a honey pot for hackers, and it is akin to leaving your little black book(full of passwords) on the doorstep for people to have a quick look.
Databases containing users passwords will continue to be hacked, and data will be stolen. The best method to counteract this is to regularly review your account details, have specific email addresses and password for financial transactions(not using the same email account everywhere) and be conscious of where you are using this email address and password online.