Thread
:
O/T: internet security question (leaked details)
View Single Post
#
4
Posted to uk.d-i-y
Brian Gaff \(Sofa\)
external usenet poster
Posts: 2,699
O/T: internet security question (leaked details)
They are always telling us that we should use a password manager of cours.
However there is no 100 percent secure system if as has been mentioned
servers with customer data can be just sold to any tom dick or Serge.
I mean, another thing to look at is wifi password. Now if its too hard,
nobody can remember it, if its too simply people can guess it, and of
courrse many devices that use a cloud storage system actually store it,
supposedly encrypted.
The hackers know about exploiting apis these days as people use these off
the shelf like a way to stop having to write new ones, but if they don't
use them properly often a breach is created bigger than the brain of Marvin.
Brian
--
----- --
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...
Blind user, so no pictures please
Note this Signature is meaningless.!
"Paul" wrote in message
...
wrote:
Five days ago, I placed an online order with a company that I have used
many times, over the years. It's an online supplier of vitamins and
nutritional supplements. My account with that company has login details
(email address and password) that I used to use for pretty much
everything, until various companies enforced changes, to improve
security.
Two days ago I got an email from Spotify, reporting a login from Germany.
I set up my Spotify account in 2012 and haven't used it since then, so I
was curious. On checking, the login email address and password is the
same old combo as for the vitamin co.
Yesterday I got an email from Amazon, warning of a new, suspicious login.
Sure enough, my Amazon account uses the old email address and password
(all registered credit cards recently expired, so no possibility of rogue
purchases).
In the small hours of this morning, I got an email from Netflix, warning
of a login in the USA. Same deal with email address and password.
Clearly, my old, well used email address and password combo has somehow
leaked out into the ether. The question is: how? I can't help but notice
the coincidence of my recent order with the vitamin company and hot on
the heels of that, rogue logins to various services. Does anyone have a
view on the most likely explanation? Could it be a weakness in the
vitamin company's systems/web page, dishonesty of an employee at the
company, or is it more likely to be something at my end (e.g. keystroke
logging malware)? I run Macaffee on my laptop and use Google Chrome
browser with Win 7.
Thanks. Ant.
I think it's pretty safe to assume some aspect
of this "small company" website is compromised.
Small companies rent everything. They can't even
rent a clue.
I generate long, random, password sequences for each
Internet account created. They're a pain to type in, but I
keep a stack of pieces of paper with the new ones
printed on it. Only one site had a security issue -
the company went bankrupt, and we heard later the
servers they had were sold without being sanitized.
(All the account info left the building intact,
destination unknown.)
If you're using the same password for all of them,
well, stop doing that :-) Or, uh... Oh. It already
happened.
Paul
Reply With Quote
Brian Gaff \(Sofa\)
View Public Profile
Find all posts by Brian Gaff \(Sofa\)