Two of my email addresses recently were sent that kind of "password change request" that websites often automatically generate if you forget how to log-in the site. And it wasn't me who requested the change.
Going to the site itself showed no changes; in fact, the site recognized my computer and put up my account info in the corner as usual. So, nobody was successful in changing my password, and what's more they would probably have had to compromise one of the two email addresses to do so. Which I don't think they have done. I suppose they might be playing some kind of long game and just haven't done anything malicious yet... It's easy to get a little paranoid running down these possibilities.
But aside all that, it's left me wondering: what on Earth for? My SoundCloud traffic is virtually nil. I have no fans, no particular presence in any "music community" to speak of. So taking over my SoundCloud account would seem to have no payoff - nobody is going to be able to stick up some spam file advertising porn or cryptocurrency or I dunno Raid Shadow Legends or something on my account and expect to get any sort of mistaken clicks that way.
Would they want the name? "Platzangst", last time I looked, isn't in huge demand. There's some sort of outdoor sport-based clothing/gear shop with the name - in Germany. Discogs once showed me a "Platzangst" band that wasn't me appearing on a German punk compilation - and that was their one and only appearance, ever, as far as I know. So maybe some German outfit would like to poach my SoundCloud account? Maybe - but kind of unlikely...
Maybe they think they could extort money out of me by grabbing control of my SoundCloud account and holding it for ransom? Good luck there - even if I had any money to speak of (my music career sure hasn't generated any), the lack of motion on my SoundCloud account makes it the easiest thing to just write off. I'd abandon it before paying one dime to thieves.
The only other thing I can think of is just sheer maliciousness, either personal or random. The personal being the case where someone somewhere has a vendetta against me and is targeting my online presence. I suppose someone might have been sufficiently annoyed by my arguments about determinism or something to try and sabotage my accounts, but 1) that would be exquisitely petty; and 2) I'd expect a more comprehensive attack on many accounts, not just SoundCloud. A more random maliciousness is plausible, I guess, in that I can certainly see some jackass trying to boost accounts just for the sake of being a jackass.
But in the end, I don't have a clue. It seems to make no sense to me. Has anyone out there recently experienced such a thing? Is there a SoundCloud-based scam going around that I should be aware of? These are the small mysteries that may never get solved.
Minor Mystery: Why would anyone want to steal my SoundCloud account?
- platzangst
- Posts: 728
- Joined: 16 Jan 2015
- TritoneAddiction
- Competition Winner
- Posts: 4219
- Joined: 29 Aug 2015
- Location: Sweden
Perhaps after years stuck in only making 8 bar loops that goes nowhere, someone finally had enough and wanted to see what’s like to have actual finished songs. And the thought of doing the work themselves was simply too much.
That’s my theory anyway.
That’s my theory anyway.
Always remember that this is simply a numbers game for hackers. The actual sites may make little sense to you as they seem to hold no value that anybody could want, but if it provides another piece of your information jigsaw then it is very much relevant to them.
It is possibly an automated bot attack using your email and password information that has been collected from a compromised site. This is one that you have previously signed up to using your email address. If hackers have compromised that site chances are they then have your email and the password you used to sign up to that site from an unencrypted database. Many people still use the same password in many site that they sign up to and hackers know this so It's then just a matter of using your email along with thousands of others trying to access more websites using the same login information they have with the aim of getting further information, especially addresses and financial details. They then can sell this information on the dark web.
You say you checked the sites that emailed you the password change request emails, and you were automatically logged in. Did you follow the link in the email request or go to the site via a separate tab on your browser? If it was directly from the link, then that could very well be a compromised link (what's called a phishing email). I would sign in again to the site(s) via a clean browser or using the incognito mode on your existing browser. If you are able to sign in and access your account as normal, then I would strongly advise you to change your password(s) immediately to keep secure access to the accounts.
To see if your email has been collected from a previously hacked site check here
https://haveibeenpwned.com/
And remember to always use different passwords for every site you sign up to. Plus change password regularly, especially for sites that hold any extra information about you (address, personal, financial details)
Best wishes
It is possibly an automated bot attack using your email and password information that has been collected from a compromised site. This is one that you have previously signed up to using your email address. If hackers have compromised that site chances are they then have your email and the password you used to sign up to that site from an unencrypted database. Many people still use the same password in many site that they sign up to and hackers know this so It's then just a matter of using your email along with thousands of others trying to access more websites using the same login information they have with the aim of getting further information, especially addresses and financial details. They then can sell this information on the dark web.
You say you checked the sites that emailed you the password change request emails, and you were automatically logged in. Did you follow the link in the email request or go to the site via a separate tab on your browser? If it was directly from the link, then that could very well be a compromised link (what's called a phishing email). I would sign in again to the site(s) via a clean browser or using the incognito mode on your existing browser. If you are able to sign in and access your account as normal, then I would strongly advise you to change your password(s) immediately to keep secure access to the accounts.
To see if your email has been collected from a previously hacked site check here
https://haveibeenpwned.com/
And remember to always use different passwords for every site you sign up to. Plus change password regularly, especially for sites that hold any extra information about you (address, personal, financial details)
Best wishes
- integerpoet
- Posts: 832
- Joined: 30 Dec 2020
- Location: East Bay, California
- Contact:
- Shocker: I have a SoundCloud!
