Data Breach

[cbp210]

I am surprised you guys use Lifelock as they are not a gun friendly organization.

 

[AustinN4]

I am surprised you guys use Lifelock as they are not a gun friendly organization.

Who would you use instead, if one was inclined to use such a service?

 

[robertc1024]

This will explain any odd or offensive posts from me in the future. I DIDN'T DO IT! It was the hackers!!!

 

[benenglish]

Dupe threads merged.

 

[texcross]

Sorry, need to research this, this could have been the old data breach from long ago and now LifeLock is catching on due to it being shared somewhere else? I will have server support run some scans and such and see what they find. Stay Tuned...

 

[Younggun]

Wait. You mean to tell me that "password" or "123456789" are NOT good passwords??

Sent from my iPhone using Tapatalk

 

[AustinN4]

Dupe threads merged.

Thank you!

 

[toddnjoyce]

I use garbage passwords (marginally secure and nowhere near the same patterns I use on 'real' sites) on forums, with the assumption they will be compromised at some point.

Passwords have outlived their utility, and the security world recognizes this, which is why FIDO2 and WebAuthn have been developed and are being implemented.

These services and protocols take passwords out of the equation and, instead, rely on something you have to prove who you are, using a nearly seamless universal second factor for authentication.

While still in the early adopter phase, over the next several years they will become widespread for sites that need to be secure.

Places like forums will implement those services and protocols, and it won’t matter because the protocol creates a unique identify on each server that can’t be used to associate the user with another server.

 

[cbp210]

Who would you use instead, if one was inclined to use such a service?

I use ALLCLEAR ID. They have done great service for me

 

[SQLGeek]

While it's not definitive, my email isn't showing up on https://haveibeenpwned.com/ for this site.

Thanks for the heads up though, I went ahead and changed my password.

I highly recommend LastPass to help keep passwords organized and ensure you're not using the same one everywhere.

 

[texcross]

There are a couple of things that this seems to be the old hack. However, server security is already looking into it. Better safe than sorry. We will be moving to Xenforo 2.0 soon, late this year they will stop taking care of the older version when it comes to security updates. I will post here once they have replied.

 

[Double Naught Spy]

Thank you!

Lifelock sent me the same notice. Passwords are now changed. Fun. I will never remember any of them again.

 

[TheDan]

Who would you use instead, if one was inclined to use such a service?

It's not needed. Contact the credit agencies to lock and unlock your credit as needed. Don't use the same usernames/passwords on social media that you use for your email, and another different set for financial stuff. Also sign up for two factor authentication everywhere it's offered.

 

[TAZ]

Nice to know that Lifelock gives timely notifications (not).

Timelier that all the other notifications I’ve gotten from site owners, TGT included, that have suffered data breaches.

It’s entirely possible that this is just a resale of existing data. I don’t think LL specifies or even knows whether it’s a new breach or old data making the rounds again.

 

[AustinN4]

It's not needed. Contact the credit agencies to lock and unlock your credit as needed. Don't use the same usernames/passwords on social media that you use for your email, and another different set for financial stuff. Also sign up for two factor authentication everywhere it's offered.

Exactly what i do.

 

[motorcarman]

I simply put all my 'username/passwords' on a USB memory stick in .txt files and keep it in a drawer in my desk. They are all different for all the sites I use.

I just copy/paste the info when the site asks for login.

bob

 

[TheDan]

I simply put all my 'username/passwords' on a USB memory stick in .txt files and keep it in a drawer in my desk. They are all different for all the sites I use.

I just copy/paste the info when the site asks for login.

bob

You encrypt that USB stick?

 

[texcross]

While it's not definitive, my email isn't showing up on https://haveibeenpwned.com/ for this site.

Thanks for the heads up though, I went ahead and changed my password.

I highly recommend LastPass to help keep passwords organized and ensure you're not using the same one everywhere.

Thanks for that, good to know as they dig into this and such. Some of the things we are looking into now.

 

[Darkpriest667]

The email address I use here.... Darkpriest667@hotmail.com has had the address and shit passwords cracked at least 100 times in the past 20 years. HINT I also use this login for my student loans. So if the hackers would like to pay off that loan with the little information they have I'd be obliged.... No I didn't change the password.

 

[sidebite252]

So if they’re was an actual data breach on TGT wouldn’t we receive an email from TGT informing us this breach has actually happened?