Just got an interesting email that contain my very low security common password that I been using for years an a threat to released to all my email contacts my porn site browsing history. Of course, all I need to do is send them $$$$ by way of bitcoins. All my finance passwords are far from my low security password including my email password for that matter so the threat of being able to get to my email contact list is zero. Annoying as now I need to change all my low security passwords on all my non finance sites including this one and Twitter and facebook and so on. Maybe I should send the guy some of my porn collection instead of bitcoins just so he will have something to show for this silly if annoying blackmail attempt. One interesting question is which site let me down and which site did not used a good hash for the password as my common password should not had been not had fallen to a brute force attack. Does anyone know if this site hash the passwords?
I believe all do but use various encryption. One forum software uses MD5. Other ways to get your password is with malware that can read your keystrokes. That is why I never go online without using Sandboxie which I set up to remove most of everything when I close it. It creates a virtual disk where you can use your browser. I have been using it for years and even when the virus software finds something, when I close out Sandboxie it is gone.
No malware at all likely on my computers as I to used a sandboxie that is wiped after every use and also a white list for the programs that are allow to run.
First thing to do is to take this to your local police dept. Odds are they will refer you to the FBI if this out of state. Either way it is a cyber crime and needs to be reported. If you don't go down the recommended route then perhaps you could use his email address to sign him up for free porn instead. I don't recommend doing it from your personal computer either. Personally I would just report it and ignore it. Yes, changing the passwords is probably worthwhile.
Same exact thing happened to my wife. She clicked through a fake Facebook email she got which took her to a fake Facebook login screen, identical looking in every way to the real thing, where she entered her password. The email was from a Facebook group she belongs to, and was indistinguishable from other legitimate ones she had received, unless you looked at the headers, which most people never do.
The 'gentleman' is using a high level south american resort site email server to forward his mail an it is unlikely the site have a clue that their server is being used in such a manner. Gave them a head up so they can tighten their security if they wish to do so. As far as tracking such evil doers by the police you got to be kidding me other then perhaps NSA no one have the time or the resources to do so,