Tag Archives: Internet security

Privacy Alert! Disqus data breach!

Some websites require you to have a Disqus account in order to comment.

Disqus is a worldwide blog comment hosting service for web sites and online communities that use a networked platform.

Last night, LifeLock issued an alert that Disqus.com has incurred a data breach.

If you have an account with Disqus, this means whatever data you’d entered at Disqus is compromised, including your email address and your password.

Below is the alert from LifeLock:

Description: The site disqus.com has been reported to possibly have suffered a data exposure that could include emails and passwords. The possible exposure would have happened in June 2012 although it was reported in February 2018.

Where Found: Dark Web, , a term used which may also include the deep web or a peer-to-peer file sharing network.

Password: Exposed online

LifeLock’s advice:

  1. Change the password associated with the affected website or email service immediately.
  2. Set up 2-factor authentication if available with that website/service.
  3. If you see a Social Security Number belonging to you, review credit reports for suspicious activity, watch financial transactions, and make sure LifeLock alert preferences settings are up to date for the account that belongs to you.

~Eowyn

Russian hackers stole 1+ billion user names and passwords

hacker

Here we go again.

Once again, hackers have stolen our Internet passwords and user names.

This time, it’s a ring of Russian hackers who have stolen more than a billion online user names and passwords, including more than 500 million email addresses. They are believed to be using that data to spam Internet users.

It’s unclear which websites the Russian hackers hit, but with so much stolen data, there’s a chance you may have been affected. If you think you are a victim of this attack here are steps you can take (h/t Los Angeles Times):

1. Change your passwords

  • Go to your most important online accounts (your email, bank, credit card, etc.) and change the passwords.
  • Ideally, your password should consist of lower and uppercase letters, several numbers and no words that can be found in the dictionary.
  • Use different passwords for different accounts.

2. Monitor your debit and credit card activity

Make sure all the purchases listed are ones you made. If they aren’t, you might be a victim of identity theft.

3. If you suspect you’re a victim of identity theft

  • Create an identity theft report: Go to the Federal Trade Commission’s website to create an Identity Theft Affidavit. Use that affidavit to also file a police report.
  • Freeze your credit report: Notify the three credit reporting agencies to put a freeze on your credit report to block anyone, including yourself, from getting more credit using your identity. You’ll still be able to use your credit cards, but you won’t be able to get new ones while the freeze is in effect. To do this, head to the websites of Equifax, TransUnion and Experian. You will be charged a fee of up to $5 if you are not a victim of identity theft.
  • Get a copy of your credit report: After freezing your credit report, ask the three credit reporting agencies for a copy of it. You should read the reports to make sure you recognize all of the transactions and accounts listed.
  • Dispute errors: If you find erroneous transactions or accounts, you will have to contact the fraud departments of the credit reporting agencies as well as the businesses involved explaining the error and your situation.
  • For more detailed information on what to do if you are a victim of identity theft, here’s a helpful guide from the FTC.

UPDATE:

My bud Mark S. McGrew, who is way less naive than I am, thinks that this is a hoax, perpetrated to (a) trash Russians; and (b) to scam us by frightening us into purchasing online protection against security breaches.

Lending credence to McGrew are:

  1. The company that supposedly “discovered” this latest hacking is offering an “alert service” to let you know if someone is using your data, for a fee of $120. The MSM obligingly report on this “hacking” to generate business for that company. See
    http://www.whatdoesitmean.com/index1792.htm.
  2. There has been no — ZERO — reports of any actual breach of online security as a result of this “Russian hacking.”

Whatever is the case, it doesn’t hurt to change your passwords, which we are advised to do regardless of hackers.

~Eowyn