Back when I was a naïve Internet user, I tended to use the same username and password everywhere I went. What's worse, my standard password was pretty weak. I set up a TomTom account back in those days (about 10 years ago). Not too long after that, my TomTom device broke and I haven't even thought about this site or my account here for years and years.
Since that time, I've mended my ways and updated all my passwords to be longer, stronger and unique for each site, the way you are supposed to. Today I got an SPAM email addressed to my old email account (old username) and the body started off with "I know _____ is your password." and there was my old password I used to use all over the place.
I checked out my sites/passwords list and TomTom was the only one that was still using my old username and password. I see 3 distinct possibilities here:
1) This username and password were harvested in a (somewhat) recent attack. Since TomTom is the only account I have that was still using that combination, the attacker must have gotten it from TomTom.
2) There's another site out there that has my old credentials that I've long forgotten about
3) This information was harvested from an attack from years ago and could be from any number of sites
The email itself is a blackmail saying that if I do not pay them some BitCoin, they will send some incriminating video they supposedly captured from my (non-existent) webcam while I was allegedly visiting a porn site (that I've never been to) to all my contacts.
The purpose of this post is to ping other TomTom users to see if anyone else has gotten such an email. If others of you have gotten similar emails that include your TomTom password, then TomTom may have a security problem they need to resolve. If it's just me (and I'm guessing it is), then it must be one of the other 2 possibilities. If you have gotten something similar and your TomTom password is part of the email, please let us know so TomTom security can address any potential problems.