dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
57801
GaryP
join:2001-01-07
Cedar Rapids, IA

1 recommendation

GaryP to justin

Member

to justin

LastPass Security Notification

Probably worth posting here, given that many of us are considering different password management approaches right now.

»blog.lastpass.com/2011/0 ··· ion.html

»LastPass Security Notification

PhoenixDown
FIOS is Awesome
Premium Member
join:2003-06-08
Fresh Meadows, NY

PhoenixDown

Premium Member

I was just going to post about LastPass possibly being hacked.
Expand your moderator at work

astokes
join:2000-08-11
Bangor, ME

1 recommendation

astokes to PhoenixDown

Member

to PhoenixDown

Re: LastPass Security Notification

Yup they got my account too, good thing was the email associated with my account here was old and not even use any longer, so a quick PM to Fatness with my new email address and setting up a new password and all is good, I was scared there for a minute I didn't want to lose this login as iv'e had it for many years!

trparky
Premium Member
join:2000-05-24
Cleveland, OH

trparky to GaryP

Premium Member

to GaryP
Already deleted my Lastpass account and all data in it.
Expand your moderator at work
Rick5
Premium Member
join:2001-02-06

1 recommendation

Rick5 to justin

Premium Member

to justin

Re: site user password intrusion info

I just wanted to report this. I'm not 100% sure its the result of what occurred here but I was one of those who had their information stolen and prior to this I have never had any issues at all with the email address that was stolen. It's an address that I haven't even given out all that much and has been my primary one for very trusted sites for years. I mention this because the timing then of what occurred seems to suggest it was very recently compromised. And this would be the place it likely happened then.

What occurred is this. I received a VERY targeted email from paypal. Needless to say, I've been around the computer and internet block a time or two and I can tell you this..it was very professionally done. Someone had even managed to associate that
email address with my full name..making it more believable. The email DOES contain my name but only with initials and last name...and this email had correctly identified my first name out of the initials. And so obviously..work was done with the information they had.
The return address was also very official appearing to come from paypal themselves.

Were it not for my knowledge of what had occurred recently here..I might even have been inclined to click on it and to respond. That's how well done and prepared it was. In this case I decided to not only not click on it..but I also contacted paypal directly about it..forwarding the email to their security dept.

Here was their reply..

"Hello Rick,

Thanks for reporting that suspicious-looking email. The email you
received was not sent by PayPal and it links to a fake website. We are investigating and working on stopping the fraud.

If you have already given any personal or financial information to this fake website, you should immediately log in to your PayPal account and change the password and secret questions. You should also tell your bank about this problem.

To learn how to change your password, go to the PayPal website, click "Help" at the top of the page, and enter "How do I change my password?" in the search box.

You should report any unauthorized account activity to PayPal. Here's
how:

1. Go to the PayPal website.
2. Click "Security Center" at the top of any PayPal page.
3. Click "Start an unauthorized transaction claim" under "Report a
problem" on the left.
4. Log in to your account, or click "Continue" if you are unable to log
in.
5. Review the information about unauthorized transactions, and click
"Continue."
6. Complete the report and click "Preview."
7. Check the box to state that the claim is accurate and click "Submit."
8. Confirm that you're the account owner by entering the financial
information requested, and click "Continue."

Your account security is very important to us, so we appreciate the opportunity to pass along this information.

Thanks,

PayPal "

In any event..again..could it have come from elsewhere? It could have. But I'm inclined to think it wasn't given it was this address..one that has been secure for years and one that is also tied to paypal. Someone also did work on this information to arrive at my correct name out of initials in the email address.

If Fatness or Justin would like a copy of this for futher research I'd be happy to provide it to you along with paypals response email. Just pm me with an address to send it to.

Thanks..

~Rick

nwrickert
Mod
join:2004-09-04
Geneva, IL

1 recommendation

nwrickert

Mod

Is there any chance that was the email discussed here:
»PayPal Email...your enhanced account statement is here
Rick5
Premium Member
join:2001-02-06

Rick5

Premium Member

said by nwrickert:

Is there any chance that was the email discussed here:
»PayPal Email...your enhanced account statement is here

No..not exactly. But it contains some of whats in that one.
Mine has a different subject heading and it contains the section about the Electronic Communications Delivery Policy..but other than that nothing about the enhanced account statement.

Could definitely be the same group though given the similarity with the electronic communication delivery policy wording.

nwrickert
Mod
join:2004-09-04
Geneva, IL

1 recommendation

nwrickert

Mod

You might have received a phish. It's good that you were suspicious.

Unfortunately, paypal is not very good at identifying phish. I have seen a number of reports of mail that actually came from paypal, and when submitted to paypal they wrongly identified it as phish.

Hall
MVM
join:2000-04-28
Germantown, OH

Hall

MVM

said by nwrickert:

You might have received a phish. It's good that you were suspicious.

A former co-worker of mine panicked one day when he rec'd an e-mail to "hisname@employer.com" and said "but my eBay account is tied to my home e-mail". I told him "ignore it" but he couldn't drop it. He failed to grasp that it was a phishing attempt. Kept asking "how did they get my email and how do they know I have an eBay account ?".

nwrickert
Mod
join:2004-09-04
Geneva, IL

nwrickert

Mod

said by Hall:

Kept asking "how did they get my email and how do they know I have an eBay account ?".

Many people fall for that. I guess it's a matter of wanting to feel that they are special.

When the scammer sends out millions of copies, then by random luck he will be right some of the time.

Hall
MVM
join:2000-04-28
Germantown, OH

Hall

MVM

"random luck" or *coincidence* doesn't factor in with this person... It HAD to be legitimate, as far as they think !

GeekNJ
Premium Member
join:2000-09-23
Waldwick, NJ

GeekNJ to Hall

Premium Member

to Hall
If it wasn't for people like your co-worker, average folks like you and I wouldn't look so good!

peterdmar
join:2001-01-29
San Francisco, CA

peterdmar to justin

Member

to justin
Because of this problem, my Hotmail account was compromised and was used to spam people on my contact list. I made a mistake of using the same password on both my Hotmail account and here at DSL Reports. People on my contact list told me that they were receiving spams from my Hotmail account. Some of them were just simple spam plus others are malicious and virus infested ones. I've immediately login to to my various accounts and change each of them to a different passwords. Luckily for all of my financial places, I've uses a much more sophisticated passwords and wasn't compromised.

Doing it this way would mean it's more difficult to remember all of those different passwords. For me, I've typed it all on a Word document and then passwords saved it as WinRAR file using an easy to remember password.

AR

join:2000-09-21
Toronto, ON

1 edit

AR to justin

to justin
Spam was sent again today to my hotmail contact list.

I had deleted the contacts off my hotmail account the last time when i changed the password. So obviously, they grabbed the entire contact list and spoofed my email address to send this out. Again.

Geez.......

This happen to anyone else too today?

edit: Not my entire contact list from before....just the 3 contacts that were added to my hotmail contact list since the last incident. I changed up the password again today.

scott0531
@cox.net

scott0531 to justin

Anon

to justin
Is there someone I can talk to about getting my original username/account back? I tried e-mailing Justin a while back but never got an answer. I'd really like to continue to use my original account. TIA.

cabana
Department of Adjustments
Mod
join:2000-07-07
New York, NY

cabana

Mod

Please email accounts@dslreports.com and we will get you fixed up.

Thanks