GaryP join:2001-01-07 Cedar Rapids, IA
1 recommendation |
to justin
LastPass Security NotificationProbably worth posting here, given that many of us are considering different password management approaches right now. » blog.lastpass.com/2011/0 ··· ion.html» LastPass Security Notification |
|
PhoenixDownFIOS is Awesome Premium Member join:2003-06-08 Fresh Meadows, NY |
I was just going to post about LastPass possibly being hacked. |
|
your moderator at work
hidden :
|
1 recommendation |
to PhoenixDown
Re: LastPass Security NotificationYup they got my account too, good thing was the email associated with my account here was old and not even use any longer, so a quick PM to Fatness with my new email address and setting up a new password and all is good, I was scared there for a minute I didn't want to lose this login as iv'e had it for many years! |
|
trparky Premium Member join:2000-05-24 Cleveland, OH |
to GaryP
Already deleted my Lastpass account and all data in it. |
|
|
your moderator at work
hidden : hidden : Trolling hidden : Trolling hidden : Trolling
|
Rick5 Premium Member join:2001-02-06
1 recommendation |
to justin
Re: site user password intrusion infoI just wanted to report this. I'm not 100% sure its the result of what occurred here but I was one of those who had their information stolen and prior to this I have never had any issues at all with the email address that was stolen. It's an address that I haven't even given out all that much and has been my primary one for very trusted sites for years. I mention this because the timing then of what occurred seems to suggest it was very recently compromised. And this would be the place it likely happened then.
What occurred is this. I received a VERY targeted email from paypal. Needless to say, I've been around the computer and internet block a time or two and I can tell you this..it was very professionally done. Someone had even managed to associate that email address with my full name..making it more believable. The email DOES contain my name but only with initials and last name...and this email had correctly identified my first name out of the initials. And so obviously..work was done with the information they had. The return address was also very official appearing to come from paypal themselves.
Were it not for my knowledge of what had occurred recently here..I might even have been inclined to click on it and to respond. That's how well done and prepared it was. In this case I decided to not only not click on it..but I also contacted paypal directly about it..forwarding the email to their security dept.
Here was their reply..
"Hello Rick,
Thanks for reporting that suspicious-looking email. The email you received was not sent by PayPal and it links to a fake website. We are investigating and working on stopping the fraud.
If you have already given any personal or financial information to this fake website, you should immediately log in to your PayPal account and change the password and secret questions. You should also tell your bank about this problem.
To learn how to change your password, go to the PayPal website, click "Help" at the top of the page, and enter "How do I change my password?" in the search box.
You should report any unauthorized account activity to PayPal. Here's how:
1. Go to the PayPal website. 2. Click "Security Center" at the top of any PayPal page. 3. Click "Start an unauthorized transaction claim" under "Report a problem" on the left. 4. Log in to your account, or click "Continue" if you are unable to log in. 5. Review the information about unauthorized transactions, and click "Continue." 6. Complete the report and click "Preview." 7. Check the box to state that the claim is accurate and click "Submit." 8. Confirm that you're the account owner by entering the financial information requested, and click "Continue."
Your account security is very important to us, so we appreciate the opportunity to pass along this information.
Thanks,
PayPal "
In any event..again..could it have come from elsewhere? It could have. But I'm inclined to think it wasn't given it was this address..one that has been secure for years and one that is also tied to paypal. Someone also did work on this information to arrive at my correct name out of initials in the email address.
If Fatness or Justin would like a copy of this for futher research I'd be happy to provide it to you along with paypals response email. Just pm me with an address to send it to.
Thanks..
~Rick |
|
1 recommendation |
Is there any chance that was the email discussed here: » PayPal Email...your enhanced account statement is here |
|
Rick5 Premium Member join:2001-02-06 |
Rick5
Premium Member
2011-May-11 11:30 am
No..not exactly. But it contains some of whats in that one. Mine has a different subject heading and it contains the section about the Electronic Communications Delivery Policy..but other than that nothing about the enhanced account statement. Could definitely be the same group though given the similarity with the electronic communication delivery policy wording. |
|
1 recommendation |
You might have received a phish. It's good that you were suspicious.
Unfortunately, paypal is not very good at identifying phish. I have seen a number of reports of mail that actually came from paypal, and when submitted to paypal they wrongly identified it as phish. |
|
Hall MVM join:2000-04-28 Germantown, OH |
Hall
MVM
2011-May-11 2:03 pm
said by nwrickert:You might have received a phish. It's good that you were suspicious. A former co-worker of mine panicked one day when he rec'd an e-mail to "hisname@employer.com" and said "but my eBay account is tied to my home e-mail". I told him "ignore it" but he couldn't drop it. He failed to grasp that it was a phishing attempt. Kept asking "how did they get my email and how do they know I have an eBay account ?". |
|
|
said by Hall:Kept asking "how did they get my email and how do they know I have an eBay account ?". Many people fall for that. I guess it's a matter of wanting to feel that they are special. When the scammer sends out millions of copies, then by random luck he will be right some of the time. |
|
Hall MVM join:2000-04-28 Germantown, OH |
Hall
MVM
2011-May-11 3:14 pm
"random luck" or *coincidence* doesn't factor in with this person... It HAD to be legitimate, as far as they think ! |
|
GeekNJ Premium Member join:2000-09-23 Waldwick, NJ |
to Hall
If it wasn't for people like your co-worker, average folks like you and I wouldn't look so good! |
|
|
to justin
Because of this problem, my Hotmail account was compromised and was used to spam people on my contact list. I made a mistake of using the same password on both my Hotmail account and here at DSL Reports. People on my contact list told me that they were receiving spams from my Hotmail account. Some of them were just simple spam plus others are malicious and virus infested ones. I've immediately login to to my various accounts and change each of them to a different passwords. Luckily for all of my financial places, I've uses a much more sophisticated passwords and wasn't compromised.
Doing it this way would mean it's more difficult to remember all of those different passwords. For me, I've typed it all on a Word document and then passwords saved it as WinRAR file using an easy to remember password. |
|
AR
join:2000-09-21 Toronto, ON 1 edit |
to justin
Spam was sent again today to my hotmail contact list.
I had deleted the contacts off my hotmail account the last time when i changed the password. So obviously, they grabbed the entire contact list and spoofed my email address to send this out. Again.
Geez.......
This happen to anyone else too today?
edit: Not my entire contact list from before....just the 3 contacts that were added to my hotmail contact list since the last incident. I changed up the password again today. |
|
|
scott0531 to justin
Anon
2011-Dec-21 10:14 pm
to justin
Is there someone I can talk to about getting my original username/account back? I tried e-mailing Justin a while back but never got an answer. I'd really like to continue to use my original account. TIA. |
|
cabanaDepartment of Adjustments Mod join:2000-07-07 New York, NY |
cabana
Mod
2011-Dec-21 10:14 pm
Please email accounts@dslreports.com and we will get you fixed up. Thanks |
|