T&i :- Was Your Password Stolen

Data Security
Data Security

Woke up this morning and got a morning routine going. And, for added variety I keep mine different all the time. Another day to go check passwords and account settings after this email was received.

Sometimes coffee is first etc. 🙂

Still, I saw this email this morning from 500PX and it concerns me. It should concern you too! I suppose only if you’ve received an email like this from them or others of course.

Not Calling Out Compay

This isn’t a calling out of 500PX, however, issues with web site compromises and passwords are in the news so often I think we need to guard these passwords like you do your bank accounts. And, so too the companies we allow to be stewards of our information. (500PX PRIVACY NOTICE)

Multiple Accounts Created

If you’re like me you’ve created accounts at web sites both for web access and email, of which there is always a possibility that when a companies records are stolen your passwords and records would be included too.

You might have one of the following accounts. ( Lots more than these)

  • Google
  • Outlook
  • Facebook
  • Instagram
  • Pinterest
  • Yahoo

Log Directly Into Web Site

Go to the web site in question and log on directly to ensure accounts and your passwords work and that you change them. I used to advocate changing passwords any where between 60 and 90 days would be good.

Make Strong Passwords

But, for now make them as strong as you can and change less often like every 6 months. Why because if you have to change them often you’ll do yourself a disservice and make them too simple.

There needs to be a better way without adding in a universal ID.

Changing password drills, but just in case you need a refresher and this is only a small list.

Password Do’s and Don’ts

  • No family names
  • No Birth dates
  • No home towns
  • Use you own device to log in
  • No phone numbers
  • No sharing passwords with kids! :=) or anyone
  • No common words
  • Logon to several sites with same password

What other ways do you think you can protect your password?

DON’T CLICK ON ANY LINKS IN EMAIL

But, then again, any email you get from a place you’ve subscribed too should be investigated. But, don’t click on any links found and go directly to the web site in question. In this case it was https://www.500px.com.

500PX Warning
500PX Warning
Manage Settings

Go directly to site to log in

Exposed Information

Personal Information
Personal Information

What happened EMAIL FROM 500PX

On February 8, 2019, our engineering team became aware of a potential security issue affecting certain user profile data. We immediately launched a comprehensive review of our systems to understand the nature and scope of the issue. We engaged a third-party expert to assist us in our investigation and are coordinating with law enforcement authorities on this matter.

Based on our investigation to date, we believe that an unauthorized party gained access to our systems and acquired partial user data on approximately July 5, 2018.

We’ve concluded this issue affected certain information that users provided when filling out their user profiles, as listed below. Our engineers are closely monitoring our platform and we’ve found no evidence to date of any recurrence of this issue.

What personal data may have been affected?

  • Your first and last name as entered on 500px
  • Your 500px username
  • The email address associated with your 500px login
  • A hash of your password, which is hashed using a strong, one-way cryptographic algorithm—such hashes are almost impossible to reverse-engineer to access your original password
  • Your city, state/province, country, if provided
  • Your birth date, if provided
  • Your gender, if provided

At this time, there is no indication of unauthorized access to your account,and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information.

Personal Data Is Involved

Given the nature of the personal data involved, we are alerting you to this matter so you can take steps to help protect yourself against the risk of phishing, spam, and other misuse of your information as a result of this issue.

MONITOR EMAIL FOR NEW SPAM

If you’re email account was compromised not much to do there if you’ve used the same email account on multiple sites make sure you monitor for email that appears as spam.

What actions to protect your information?

  • We have vetted access to our servers, databases, and other sensitive data-storage services.
  • We have and are continuing to monitor our source code, both public-facing and internal, to protect against security issues.
  • We are partnering with leading experts in cyber security to further secure our website, mobile apps, internal systems, and security processes.
  • We are modifying our internal software development process.
  • We are continuing to upgrade our network infrastructure.

What can you do?

While our password security measures are robust and we have precautionary measures in place, we are taking additional steps to ensure your personal data remains secure. As a result, we are resetting all 500px account passwords. Please click the button below to reset your password now.

Use Password Managers

If you have a lot of passwords and don’t want to remember them all, use a password manager. Keep the main password FOR your password manger in a safe place.  There are online and desktop version for password managers.

Password Manager Lists
Password Manager Lists

Cloud and Web Password Managers

  • LastPass :- https://www.lastpass.com/
  • DashLane :- https://www.dashlane.com/
  • iPassword :- https://1password.com/

Desktop Password Managers

  • RoboForm :- https://www.roboform.com/
  • PasswordSafe :- https://pwsafe.org/
  • KeyPass :- https://keepass.info/

What happened?

On February 8, 2019, our engineering team became aware of a potential security issue affecting certain user profile data. We immediately launched a comprehensive review of our systems to understand the nature and scope of the issue. We engaged a third-party expert to assist us in our investigation and are coordinating with law enforcement authorities on this matter.

