jaisonline Posted August 6, 2014 Posted August 6, 2014 http://www.usatoday.com/story/tech/personal/2014/08/05/russian-gang-stolen-passwords/13639285/http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?_r=0 Web sites haven't been named publically yet. Probably a good idea to once again change passwords. 1 Quote
Fcbarcelona101 Posted August 6, 2014 Posted August 6, 2014 It makes complete sense... Over the past 2-3 months I have experienced at least 4 fraudulent charges on 4 different cards. Plus, I know of at least 5 more cases of people close to me. Nuts Sent from my iPhone using Brickpicker 1 Quote
MartinP Posted August 6, 2014 Posted August 6, 2014 Wow! It makes sense, but wow! Looks like a lot of my passwords are going to change today. 1 Quote
jaisonline Posted August 6, 2014 Author Posted August 6, 2014 Martin, I'm in IT Mgt. Specially the integration side (connecting systems to systems both internally and externally) using TIBCO and Informatica. Thus, I know a lot about DBs, encryption, app server software, security certs, etc... Thus I know what is involved and the last year of data breaches SCARE me. My wife and I have started using cash more and more. Back in the 2000s, the majority of hackers did what they wanted for publicity among their peers. Today's hackers seem to be in it for money and street cred is secondary. Hacking truly turned into organized crime. The vast majority of web sites are not secure. The hackers are just too good. Sent from an iPhone using the Brickpicker app 1 Quote
Fcbarcelona101 Posted August 6, 2014 Posted August 6, 2014 With perfect timing, one of the friends that experienced fraud around a month ago just told me it happened again today.... Sent from my iPhone using Brickpicker Quote
chinothegeeko Posted August 6, 2014 Posted August 6, 2014 Such great news. This is ridiculous anymore. Thank for the info jaisonline. Quote
tonysbricks Posted August 6, 2014 Posted August 6, 2014 1.2b passwords / 420k sites = ~3000 passwords per site. Sounds like they were hitting the tiny mom and pop sites via script. This isnt surprising even in 2014, SQL injection is still #1: https://www.owasp.org/index.php/Top_10_2013-Top_10 Quote
redcell Posted August 6, 2014 Posted August 6, 2014 Martin, I'm in IT Mgt. Specially the integration side (connecting systems to systems both internally and externally) using TIBCO and Informatica. Thus, I know a lot about DBs, encryption, app server software, security certs, etc... Thus I know what is involved and the last year of data breaches SCARE me. My wife and I have started using cash more and more. Back in the 2000s, the majority of hackers did what they wanted for publicity among their peers. Today's hackers seem to be in it for money and street cred is secondary. Hacking truly turned into organized crime. The vast majority of web sites are not secure. The hackers are just too good. Sent from an iPhone using the Brickpicker app As long as you use a major credit card and pay attention to the charges on your bill, you don't have anything to worry about. The legal protections for credit cards are so strong that any unauthorized charges get wiped out almost automatically. 1 Quote
tonysbricks Posted August 6, 2014 Posted August 6, 2014 As long as you use a major credit card and pay attention to the charges on your bill, you don't have anything to worry about. The legal protections for credit cards are so strong that any unauthorized charges get wiped out almost automatically. I switched from using a debit card to a credit card for this reason. The points are just a token bonus. It also prevents direct access to the money. Quote
jaisonline Posted August 6, 2014 Author Posted August 6, 2014 As long as you use a major credit card and pay attention to the charges on your bill, you don't have anything to worry about. The legal protections for credit cards are so strong that any unauthorized charges get wiped out almost automatically. i know. but it's not that simple anymore identity theft is the bigger prob. the recent data breaches (including target and experion) have hackers (and the buyers of the data) opening MC and VISA credit cards using the stolen information. it was just a matter of time the stolen encrypted data was decrypted. sure, we won't be liable for the purchases but the more serious issue at hand is once "secured" personal data is now available for those who can buy it. fixing matters like that is a mess using the 3 credit bureaus. some folks (regardless if the % is low) will ultimately need to change their SS# which is a MAJOR headache. personally, i think many companies have greatly misused our SS#s. seriously, do companies like AT&T and Comcast really need our SS# to offer us their services / products? we are prob getting to the point that people will need another unique identifier to replace SS#s. 2 Quote
Sauromosis Posted August 6, 2014 Posted August 6, 2014 Could this be related to Ebay making us change passwords a month ago? Quote
jaisonline Posted August 6, 2014 Author Posted August 6, 2014 Could this be related to Ebay making us change passwords a month ago? not sure yet. we need company names to be released. it appears many global DB servers were compromised. i think companies won't come forward until their internal (tech and legal) investigations are complete. i hope the breach is smaller / less serious than reported... Quote
mc1fan22 Posted August 6, 2014 Posted August 6, 2014 Thank you for this jaisonline. Looks like I will be changing many passwords today. Quote
No More Monkeys Posted August 6, 2014 Posted August 6, 2014 1.2b passwords / 420k sites = ~3000 passwords per site. Sounds like they were hitting the tiny mom and pop sites via script. This isnt surprising even in 2014, SQL injection is still #1: https://www.owasp.org/index.php/Top_10_2013-Top_10 I think we all know what kind of "mom and pop" sites were mostly affected... Quote
iahawks550 Posted August 6, 2014 Posted August 6, 2014 As long as you use a major credit card and pay attention to the charges on your bill, you don't have anything to worry about. The legal protections for credit cards are so strong that any unauthorized charges get wiped out almost automatically. For the individual consumer, definitely correct. But the bigger problem is these companies will have to recover their lost money.....somehow. Either by all credit card companies going to a fee system for consumers, or businesses raising prices. Quote
c666187 Posted August 6, 2014 Posted August 6, 2014 i know. but it's not that simple anymore identity theft is the bigger prob. the recent data breaches (including target and experion) have hackers (and the buyers of the data) opening MC and VISA credit cards using the stolen information. it was just a matter of time the stolen encrypted data was decrypted. sure, we won't be liable for the purchases but the more serious issue at hand is once "secured" personal data is now available for those who can buy it. fixing matters like that is a mess using the 3 credit bureaus. some folks (regardless if the % is low) will ultimately need to change their SS# which is a MAJOR headache. personally, i think many companies have greatly misused our SS#s. seriously, do companies like AT&T and Comcast really need our SS# to offer us their services / products? we are prob getting to the point that people will need another unique identifier to replace SS#s. Unfortunately, yes. These types of services require a credit check before service is established. Not saying I agree with it, but cable and utility companies run your credit before establishing service. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.