Today I got an email using a template that has been making the rounds.
"I greet you!
I have bad news for you.
27/08/2018 - on this day I hacked your operating system and got full access to your account %EMAIL%
On that day your account (%EMAIL%) password was: %PASSWORD%"
I've had a few of these to services that I know have been breached like dropbox.com and easycontentunits.com but today is the first I have seen for fold.it.
The email address used was only ever provided to fold.it and has never been reused.
The password was the password used to secure my account. In other such cases I've had the attacker show an MD5 hash of my password (easycontentunits.com) but here it was plaintext suggesting that fold.it are not storing passwords in a hashed and salted secure manner. Admittedly my password here was only 8 characters so could have been bruteforced
My question is were fold.it aware of a breach previously? Did it communicate this to its userbase?