URGENT – THIS IS NOT A SPOOF – PLEASE READBack to Forum
There has been a massive data security breach, which has just been notifed by a number of credible sources, such as zdnet, IT Governance, the Register and Snopes.
A piece of malware named Onliner Spambot has been able to affect 711 million email accounts (mine amongst them). This information is now in the hands of criminals.
To check whether your accounts have been affected, there is a website named haveibeenpwned (I’m reluctant to quote a url, as it could look like a fishing attack, but you can find this using a search engine) – 30 seconds of effort will show if you have been affected.
If so, I’d recommend that you immediately change all passwords for the websites you use ASAP, as your details are being sold on the dar web.
I’d also recommend that you use a strong password generator and passwords of 20 characters or more.
Sorry to be the bearer of bad news, but I wanted to share this so fellow members could decide if they need to act.1 Sep 2017
Thank you for this warning. A friend of mine who runs the IT department for a global company seems to think it’s not as serious as it might appear.
According to the site a couple of my accounts may have been compromised and others not.
I am not sure how seriously to take this but as a precaution I’ve changed the passwords on my important accounts and as I have a couple which I use only for baiting scammers and receiving unimportant stuff, I am leaving them unchanged and waiting to see if anything happens.
My contacts might start receiving emails saying I am ‘on holiday down in the Philippines and was mugged’ and asking for money to pay hotel bill. Should that happen the scammers will receive emails from a lot of people making remarks about what their mothers might have done with pigs and dogs 9 months before they were born.2 Sep 2017
Your friend has a point when considering corporate systems, with good password governance.
My concern is for individuals and small business; where this type of breach gets really dangerous is when people re-use passwords for multiple websites and are potential targets for ‘credential stuffing’ attacks that can result in their bank accounts, credit cards and other important accounts being the victoms of cyberfraud. That’s why I like two stage verification on my important accounts.
My credit card has been compromised 4 times in the last 5 years (and I never re-use passwords) and my debit card a few months ago. I guess it is one of the prices you pay for travelling widely, but I tend to take ID security very seriously.3 Sep 2017
Sorry FDOS, just read this now. I thought it WAS a spoof but after I saw three replies curiosity got the better of me 😉
You bring up a very important topic and I’ve attended several events around cyber security. At a recent event in Berne during Q&A I asked someone from the British Embassy, and a Swiss Minister responsible why countries don’t get their act together and fast track a way to involve countries and banks closing down or blocking accounts immediately. An answer came there none!
September 20/21st there will be an important cyber security conference here in Lugano where the whole case of hacking emails/phone etc will be discussed along with a practical demonstration so hopefully I will glean more from this event. Link below if anyone interested.6 Sep 2017
You’re welcome – apparently not all the 711 million records were complete (i.e. lacking passwords), but even so the risk is simply not worth taking and you did the right thing to change passwords.
Apparently the ‘second wave’ of emails in this campaign (to try to grab passwords) were mainly in the form of spurious invoices, which I guess individual consumers will recognise and delete, but which may be more of a problem for small businesses where the employees may be unsure and inadvertently infect their pc.
Thanks for the information about the conference in Lugano – I’ll be in France on that day, so unable to attend, but I hope you find it informative.7 Sep 2017