• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

Important: Another Wave of Account Hacks

Shopping online seems to be the best way to fill your inbox with spam. It takes months to get it to stop.
 
Still in control of my account for now. I wonder what the motivation is to attack ASR?

Sometimes it’s automated spam, but other times it is target. I nearly got scammed on Audiogon when buying an amplifier. User had good feedback hadn’t logged in a while and what was being sold seemed reasonably priced. Cheap enough to impulse buy but not so cheap to make it an obvious scam. Thankfully PayPal buyer protection kicked in. Hate that they know my mailing address and phone number (which was for “shipping”).

That said, I have also gotten super deals by taking a risk on lower feedback sellers.
 
There are lots of ways it can happen, it's also common if you re-use passwords across sites. If one site is compromised, then so is any other account you've used that password for.

this must be the main reason, cause I never got anything hacked and I am not extra careful outside of financial pages. the only thing I did different is using Lastpass for as long as I can remember
 
The difference between these two is important. With KeePass you keep your encrypted password database yourself. With Lastpass and any other cloud-based service like that you give your passwords to the cloud service for them to keep in their database, so you rely on the service provider to implement all their software and networking and management 100% perfectly. Such services are high-value targets so we can assume they are being attacked all the time. One mistake on their part... And Lastpass, just for example, has made several high-profile mistakes.

With KeePass and similar the database is distributed: it doesn't contain everyone's passwords -- only yours. But there are downsides 1) you need to carefully back up your password database, and 2) you need to synchronize it across the devices you use. Some people use Dropbox for sync. I use something called Resilio Sync.
While Lastpass has had some security issues, everyone who had a long, strong master password has been fine. If you fear your old lastpass account has been hacked, you can change your password and then change passwords for various sites to ensure the password strength. Personally, I think that Lastpass puts a lot more effort into security than I do, so I'd rather have the database on their end. Plus, I use multiple computers and devices that need passwords.
 
Out of curiosity, if you are in the Apple ecosystem, is LastPass actually better than Apple Keychain? Apple has a pretty decent track record of security/safety/privacy.
 
The difference between these two is important. With KeePass you keep your encrypted password database yourself. With Lastpass and any other cloud-based service like that you give your passwords to the cloud service for them to keep in their database, so you rely on the service provider to implement all their software and networking and management 100% perfectly. Such services are high-value targets so we can assume they are being attacked all the time. One mistake on their part... And Lastpass, just for example, has made several high-profile mistakes.

With KeePass and similar the database is distributed: it doesn't contain everyone's passwords -- only yours. But there are downsides 1) you need to carefully back up your password database, and 2) you need to synchronize it across the devices you use. Some people use Dropbox for sync. I use something called Resilio Sync.

EDIT to add: when using a cloud password manager you really still need to backup your password database. When internet businesses fold, they often do so without notice. So you should be ready for that.
I doubt any cloud password service keeps passwords. They keep an encrypted filed to which they don't have the key.
 
Out of curiosity, if you are in the Apple ecosystem, is LastPass actually better than Apple Keychain? Apple has a pretty decent track record of security/safety/privacy.
Apple has a long history of hacked devices, and since wealthier folks use them, hackers love to target Apple. I'd go with LastPass.
 
Randomly generated passwords that use the standard 255-character ASCII character set, letters, numbers, and symbols, that are 16 characters or longer will take longer than the remaining life of the Sun—or the Universe itself—to crack using methods available today.

pwdcrktime.png
 
Randomly generated passwords that use the standard 255-character ASCII character set, letters, numbers, and symbols, that are 16 characters or longer will take longer than the remaining life of the Sun—or the Universe itself—to crack using methods available today.

View attachment 369935
Best password checker site I am aware of at the moment.


It is more than just the length.
 
those scammers are literally annoying as hell... why on earth would they want to post scams on this forum is a mystery to me
 
Happened to me last month, starting with Spotify, not on ASR though. I then reset a lotta passwords using a password manager and enabling 2FA on all the sites where I buy stuff, a Real pain in the a**. AI is seriously boosting malicious digital activity, we need to adapt.
Not to mention the actual state of geopolitics which is and certainly will be an aggravating factor.
 
Best password checker site I am aware of at the moment.
KeePass has a password strength meter built-in. [Asking a website to check your password seems odd to me.]
Dominik Reichl, the administrator of KeePass, states, "...neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment."
It is also FREE, OpenSource, OS agnostic, multi-user, synchronizable, 2FA, import (30+) function, password generator, keylogger (TCATO) obfuscation, w/3 symmetric ciphers, and HMAC-SHA-256 hash.
Best of all, only you are responsible for your own database and KeePass does not require an operational network to function.
I have been a KeePass fan-boy for 19+ years with near 600 entries, which are not limited to just simple web log-in credentials.:)
 
Sometimes it’s automated spam, but other times it is target. I nearly got scammed on Audiogon when buying an amplifier. User had good feedback hadn’t logged in a while and what was being sold seemed reasonably priced. Cheap enough to impulse buy but not so cheap to make it an obvious scam. Thankfully PayPal buyer protection kicked in. Hate that they know my mailing address and phone number (which was for “shipping”).

That said, I have also gotten super deals by taking a risk on lower feedback sellers.
somehow it will be funny if the scam is those "hot girls looking for a partner" or "african prince need a few grand to withdraw millions to share with you" style here though, like when you are looking for a speaker review, sudden those titles appears
 
Shopping online seems to be the best way to fill your inbox with spam. It takes months to get it to stop.

You know what was my worst spam case?

I had a very very technical ticket open with Microsoft. I talked to several different engineers of theirs, from different countries.

It ended up with people calling my workplace, on my direct fixed landline phone number (unlisted, and they all referred to me by name), and trying to get me to invest into financial stocks or suggesting that I try some online casinos and gambling sites.

We had to have the phone company nuke the number.

Did it stop? No, they called central and asked to be connected to me.

Then COVID hit and we took the opportunity to direct the dispatcher to tell them I died, because their previous instruction of telling the spammers I quit and moved to another company lead to them asking which company, what my phone number was, and if they could get my new email address.

So fake death it was.
 
Back
Top Bottom