Password Leakage?

by Nikolaus 9 Replies latest forum tech-support

  • Nikolaus
    Nikolaus

    I got a message that my password on this site has been part of a leakage. Is this known? Where can I change my password?

  • Nathan Natas
    Nathan Natas

    My first thought is that this may be an attempt to highjack your account. Don't do anything until you hear from Simon.

  • Simon
    Simon

    I would be cautious ... those kinds of things are often designed to get you to panic and act too quickly, putting yourself at more risk.

    I'm working on improving the auth features on the site but in the meantime good practice is always to use a different password for every site, ideally use a password manager (1Password, not LastPass!)

  • Anony Mous
    Anony Mous

    Do you re-use your password anywhere else? I have a password manager with individual passwords for most sites and this site hasn’t been breached according to its reporting. So be careful, change your password only on this site, don’t follow the link in the e-mail you got.

  • Ding
    Ding

    Simon,

    What's the issue with LastPass?

  • TD
    TD

    What sort of a message? Did it originate from a legitimate source, (Like Google's password manager, for example) or was it a random pop-up?

  • Nikolaus
    Nikolaus

    It is in the password section of my Apple iPad.

  • Balaamsass2
    Balaamsass2

    I got the same notification from my identity theft program. I only use a password here that I use for my newspapers. So Mr/Mrs hacker is welcome to read the NY Times and JWN. :)

  • Simon
    Simon
    What's the issue with LastPass?

    They were hacked and all user vaults taken, some of which contain hex-encoded (not encrypted) data for website URLs. These could leak data if the bookmarked page happened to have a reset token in the URL or at least indicate which user vaults maybe worth hacking ... ie. which contain higher value accounts (no one is going to hack your Netflix account, but your Bank account ...).

    1Password has a significantly more secure system and put effort into keeping things up-to-date.

    LastPass seems to have been bought by a company that wanted to squeeze every $ out without any ongoing investment. Their handling of the incident, and delay in coming out with the truth and attempts to give misleading information are pretty bad.

  • Nikolaus
    Nikolaus

    I have not used LastPass.

Share this

Google+
Pinterest
Reddit