[conspire] (forw) You're one of 48, 580, 249 people pwned in the Straffic data breach
paulz at ieee.org
paulz at ieee.org
Thu Feb 27 16:53:57 PST 2020
Better was a story on this morning's television. One of the rich people on Shark Tank got taken for $400,000.
Apparently somebody spoofed an email address that looked like a legitimate business connection and asked for payment. The clerk thought it was legit, exchanged a couple of emails about the reason for the payment, etc, then sent it.
Only later did someone catch the breach. The bogus email address had substituted a "0" for an "O".
On Thursday, February 27, 2020, 3:08:33 PM PST, Rick Moen <rick at linuxmafia.com> wrote:
Regular readers can anticipate approximately what I'm going to say next:
This notion that I've been 'pwned' by Internet disclosure of a marketing
database listing (some subset of) name, e-mail address, telephone
number, street address, and 'gender' [sic -- they mean my sex]
presupposes that all of those things are a deep, dark secret. The
literature at https://haveibeenpwned.com/PwnedWebsites#Straffic implies
that the most alarming part of that disclosure was '49M unique email
addresses'.
Now, seriously, how secret do you imagine my e-mail address, street
address, name, etc. are? Especially given that they're plastered all
over what I do, and that my personal Web page has all of that plus my
'ICBM address' (latitude, longitude, and altitude of my living room
chair, stated precisely to within a metre)?
More important, most people would imagine an 'account compromise' or
being 'pwned' would mean 'bad guys have my account usernames and
plaintext passwords for one or more of important thing', but that is not
the case in HaveIBeenPwned.com's usage by a country mile.
Moral of the story: Read all security claims critically, especially the
melodramatic ones. The underlying substance is often _extremely_
underwhelming compared to the headline.
----- Forwarded message from Have I Been Pwned <noreply at haveibeenpwned.com> -----
Date: Thu, 27 Feb 2020 19:53:48 +0000 (UTC)
From: Have I Been Pwned <noreply at haveibeenpwned.com>
To: rick at linuxmafia.com
Subject: You're one of 48,580,249 people pwned in the Straffic data breach
You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened.
You're one of 48,580,249 people who've had an account compromised in the Straffic hack of Feb 2020, the details of which you can read about here: https://haveibeenpwned.com/PwnedWebsites#Straffic
The data disclosed in the breach includes: Email addresses, Genders, Names, Phone numbers, Physical addresses
Monitoring Have I Been Pwned for data breaches is a great start, now try these next 2 steps to protect all your accounts:
Step 1: Protect yourself with strong, unique passwords for each website with the 1Password password manager: https://1password.com/
Step 2: Enable 2 factor authentication and store the codes inside your 1Password account
You can also run a search for breaches of your email address again at any time to get a complete list of sites where your account has been compromised: https://haveibeenpwned.com/Verify/[hash redacted]
Please note that it is not possible to retrieve the passwords themselves from HIBP: https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/
If you don't want to receive any future breach notifications, just click here to unsubscribe: https://haveibeenpwned.com/Unsubscribe/[hash redacted]
----- End forwarded message -----
_______________________________________________
conspire mailing list
conspire at linuxmafia.com
http://linuxmafia.com/mailman/listinfo/conspire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20200228/7da2e23c/attachment.html>
More information about the conspire
mailing list