- platzangst
- Posts: 728
- Joined: 16 Jan 2015
Perhaps I wasn't clear: The site was SoundCloud. The letters I got were auto-generated by SoundCloud, as they would have been if I had legitimately forgotten my password. Or at least, all the links provided in the emails pointed to appropriate SoundCloud addresses, so if they were spoofs, they were very good ones. Regardless, I did not click any links directly (as I did not want to change my password), and opened up a new browser tab and navigated directly to my SoundCloud page, to find it unaltered, and to find that it recognized me as Platzangst and threw up my account icon and such in the corner.
That's right, I threw away my millions, my mansion, and my throngs of fans to focus on experimental abstractions, my true calling.
i sometimes wonder about this stuff too.
a bit ot: the same goes for spam emails. i recently got a whole bunch that was just an emty email with literaly no text, no nothing inside. whats the point???
email spam just for the sake of sending an email? this stuff is gotten to a point were its kinda really unnecessary....
a bit ot: the same goes for spam emails. i recently got a whole bunch that was just an emty email with literaly no text, no nothing inside. whats the point???
email spam just for the sake of sending an email? this stuff is gotten to a point were its kinda really unnecessary....
- 12 - Hobbyist
minimal techno - deep minimal dubstep - drum 'n' bass/neurofunk - brostep/deathstep - band recording
New Release: https://open.spotify.com/track/5mQ1XEQtZcVeFVfZvcS5kw
minimal techno - deep minimal dubstep - drum 'n' bass/neurofunk - brostep/deathstep - band recording
New Release: https://open.spotify.com/track/5mQ1XEQtZcVeFVfZvcS5kw
Wow, now that's dedication!platzangst wrote: ↑07 Sep 2022That's right, I threw away my millions, my mansion, and my throngs of fans to focus on experimental abstractions, my true calling.
Uh-huh.platzangst wrote: ↑07 Sep 2022Perhaps I wasn't clear: The site was SoundCloud. The letters I got were auto-generated by SoundCloud, as they would have been if I had legitimately forgotten my password. Or at least, all the links provided in the emails pointed to appropriate SoundCloud addresses, so if they were spoofs, they were very good ones. Regardless, I did not click any links directly (as I did not want to change my password), and opened up a new browser tab and navigated directly to my SoundCloud page, to find it unaltered, and to find that it recognized me as Platzangst and threw up my account icon and such in the corner.
That's right, I threw away my millions, my mansion, and my throngs of fans to focus on experimental abstractions, my true calling.
As in my previous post, the first port of call is to visit https://haveibeenpwned.com/dan_g wrote: ↑07 Sep 2022i sometimes wonder about this stuff too.
a bit ot: the same goes for spam emails. i recently got a whole bunch that was just an emty email with literaly no text, no nothing inside. whats the point???
email spam just for the sake of sending an email? this stuff is gotten to a point were its kinda really unnecessary....
this will tell you if a site you have previously entered your email address onto has been hacked and that at least some of your information is now open to attack.
If this is the case then the spam emails you receive could be for a myriad of reasons.
It could be that hackers want to simply sell this information as a current mailing list for example.
The first stage of this is to find out from their list which ones are still active and which ones are no longer used. This is done by an automated mailing, similar to what you have received, to all the email addresses the hack has provided. They don't need to write anything in the text, in fact the less they write the better as they want to generate the least amount of traffic as possible. The emails that come back as undeliverable are then deleted off the list and the ones that don't are left on.
They now have a large list of current emails for a potential new customer base in a targeted area of interest depending on where the hack came from (e.g. in music software) that they can sell over and over again.
Sometimes you don't need lots of information about an individual to make money. If the amount of emails they have hacked is large enough, that in itself can be monetised.
Again the point with any of these practices is to make money. Just because it's not immediately apparent how that is done, doesn't mean that it isn't happening.
There are opportunities for them to make money in different ways and at many stages with the various amounts of information they can find about you. And remember that there's also no limit to the amount and variety of attacks you may be subjected to as new tools are developed and sold to the hacking community via their forums in the dark web
Once you know some of your data is in these lists, all you can do is be vigilant and make yourself aware of best practices to minimise any further information loss.
You don't say whether or not you checked if your email was found at the website I linked to. Once you know some of your data is in these lists, all you can do is be vigilant and make yourself aware of best practices to minimise any further information loss.platzangst wrote: ↑07 Sep 2022Perhaps I wasn't clear: The site was SoundCloud. The letters I got were auto-generated by SoundCloud, as they would have been if I had legitimately forgotten my password. Or at least, all the links provided in the emails pointed to appropriate SoundCloud addresses, so if they were spoofs, they were very good ones. Regardless, I did not click any links directly (as I did not want to change my password), and opened up a new browser tab and navigated directly to my SoundCloud page
That's why I suggested you change your SoundCloud password. If you don't want to do that then that's your choice. My lengthy post was to answer your question with a possible explanation to make you aware of what may be happening. If someone has been trying to gain entry to my property, I tend to be more vigilant and increase security where I can, whether that's physical property or not makes no difference to me. However it's your data, you do what you want with it
- platzangst
- Posts: 728
- Joined: 16 Jan 2015
There's nothing they could get from my SoundCloud that they wouldn't already have if they managed to get access to my email accounts, besides the ability to post and delete content.
-
- Information
-
Who is online
Users browsing this forum: No registered users and 8 guests