Mara was a victim of identity theft, and just narrowly avoided having her brokerage account drained. Leo says that Mara should change her password and turn on 2 factor authentication right away. Leo suspects the bad guys got her information from a database breach like the Collection #1 or the Marriott hack. Leo also suggests going to haveIbeenpwned.com/passwords and see if her passwords have been compromised and are known.
Yesterday's story about Collection #1 - a package of hacked email passwords, is actually now reported to be a few years old, so the damage is not as great as previously believed. But Leo still says that it's a wise idea to go to HaveIBeenPwned.com/passwords and see if your account has been hacked. And then change your password. In fact, it may be a good idea to change it anyway, and turn on 2 factor authentication while you're at it.
According to the creator of HaveIBeenPwned.com, over 21 million passwords have been hacked and revealed on the dark web. Leo says to find out if your passwords have been hacked and stolen, head over to https://haveibeenpwned.com/passwords and input your passwords. It'll let you know if your passwords have been hacked.
If you've seen a warning message or a popup online telling you that you've been hacked and that you need to take immediate action, chances are good that it's just a scam. These are nothing more than scare tactics designed to make you fall for something, whether it be giving your information or actually making a payment. But with all of the major security breaches happening, like the one at Marriott, there is some legitimate concern that your accounts could have been compromised. In other words, there is a chance you've been "pwned."
George got an email saying that his email account has been compromised, but it shows an old email. Leo says it's an old scam that is designed to scare him into sending the hackers money. If he's concerned, he should change his email password.
He can also go to HaveIBeenPwned.com to see if his email has been legitimately hacked. But changing the password will fix it. And while he's at it, he should turn on 2 Factor Authentication. He can simply ignore the extortion email, though.