"CSID, an identity monitoring firm that is in the midst of being acquired by credit bureau giant Experian."<p>Experian a few months ago had a breach whereby millions of T mobile customers who had no idea that Experian was storing their data, had all of their sensitive data stolen. Experian's "solution" to the problem was to offer those who had their data stolen 2 years of <i>free</i> credit monitoring. Think about that for a moment - "we allowed your sensitive data that you didn't approve of us storing to be compromised and so we will now offer you a 2 year service after which you will be charged."<p>That is so completely outrageous, people should be out with pitchforks and torches but you can't fight this stuff, these agencies are far too powerful.<p>Just to further underscore how outrageous Experian and the other two agencies are - Experian notified people who had their data compromised using snail mail! What kind of decision is that for a time-sensitive situation?!<p>Lastly the letter they sent to customers and I read my friend who was a victims letter, said that the data that was compromised was data they were storing on T Mobile's behalf, as if they were in no way culpable.<p>So I guess I this is their strategy going forward is to acquire a half-baked and suspect security firm that will damage innocent companies reputations the same way they themselves have damaged innocent people's credit and identities.<p>I would urge people to call the three big credit agencies - Trans Union, Experian and Equifax and request that your credit be "locked." This means that nobody can look at your credit profile, except for people you currently have a line of credit with. You will be issued a pin and if and when you need to apply for credit you can then unlock your credit profile and re0lock it afterward. You need to re-up on this every two years which is insane as having your credit profile locked should be the default and should be in perpetuity, but you do what you can.
Buried lede imo: TeamViewer having similar issues. Lots of folks claiming it's breached, TV denying it. A lot of potential mischief there, if breached.<p><a href="https://www.reddit.com/r/technology/comments/4m7ay6/teamviewer_has_been_hacked_they_are_denying/" rel="nofollow">https://www.reddit.com/r/technology/comments/4m7ay6/teamview...</a>
Troy Hunt wrote an interesting post on how he verfies breaches recently[0]<p>The amount of fact checking tech "journalists" do means wrong information can really spiral out of control. I wonder if Dropbox can sue?<p>[0]<a href="https://www.troyhunt.com/heres-how-i-verify-data-breaches/" rel="nofollow">https://www.troyhunt.com/heres-how-i-verify-data-breaches/</a>
Lifelock should just be regulated out of existence. If a company can add $100 of value per year by pretending to monitor credit reports, the credit bureaus can be instructed that whatever Lifelock is doing is table stakes for a company that is selling evaluations of creditworthiness.
One of my free credit monitoring services, which I received as compensation from a previous data leak, alerted me last week that a few email accounts of mine wound up in a dropbox. A few things I noticed:<p>The alert only says that the "Potential Site" of where the email was compromised is listed as www.dropbox.com .<p>The option for changing a password in online mail clients is lost in the menu clutter. In Gmail the process is to click <i>Menu Bubble</i> > <i>My Account</i> > <i>Signing in to Gmail</i> > <i>Password</i>. The issue I had is that at the 1st menu level there are options for <i>Google+ Profile</i>, <i>Settings</i>, <i>Privacy</i>, and <i>My Account</i> which all seem like valid places for the <i>Change Password</i> option to live. Each submenu is similarly cluttered, though when I found the correct path it made sense in retrospect.<p>I can't imagine Grandma changing her Gmail password this way. Maybe Google could replace the "Dvorak Keyboard" menu (<i>Select Input Tool</i> > <i>English Dvorak</i>) with an <i>Update Password</i> button. Is there a simpler process I'm not aware of?
So many people will believe anything a "hacker" says as long as it's bad for them. In general, these 100 million password dumps are almost always complete garbage, but everyone along the way says "better to be safe than sorry" and ignores all the warning signs (in this case, that the file obviously wasn't Dropbox credentials).
I wonder if this file with the tumblr passwords was placed in an unprotected shared dropbox folder. Thus, although the actual passwords were from tumblr, the passwords were downloaded by "worm" via a dropbox "breach".