• Scam Alert. Members are reminded to NOT send money to buy anything. Don't buy things remote and have it shipped - go get it yourself, pay in person, and take your equipment with you. Scammers have burned people on this forum. Urgency, secrecy, excuses, selling for friend, newish members, FUD, are RED FLAGS. A video conference call is not adequate assurance. Face to face interactions are required. Please report suspicions to the forum admins. Stay Safe - anyone can get scammed.
  • Several Regions have held meetups already, but others are being planned or are evaluating the interest. The Calgary Area Meetup is set for Saturday July 12th at 10am. The signup thread is here! Arbutus has also explored interest in a Fraser Valley meetup but it seems members either missed his thread or had other plans. Let him know if you are interested in a meetup later in the year by posting here! Slowpoke is trying to pull together an Ottawa area meetup later this summer. No date has been selected yet, so let him know if you are interested here! We are not aware of any other meetups being planned this year. If you are interested in doing something in your area, let everyone know and make it happen! Meetups are a great way to make new machining friends and get hands on help in your area. Don’t be shy, sign up and come, or plan your own meetup!

PSA Change your passwords. Use secondary authentication.

djberta

djberta

Ultra Member
Premium Member
Huge hack of multiple companies has exposed 16 billion profiles and passwords. Change all your passwords and make sure secondary authentication is activated. One step further is to use a physical passkey.

www.forbes.com

16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

As 16 billion credentials are confirmed as having been leaked, is it time to switch from passwords to passkeys?
www.forbes.com www.forbes.com
 
I was reading about it here:

Tom's Guide

I have never used this service but in the article it is suggested to do the following:

"Second, to find out if your login credentials have been affected, use Have I Been Pwned and check if your email is in the clear."


A little irony when it appears that people who use VPN services may have had their info stolen.
 
Tried my 2 emails using the service Have I Been Pwned.

My main email came back negative.

The other had 2 "Data Breaches" from 2018. I have changed my passwords a few times since 2018.


Found this:

"A hacker has managed to phish Troy Hunt, the creator of HaveIBeenPwned.com, tricking the security expert into clicking a malicious email while he was jetlagged.

The breach affects people who subscribed to Hunt’s personal blog, rather than HaveIBeenPwned, a data breach notification site that’s attracted millions of users. “I'm enormously frustrated with myself for having fallen for this, and I apologize to anyone on that list,” he said."

Full Article

That guy is a web security consultant. Classic example of it can happen to the best of us.
 
Susquatch said:
I see. But I don't follow what you mean. I can be pretty thick sometimes.
Click to expand...

People are trying to be safer online only to have personal info stolen through an online security service.

Not the typical source of where you expect to get info stolen. While not impossible you'd expect they'd be a tougher business to hack being that internet security is what they do.
 
Elektrishun said:
People are trying to be safer online only to have personal info stolen through an online security service.
Click to expand...

I see. It wasn't obvious what you meant, but I see now and agree.

Sometimes when I am checking my email, I am truly shocked at what these characters do to try and hook me. Some times very sophisticated - other times total idiots.

And then I get this genuine email from my bank - who say they never do that but did! When I called them on it, they didn't even apologize!

I am currently evaluating a token system because even two factor authentication is being hacked.
 
I have a throwaway password I use across multiple whatever accounts that was part of a previous data breach. This whatever account/pass includes a Domino's Pizza account with no credit card saved. Last year, someone went into my account, ordered a pizza by redeeming my points. I'm usually on top of my emails but was with company at the time so saw the order 2-hours later, and the pizza was already delivered. The person even had to add a bit of cash to cover the extras because their order went over the point redemption. Domino's returned my points no issue and after a quick Google realized this hack was happening all over.
 
I have first hand experience with fraud. We were taken for $78,000.00 a couple years ago. $28,000.00 was recovered. Well not recovered. Clients repaid what they had already paid in good faith.
Long story short. If one of your suppliers is hit with ransomware, always check your archives in email, always have two step verification and don’t deal with Toronto Dominion Bank!
Martin
 
Martin w said:
If one of your suppliers is hit with ransomware, always check your archives in email, always have two step verification and don’t deal with Toronto Dominion Bank!
Click to expand...

It isn't obvious to me why you recommend checking your archives in email? What is that all about?
 
They were sending and receiving emails thru archives to my customers saying we were being audited and not to use the regular direct deposit. I don’t know anyone who checks email on archive. So we had no idea until it was too late. I don’t want to hear from folks here who say we should have done this or that. Just giving some friendly advice. Some of my clients are government institutions and they fell for it as well. They were not the ones who made up the fraudulent payments after the fact.Lol
 
I was a bit skeptical of this "16 billion passwords" in all the major media. I see nothing in The Register, which is usually right on top of this sort of thing. I did see mention on Tom's, who seemed to have the usual general cautions but no inside info.

But I'm still a bit puzzled in that for decades now "everyone" knows that you do not store raw passwords in any kind of database - you "salt" them and encrypt them so that anyone who gets access to your DB still only gets gibberish rather than meaningful passwords, and those also should not be readily associated with any username. But I'm been out of the software & DB business for a few years now, so perhaps AI/Quantum computing/fill in the latest newness means "yes they really did get 16 billion actual usable passwords and know whose they are and for what accounts...."
 
I was listening to an interview with a former black hat hacker who said regardless of the best cyber security systems put in place as long as a human is somehow involved and accessible there will always be a way to circumvent the security.
 
You must log in or register to reply here.
Back
Top