1.2Billion usernames and passwords hacked
 

By some Russian gang. I changed all my passwords on financial accounts this afternoon, including paypal and Amazon which had CC info. Should I double down and change usernames as well?

hugh, do you have any additional news on this? very inconvenient to say the least.

btw, I hope all is well in Wilmington!

best,

pcb

Here is a good article explaining what happened: BBC News - Russia gang hacks 1.2 billion usernames and passwords

Until I learn more, I'm just changing my passwords. Probably not a bad thing to do every now and then anyway.

It's reported in the NYT:

http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?ref=technology&_r=0

OK, so that heartbleed virus causes me to change all my passwords.

Heartbleed - Wikipedia, the free encyclopedia

Now this.

I give up. Any of you guys know of a good password vault type of tool. Something I can use on the iphone and my three different computers?

Wilmington was wonderful. Rained every day; haven't seen rain in LA in about 18 months (I think it rained here a few months ago, but I was traveling) I took an afternoon and went out to the Outber Banks (barrier islands) . I could move from LA to there in a heartbeat. A little humid, but very tolerable. I was in the USMC in Perris Island, SC and then Camp Lejeune, NC 40+ years ago.

Going back to Wilmington and then Richmond, VA in a few weeks for another TV show.

Good to know but I'm getting awfully sick of constantly having to change all this stuff - first target, then heartbleed, now this... Pita.

I don't know how it would help. In order to keep my passwords in case I forget them I put them a Boxcryptor folder whose access is encrypted. Boxcryptor works on Macs, iPhone, and iPads and prolly all the PC/Android versions. I don't keep the actual passwords, just screen shots of word documents with the username and passwords.

glad to hear all is well!

This is the troubling part of managing everything online.

People don't want to deal with other people AND companies don't want to staff support people, so you end-up with online-only services. Everything from the toll roads to my bank wants me to sign up online. Same with my retirement fund.

Then everything becomes vulnerable. I would like an offline-only option for critical stuff: Credit Cards, Banking, Utilities... These providers' systems are too easily breached. It's almost as if they don't care about their customers' data or the potential identity theft.

Cyber warfare?

Meh. Just another day in cyberspace. I'd change all my passwords but the same thing will happen again in a couple weeks. What's the chance that out of those 1.2 billion you will be the one they take $400 from? And even if they do your CC company will reimburse you immediately with a simple phone call.

I agree that I'm not too worried about someone taking my credit card number. But I am worried that someone gets access to my banking accounts and transfers a whole bunch of cash out. I'd probably get it back, but the hassle/fear isn't worth it.

This was the event that made me check off something that's been on my todo list for a year or more. I installed DashLane, and used it to generate strong passwords for all my banking accounts. So far, so good. Easy to change them in the future, syncs across my devices.

mSecure is good. It wouldn't really have helped in this situation though.
https://msevensoftware.com/msecure_ios

If it makes you feel any better, I just got a letter from Blue Cross informing me that accidentally last year they released the secret info of providers on their network lists….10 times!

Don't they have some biometric thing you can use, like a fingerprint or retina scan, something?

So taping the list of pass words to the bottom of my desk drawer, bad idea?


I kid, and actually that would work out just fine for me.

This sux and is really becoming unmanageable. I just changed maybe 10 critical passwords for my personal stuff because of the Heartbleed BS. Now this. At work I have about 20 passwords that have to be changed fairly often. I keep them on a spreadsheet, otherwise its impossible to manage. Somebody needs to come up with a biometric that works and soon.

So I guess Ill get another year of free ID theft monitoring out of this eventually. With all the data breachs going on over the years Ive had some form of identity theft protection gratis from the latest big corp that got breached for several years now.

I heard a security guy make an excellent case against biometrics for typical web apps.

If someone hacks the system and gets your password, you can always change it. But if they get your retina scan or finger print...you're screwed. (Oversimplified...but a good point.)

That is a good point.

There used to be a time when merchants and bankers knew their customers by something other than sets of digits.

What was that called? hmmmm....

Well, who cares? Binary-peeps be herded and shuffled.