Main Area and Open Discussion > Living Room
DeviantArt (Silverpop) and Gawker Media (Lifehacker/Gizmodo/etc.) compromised
tomos:
Got two email related to this this morning - I thought they were dubious but it seems to be true:
DeviantART Members Emails Leaked By Marketing Partner Silverpop Systems (Cyberinsecure.com)
Gawker Media Suffers Massive Data Breach Courtesy of Gnosis (DailyTech.com)
tomos:
from email
Lifehacker, Gizmodo, Gawker, Jezebel,
io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. As a result, the user name
and password associated with your comment account were released on the
internet. If you're a commenter on any of our sites, you probably have
several questions.
We understand how important trust is on the internet, and we're deeply
sorry for and embarrassed about this breach of security. Right now we
are working around the clock to improve security moving forward. We're
also committed to communicating openly and frequently with you to make
sure you understand what has happened, how it may or may not affect you,
and what we're doing to fix things.
This is what you should do immediately: Try to change your password in
the Gawker Media Commenting System. If you used your Gawker Media
password on any other web site, you should change the password on those
sites as well, particularly if you used the same username or email with
that site. To be safe, however, you should change the password on those
accounts whether or not you were using the same username.
--- End quote ---
they then give a lifehac.kr address (which made me dubious of it's authenticity - maybe this is the start of the dodgy emails??)
tomos:
is no-one worried about this :tellme:
I cant login to Lifehacker in spite of being able to request (& having gotten) a new password.
Also I foolishly used the same/similar password & username in multiple accounts so I'm working my way through them
Deozaan:
Yes, it's true.
I had an old gmail account with the same details as an old Gawker account and woke up today to find lots of people telling me I was sending spam.
Sure got me to finally pay attention to How I'd Hack Your Weak Passwords. (I just noticed that article was from LifeHacker, oh the irony!)
I'm currently investigating http://www.Lastpass.com/ and http://www.PassPack.com/ as a result.
My friend really loves PassPack, but I think I prefer LastPass, since it has browser extensions and seems like "less work" once you figure out how to use it. Now my passwords are 20+ characters long and different for every site.
40hz:
I've been using the PasswordHasher extension under Firefox for day to day use for low to moderately secure logins.
Anybody know anything better that works in a similar fashion and also doesn't effectively require an online account?
For very secure passwords (like on client servers) I'll head over to random.org and generate a set of very long, very random strings - and pray to all that is holy I never lose the (also encrypted) list. ;D
Navigation
[0] Message Index
[#] Next page
Go to full version