Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2385 posts

Uber Geek
+1 received by user: 292
Inactive user


Topic # 116389 27-Apr-2013 19:06 Send private message

Seems like these security breaches are happening more and more.

This one from Living Social just arrived in my inbox.

IMPORTANT INFORMATION

LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue.

The information accessed includes names, email addresses, the date of birth of some users, and encrypted passwords; technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The database that stores customer credit card information was not affected or accessed.

Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.




Create new topic


2385 posts

Uber Geek
+1 received by user: 292
Inactive user


  Reply # 806447 27-Apr-2013 19:07 Send private message


3803 posts

Uber Geek
+1 received by user: 1404

Trusted
Subscriber

  Reply # 806464 27-Apr-2013 19:31 Send private message

Unfortunately I could not see a 'delete my account' option. Does anyone know where it is?




iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


 

 



gzt

8536 posts

Uber Geek
+1 received by user: 1059


  Reply # 806515 27-Apr-2013 21:34 Send private message

Yeah, really annoying. Changed my password this morning after the news. Later in the afternoon received the message about the system password reset. Hmm.

BDFL - Memuneh
57832 posts

Uber Geek
+1 received by user: 9443

Administrator
Trusted
Geekzone
Subscriber

  Reply # 806530 27-Apr-2013 22:01 Send private message

I actually never created an account, but might have entered a competition. They took this opportunity to spam my spare email address. Basically they sent an email to everyone in their database. I then checked my eWallet file and I don't have a password. Went to the site clicked "Forgot password" and entered my spare email address.

The results say "Even though you receive our newsletter you don't have an account. Create one now" (no, never received a newsletter).

Basically they not only had a security problem, they took the opportunity to send emails to everyone, regardless of having an account or not. Pretty poor.




Webhead
1741 posts

Uber Geek
+1 received by user: 475

Trusted
Subscriber

  Reply # 806574 28-Apr-2013 04:35 Send private message

A good time to remind people not to use the same password on several different services.

One good way to deal with lots of passwords, is to auto create them (good long passwords of 14+ letters/numbers) and use a service like Lastpassword or 1Password (my favorite) to deal with entering passwords on the different services.

That way your email and other services aren't in jeopardy if one of the services you use get hacked.

LinkedIn, PS Networks etc. are good examples that its not only small services/sites that gets hacked and bleed usernames and passwords.






2385 posts

Uber Geek
+1 received by user: 292
Inactive user


  Reply # 807083 29-Apr-2013 09:15 Send private message

jarledb: A good time to remind people not to use the same password on several different services.

One good way to deal with lots of passwords, is to auto create them (good long passwords of 14+ letters/numbers) and use a service like Lastpassword or 1Password (my favorite) to deal with entering passwords on the different services.

That way your email and other services aren't in jeopardy if one of the services you use get hacked.

LinkedIn, PS Networks etc. are good examples that its not only small services/sites that gets hacked and bleed usernames and passwords.


Thanks for the tip. Going to try this out.

gzt

8536 posts

Uber Geek
+1 received by user: 1059


  Reply # 807095 29-Apr-2013 09:28 Send private message

Date of birth is another issue to consider.

How many services have a genuine need for your exact date of birth?

Not LivingSocial that's for sure.

BDFL - Memuneh
57832 posts

Uber Geek
+1 received by user: 9443

Administrator
Trusted
Geekzone
Subscriber

  Reply # 807096 29-Apr-2013 09:30 Send private message

Klipspringer:
jarledb: One good way to deal with lots of passwords, is to auto create them (good long passwords of 14+ letters/numbers) and use a service like Lastpassword or 1Password (my favorite) to deal with entering passwords on the different services.


Thanks for the tip. Going to try this out.



LastPass (which I think jarledb is talking as "lastpassword") uses Google Authenticator for two factor security if you want to go even further. There are Google Authenticator apps in all mobile platforms.

I also use Google Authenticator on Google Account, Microsoft Windows account, Dropbox, Lastpass. I use SMS authentication on Facebook and a couple of other services.






501 posts

Ultimate Geek
+1 received by user: 28


  Reply # 807097 29-Apr-2013 09:34

I personally use Keepass. Its free and you can get a portable version for iPhone (I think you can get it for android as well) so take your passwords with you as well.

5499 posts

Uber Geek
+1 received by user: 720

Trusted
Subscriber

  Reply # 807110 29-Apr-2013 09:53 Send private message

gzt: Date of birth is another issue to consider.

How many services have a genuine need for your exact date of birth?

Not LivingSocial that's for sure.

Agreed. I'm not familiar with LivingSocial but I don't like sites that "require" data that they don't actually need. For example, I haven't registered with Pizza Hut because they won't let me create an account without providing my physical address (I only ever do pickups). It's not that I don't trust Pizza Hut, but rather that I don't trust potential hackers!

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Telecommunications monitoring report: Are you being served?
Posted 24-May-2017 11:54


NetValue partners with CRM Provider SugarCRM
Posted 23-May-2017 20:04


Terabyte looms as Vocus users download 430GB a month
Posted 19-May-2017 14:51


2degrees tips into profit after seven lean years
Posted 19-May-2017 09:47


2degrees growth story continues
Posted 17-May-2017 15:25


Symantec Blocks 22 Million Attempted WannaCry Ransomware Attacks Globally
Posted 17-May-2017 12:41


HPE Unveils Computer Built for the Era of Big Data
Posted 17-May-2017 12:39


Samsung Galaxy S8 Plus review: Beautiful, feature-packed
Posted 16-May-2017 20:14


After ten years of mail pain Spark is done with Yahoo
Posted 15-May-2017 13:12


Warnings from security firms: do not click that link or risk your computer being infected
Posted 15-May-2017 10:11


Pushpay named NZ Hi-Tech Company of the Year 2017
Posted 15-May-2017 09:59


Passive Optical Lan means fibre to the desktop
Posted 12-May-2017 17:09


Finalists Named for 2017 CIO Awards
Posted 11-May-2017 20:00


Exhibition to showcase digital artwork from across the globe
Posted 10-May-2017 18:54


Accelerate 2017 to focus on navigating disruption with a design thinking mindset
Posted 10-May-2017 18:49



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.