Announcement PSA: Passwords, Security, and Hackers... OH MY!!!!!

Pics
Date sort Score sort
casportpony said:
Rob, is there a way to change one's BYC password if they don't have access to the email associated with their BYC account?
Click to expand...
If you know your current password, you can change your password without access to your email account.

BUT... if you're logged-out of BYC, forget your password, and do NOT have access to the email address associated with your account, then you're unfortunately out of luck since we'd have no way to verify you are who you say you are.

This has unfortunately happened to handfuls of members over the years that don't keep their email addresses updated and then get permanently locked-out.

To maintain security and respect for our members, we must be diligent with this kind of stuff.
 
Nifty-Chicken said:
Even on BYC we've seen cases where these hackers / spammers have used login-credentials that they stole (from sites outside of our family of websites) and were able to access accounts here and then started posting spam.
Click to expand...
Were the members who were 'hacked' notified that this happened?
I had to log on the other day, I don't usually have to do that.
 
aart said:
Were the members who were 'hacked' notified that this happened?
I had to log on the other day, I don't usually have to do that.
Click to expand...
Had you recently cleared your browser's history and cache?
 
Nifty-Chicken said:
PUBLIC SERVICE ANNOUNCEMENT:

Over the last month, hundreds of websites have seen user accounts accessed by people other than the person that owns the accounts.

... even people's Paypal accounts have been breached, as mentioned here:
https://cybersecuritynews.com/paypal-data-breach/

As stated in that article:

"Since many users use the same password and username/email repeatedly, submitting those sets of stolen credentials to dozens or hundreds of other websites can enable an attacker to compromise those accounts as well. This can happen when those credentials are exposed (by a data breach or phishing attack)."

Hacking Black Hat GIF

Even on BYC we've seen cases where these hackers / spammers have used login-credentials that they stole (from sites outside of our family of websites) and were able to access accounts here and then started posting spam. Our AMAZING community quickly reported and our PHENOMINAL moderators make quick-work of removing the spam and blocking the accounts / forcing a password reset.

The suggestions on the site mentioned earlier are perfect!

Protect Yourself
  • Maintain a close watch on your accounts and be on the lookout for any unusual activity.
  • If you currently have another account with the same username and password as your PayPal account, you should change them.
  • Enable “2-step verification” in your Account Settings to increase the security of your PayPal account.
  • If you are unsure of the URL or website’s destination, do not click on the link.
Personally, I use 2-factor authentication on EVERY site that I feel like I wouldn't want someone to access... including enabling it here on BYC.

While you may not want to bother with 2-factor authentication here, I STRONGLY suggest you at least do the following (here and everywhere):
  1. Do NOT use the same password on multiple sites
  2. Use passwords that are unique and complex
  3. Change your passwords from time to time
The hackers (and the software / robots they use) are getting better all the time. It's relatively easy to do a few simple things to make it almost impossible for them to get access to your accounts.

Please do your best to help yourself (and others) by following good password best-practices!
Click to expand...
Thank you for sharing this information.
 
azurbanclucker said:
  • What Nifty said. I would add that using a password manager like lastpass/keepass/etc... which can integrate with your browser for ease of use is a great way to manage all those pesky passwords so you don't necessarily have to memorize them all. ideally you should have a unique password for each site you use.
Click to expand...
I'm an info security fanatic. A password manager is pretty much required anymore. It allows you to keep an unlimited number of longer, more random passwords than you could ever memorize. I honestly don't even know the most of my own passwords because the PM is so easy to use and works so well.

There are many PMs, from free open source to commercial versions with various combinations of features. If you do decide to use one, it will simplify your life considerably. However, a couple of critical things to keep in mind:
  • Backups are critical- either by you or whatever vendor you work with. If you lose access to this data, you will have a very hard time accessing from dozens to hundreds of web sites/etc. If you are using an online PM, do they have some way to export your data in case you want to change PMs later and/or they go out of business?
  • Use your best protection techniques to access your PM. It is protecting all of your other credentials. Use a longer, complex password. If at all possible, turn on and use 2-factor authentication to get into the PM.
Once you become comfortable with your PM, you can keep other smaller types of info that you want to secure- bank account, credit card info, etc.
 

Similar threads

Nifty-Chicken
    • Like
    • Love
    • Wow
Moderator Account Accessed By 3rd Party
15 16 17
Replies
169
Views
19K
Marie2020
Marie2020
K
    • Like
advantage to a unique username
Replies
3
Views
1K
nuthatched
nuthatched
A
    • Love
    • Wow
how's this essay #2
2
Replies
18
Views
978
A_dele
A
A
    • Love
    • Like
how's this essay?
Replies
6
Views
778
A_dele
A
P
What is killing my hens? Two died, a third one seems about to.
Replies
1
Views
475
Eggcessive
Eggcessive

New posts New threads Active threads

Back
Top Bottom