Another serious data breach - get your info protected

T

tenant13

Full time employment: Posting here.
Joined
Nov 15, 2019
Messages
522
Location
Jersey City
https://monitor.firefox.com/breach-details/Eye4Fraud

The infuriating part is that it's the company that most people heard nothing about as it was collecting data from e-commerce sites plus the incident happened at the end of January and we're only just learning about it. There's A LOT of sensitive information that got leaked.

Please protect yourself by installing and learning how to use a password manager (and SimpleLogin), always use 2FA or purchase YubiKey, lock your SIM and don't click on any even remotely suspicious links you receive via email or text. Oh, and don't use your debit card for purchases.

EDIT: I would suggest looking into purchasing two YubiKeys (https://www.yubico.com/quiz/?): one carried on your keychain for mobile devices and the other used for the home computer and as a back-up.
 
Last edited:
Can you explain more about locking your SIM? I've never heard that term and would like to know more. Thanks.
 
If you buy from a company that uses a 3rd party processor, your password manager offers no protection when the 3rd party exposes your sensitive data.

But the password manager may check for the exposure, and alert you.

Locking SIM to phone is a good idea, but that wouldn't help in this exposure.
 
Gumby said:
Can you explain more about locking your SIM? I've never heard that term and would like to know more. Thanks.
Click to expand...

This is usually a one click operation (or a call to the provider) and it prevents fraudsters from hijacking your phone number and porting it to another provider. Which is important if you rely on a text messages for confirming your identity. These hijackings can happen as a result of inside jobs so it's important to make sure that any number porting is difficult.

You can enable that from within T-Mobile app for example: https://www.t-mobile.com/support/plans-features/sim-protection
 
Transfer lock down
Facial recognition
2FA
Immediate alerts on all brokerage, bank, credit card transactions
Lock/freeze credit
Monitor credit from multiple sources
 
Most of the defensive ideas listed here would be irrelevant to the type of breach cited. The truth is that most exploits begin with a successful phishing attack, not with something like an exhaustive password attack. IMO elaborate and long passwords are the Maginot Line of computer security.
 
I assume the bad guys know everything about me already and I play defense to not take on any damage.
Now if you click links…that’s on you.
 
OldShooter said:
Most of the defensive ideas listed here would be irrelevant to the type of breach cited. The truth is that most exploits begin with a successful phishing attack, not with something like an exhaustive password attack. IMO elaborate and long passwords are the Maginot Line of computer security.
Click to expand...

Sadly, the Maginot Line did nothing to halt or even slow the Blitzkrieg.
 
tenant13 said:
This is usually a one click operation (or a call to the provider) and it prevents fraudsters from hijacking your phone number and porting it to another provider. Which is important if you rely on a text messages for confirming your identity. These hijackings can happen as a result of inside jobs so it's important to make sure that any number porting is difficult.

You can enable that from within T-Mobile app for example: https://www.t-mobile.com/support/plans-features/sim-protection
Click to expand...

I'll keep in in mind, but no good for me as only works for: Postpaid customers :mad:
 
Better than SIM locking ... migrate your mobile number to Google Voice. After that (a) being SIM-jacked doesn't affect you in regards to your contacts and (b) if you do get SIM-jacked your carrier only need issue you a new phone number and SIM and the problem is fixed. You don't care about the number they issue because you have migrated your own number away from the carrier and you're making and receiving all of your calls and texts on your mobile phone using the GV app. Aside from the SIM-jack protection the good news is you can use your computer to make and receive phone calls and SMS text messages. The only downside I have come across is that you cannot send or receive MMS messages through GV. Which I very rarely have any need for anyway.
 
DiD - Defense in Depth, not WtF.
 
threeonesix said:
Better than SIM locking ... migrate your mobile number to Google Voice. After that (a) being SIM-jacked doesn't affect you in regards to your contacts and (b) if you do get SIM-jacked your carrier only need issue you a new phone number and SIM and the problem is fixed. You don't care about the number they issue because you have migrated your own number away from the carrier and you're making and receiving all of your calls and texts on your mobile phone using the GV app. Aside from the SIM-jack protection the good news is you can use your computer to make and receive phone calls and SMS text messages. The only downside I have come across is that you cannot send or receive MMS messages through GV. Which I very rarely have any need for anyway.
Click to expand...

I bank with Chase and they sometimes use a phone number to send the identity confirming text. GV doesn't work for that. There are some institutions that won't work. Overall, yes GV is great and more secure than SIM.
 
I see breaches added to the site.

Recently added breaches
Eye4Fraud logo 16,000,591 Eye4Fraud accounts
iD Tech logo 415,121 iD Tech accounts
LBB logo 39,288 LBB accounts
GunAuction.com logo 565,470 GunAuction.com accounts
Convex logo 150,129 Convex accounts
RealDudesInc logo 101,543 RealDudesInc accounts
Weee logo 1,117,405 Weee accounts
LimeVPN logo 23,348 LimeVPN accounts
Truth Finder logo 8,159,573 Truth Finder accounts
Instant Checkmate logo 11,943,887 Instant Checkmate accounts
 
tenant13 said:
always use 2FA or purchase YubiKey, lock your SIM and don't click on any even remotely suspicious links you receive via email or text. Oh, and don't use your debit card for purchases.

EDIT: I would suggest looking into purchasing two YubiKeys (https://www.yubico.com/quiz/?): one carried on your keychain for mobile devices and the other used for the home computer and as a back-up.
Click to expand...

Just fyi, regarding Yubikey authentication:

Both Bank of America and Vanguard (US-based financial institutions) support the customer buying a ~$50Security Key (e.g., Yubikey) and configuring it for use with their account. GREAT!, right? Not really, because:

Both Bank of America and Vanguard, during every login dialog, have the
option to say ``I don't want to use my Security Key this time'', which
falls back to, you guessed it, SMS! So, spend money, spend time, have
frustration, increase friction at every login, and gain .. exactly zero
security. WTF, BoA and Vanguard?!
Click to expand...

From Risks Digest 33.64 (https://catless.ncl.ac.uk/Risks/)

I'm a fan of 2FA, but there is no perfect solution. I guess it's like having a security system on your house. Hopefully just enough to make them pick on somebody else.
 
You must log in or register to reply here.

Similar threads

B-Guy
Moving Fitbit data to your Google Account by 2025
Replies
15
Views
1K
steelyman
steelyman
cbo111
Equifax Data Breach Settlement (Credit Monitoring Instructions and Activation Code
Replies
14
Views
1K
djsander
D
Sunset
T-Mobile breached important data stolen
2 3
Replies
71
Views
5K
Sunset
Sunset
Midpack
Password Managers
4 5 6
Replies
145
Views
13K
WestUniversity
WestUniversity
MichaelB
Equifax data breach settlement
4 5 6
Replies
139
Views
14K
aja8888
aja8888

Latest posts

Back
Top Bottom