Site compromise, meet sextortion scams
Like I presume any WordPress site, this site sees a constant volume of brute force and complex unauthorised login attempts. And like pretty much anyone with an email address and history on the internet, my credentials have turned up in data breaches, and hence found their way to sextortion scammers.
I normally only occasionally glance at my site’s security, and likewise with my Spam folder, which is where such sextortion emails invariably end up. Site login attacks are routinely just attempting common usernames like root, admin, administrator, <site name>, etc.
So imagine my surprise when I saw a recent failed attempt was for a username I recognise from one of the earliest sextortion emails I ever saw. A real enough username – a uniquely trackable one I had used some time in the past at a place I held no trust of.
It’s not so much that they tried the login on the website, it’s that an actual person put 2 and 2 together to try it. While I have no fears for my own website or any I have configured, if malicious actors have finally joined the dots I expect we’re about to see an uptick in previously secure sites being pwned.