Its Not Always 3rd Parties Fault

Based on our investigation to date, we believe that an unauthorized party gained access to our systems and acquired partial user data on approximately July 5, 2018.

We’ve concluded this issue affected certain information that users provided when filling out their user profiles, as listed below. Our engineers are closely monitoring our platform and we’ve found no evidence to date of any recurrence of this issue.

What personal data may have been affected?

  • Your first and last name as entered on 500px
  • Your 500px username
  • The email address associated with your 500px login
  • A hash of your password, which is hashed using a strong, one-way cryptographic algorithm—such hashes are almost impossible to reverse-engineer to access your original password
  • Your city, state/province, country, if provided
  • Your birth date, if provided
  • Your gender, if provided

Presumption That Account Not Accessed

At this time, there is no indication of unauthorized access to your account,and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information.

Double Check All Accounts

Given the nature of the personal data involved, we are alerting you to this matter so you can take steps to help protect yourself against the risk of phishing, spam, and other misuse of your information as a result of this issue.

Action Steps For Everyone

What actions have we taken to protect your information?

  • We have vetted access to our servers, databases, and other sensitive data-storage services.
  • We have and are continuing to monitor our source code, both public-facing and internal, to protect against security issues.
  • We are partnering with leading experts in cyber security to further secure our website, mobile apps, internal systems, and security processes.
  • We are modifying our internal software development process.
  • We are continuing to upgrade our network infrastructure.

Do Everything Possible

What can you do?

While our password security measures are robust and we have precautionary measures in place, we are taking additional steps to ensure your personal data remains secure. As a result, we are resetting all 500px account passwords. Please click the button below to reset your password now.

Require Block Chain

Require Blockchain

Forbes Blockchain Usage Ideas

https://www.forbes.com/sites/tomvanderark/2018/08/20/26-ways-blockchain-will-transform-ok-may-improve-education/#5aad2d914ac9

Highlighted Points From Article

  • Transcripts
  • Badges
  • Student Records
  • Infrastructure security
  • Ride-Sharing
  • Cloud Storage
  • Energy Management
  • Prepaid Cards
  • Smart Contracts
  • Learning Marketplace
  • Records Management
  • Retail
  • Charity
  • Human Resources
  • Governance
  • Libraries
  • Publishing
  • Public Assistance
  • Bonds

A Good Starting List

I agree with a few of the entries listed here. However, must avoid at all costs such as any form of universal identification.

Blockchain is typically associated with ‘BITCOIN” but, there are many other uses for blockchain and the technology for it’s use beyond BITCOIN is still in it’s infancy.

No Universal ID’s Required

I’m not an advocate for any type of universal ID. In the digital world, block chain could ensure that your transactions are valid form source to destination. That’s a transaction from start to finish. Once complete if no record is required, can either be deleted or stored for history.

I thought this link had a good explanation for beginners as it relates to blockchain. https://blockgeeks.com/guides/what-is-blockchain-technology/

It’s Up Too Us To Protect Our Assets

I know it’s not supposed to be like this but when we use web sites or email that has free access for general use with some sites offering premium access for a fee, our information should be the most valuable asset those companies have.

Not stock holders or those that benefit from sale of varying demographics (sanitized data 😉 ) and at times I don’t think that it’s this way.

No Compensation Laws Exist

Currently there is no compensation laws that I’m aware of for those who’ve had accounts compromised as stored on a companies servers. Consumers should not have to worry about weather a company can protect your assets. And, our personal data is our asset.

Data Access And Encrypted

Web and data access needs to be fast and I believe that some companies don’t store our personal information encrypted. Shame on them. Storing all data encrypted could slow down a site. Mobility seems to come with a price. OUR ASSETS OUR PRICE.

High speed Access Changes That

With high speed access including 5G when it rolls out leaving our personal data encrypted should be liable for criminal tort law.

Sure, passwords many have been setup with a hash of your password, but, user names and email address should also be stored encrypted in their databases.

Please Encrypt All Our Data

My name “Joseph” Should be stored encrypted perhaps like this: ZtGifz9E5c4EFk2DVaW0. I think that would be hard to correlate with other information. All fields should be stored this way.

Keep Identifiable Information Secure

having unidentifiable information in the database including password is and should be to our advantage. Companies need to be transparent on fields that are encrypted and those that are not. Better yet complete encryption of our personal data needs to be done.

Yet, those companies will most likely say they won’t do it. I mean encrypt all your data that is.

I’m researching and investigating how our data compromises will effect us now and in the future.

If your want to give me the keys to your house, I’ll make sure that everything is safe. 😉

I’d appreciate any comments and Ideas you might have on our privacy including encryption, block chain and password managers. If I’ve left anything off or article is a missing anything please let me know

Thoughts & Ideas, Joseph Kravis 🙂



Categories: #kravis, Technology, Thoughts and Ideas

Tags: , , ,

1 reply

Trackbacks

  1. CYBER ATTACKS :- We’re too late! | Perspective - Joseph Kravis

Leave a Reply

%d bloggers like this: