First things first, you’re safe. You were always safe. We know what’s going on, and your TorGuard account was never in jeopardy.
If you’ve received an email that states that your TorGuard VPN account information has leaked somewhere on the internet, don’t worry. It wasn’t. The email itself is a spam campaign from a bad actor with access to HaveIBeenPwned data who is targeting TorGuard users with information designed to elicit a panic response. To make matters worse, the bad actor has the nerve to ask for donations.
Do not respond to this email, do not click any links, and do not transfer crypto to strangers.
The Contents of the Email TorGuard Users Received
TorGuard users have been receiving an email that appears to be cause for concern. It isn’t. This misleading email targeting TorGuard users is designed to scare people. This reads as follows:
From: Den Air [email protected]
To:***TorGuard User Email Redacted***
Sun, Jun 20 at 6:41 AM
Hello! I found your TorGuardVPN account information on the internet which likely came from a hacker or data leak (see below).
***TorGuard User Email Redacted***
*For security reasons, I’ve hidden the last character of your password.
Hackers often sell this information on the internet. Don’t worry, I’m only here to help. I’m against what hackers do and informing people of security breaches is my way of fighting back. I’m not asking for money or anything in return, simply just passing along this information and advising you to change your account password as soon as you can.
I hope this helps! Be sure to use complex passwords (and different ones for each service/website) or two-factor authentication when you can.
Be safe and take care!
~ Air Den
P.S. Donations are appreciated.
PayPal: [email protected]
Bitcoin, Ethereum, & Token Address: Upon Request
What is HaveIBeenPwned?
HaveIBeenPwned is a searchable database of data breaches. Users can search their email addresses and phone numbers to determine if their account was ever involved in a widespread breach, leak, or security mishap. You don’t necessarily have to search for your own email address or phone number. You can look up any email address or phone number.
If your email was found on HaveIBeenPwned, this means your account has been compromised through data breaches on other websites. If you haven’t changed your passwords since then, change your passwords as soon as possible.
We believe that’s how the spam and scam campaign got started. Whoever is behind the operation likely has direct access to HaveIBeenPwned’s API or email list and is abusing that information to target TorGuard users.
What To Do If You’ve Received The Email
The user and password databases of TorGuard are not now and have never been compromised. Your account or personal information are not in danger, and none of your information has fallen into the wrong hands. This spam email is a deliberate fabrication with the intent of scaring TorGuard users.
Do not reply to the sender and do not give them any “donations” for the privilege of deceiving you. This request is especially odd because the contents of the email state that the sender isn’t interested in money, and then attempts to solicit you in the same breath.
As a general rule, you should never respond to emails from unknown senders or comply with requests you receive from unfamiliar email addresses or entities. We’re aware that the majority of our users know better than that, but some rules bear repeating.
We’re very focused on user privacy and security. Even though your account has not been compromised, it’s never a bad idea to maximize your account security. Just two steps can fortify your TorGuard account’s privacy.
1. Enable 2auth security in the TorGuard members area.
2. Change your TorGuard password in the members area and make sure to use a new password never before used, preferably generated using a secure OPEN SOURCE password manager like KeePass.
We ask users who receive this email to forward it to [email protected] or to copy and paste the email and send it to our support desk. We’re keeping a vigilant eye on the situation.
Lastly, this email violates the CAN-SPAM act. It’s an abuse of commercial email. You can and should mark it as spam. Mass spam reports will cause email providers to take action against the sender, which will effectively end the spam campaign.
Why Is This Happening?
TorGuard VPN users are being specifically targeted with this spam campaign, and we would all love to know why. To get to the root of the issue, you should ask yourself two very important questions.
- Who owns HaveIBeenPwned?
- Who with full access to the HaveIBeenPwned database would have significant financial incentive to target TorGuard users?
We invite you to find the answers to these questions and draw your own conclusions.
We Want to Know More
Do you know more about this situation? Do you believe you may know the identity of the person or entity behind the attack? We’re very eager to know.
If anyone would like to provide information on the individual who is spamming our members please reach out to [email protected]. We take these types of privacy violations very seriously and will be pursuing all legal options available.