Posts

Are you prepared for social engineering and the Next Corporate hack?

Have you opened the front door for anyone who came knocking or made way for an unknown contractor? If so, you might have been victim of social manipulation-based hacking. Training, exercise and countermeasures can help, and this also applies to the Next Big Corporate hack which surely can strike even you.

Drupal.org compromised – 967,659 users and (hashed) passwords stolen

The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.

Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly. As a precautionary measure, we’ve reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps.

Go to https://drupal.org/user/password
Enter your username or email address.
Check your email and follow the link to enter a new password.
It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

Using the same password for different websites is a very bad idea, and you should avoid it as much as you can. Security tips regarding passwords can be found in our newsletter here: http://bfblogg.wpengine.com/blog/2013/03/08/basefarm-sirt-newsletter-2013-03-08/

More information: https://drupal.org/news/130529SecurityUpdate

50 million customers hit in LivingSocial hack

LivingSocial, the a deal-of-the-day website that features discounted gift certificates usable at local or national companies, has been hit by a cyber attack on their systems.
The information they were able to steal included names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. Credit card information was apparently not lost.
While the passwords were encrypted, it’s still recommended to change password immediately on LivingSocial, as well as any other sites where you’re using the same password.

Using the same password for different websites is a very bad idea, and you should avoid it as much as you can. Security tips regarding passwords can be found in our newsletter here: http://bfblogg.wpengine.com/blog/2013/03/08/basefarm-sirt-newsletter-2013-03-08/

You can find more information on their website:
https://www.livingsocial.com/createpassword