What is going on with all these breaches?

Chat about just about anything else
Post Reply
diener
Level 1
Level 1
Posts: 15
Joined: Wed Jan 14, 2015 8:53 pm

What is going on with all these breaches?

Post by diener » Fri Oct 19, 2018 11:04 am

I keep getting emails noting that linuxmint.com was hacked and information was leaked. Lifelock is going bonkers and haveibeenpwned seems to back this up as well.

What's going on?!

EDIT - I should note that it appears to only be a single breach, so my topic title is a bit misleading now that I have read more into it.
Last edited by diener on Fri Oct 19, 2018 11:16 am, edited 1 time in total.

User avatar
Pierre
Level 17
Level 17
Posts: 7678
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: What is going on with all these breaches?

Post by Pierre » Fri Oct 19, 2018 11:06 am

that was true - - but that issue was Fixed Up, in just a Few Hours,
and that issue was some time ago ... .

who / what is sending those eMails to you ?.

NB: as long as You Have Changed Your Password - - you should be fine.
8)
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

diener
Level 1
Level 1
Posts: 15
Joined: Wed Jan 14, 2015 8:53 pm

Re: What is going on with all these breaches?

Post by diener » Fri Oct 19, 2018 11:13 am

Pierre wrote:
Fri Oct 19, 2018 11:06 am
that was true - - but that issue was Fixed Up, in just a Few Hours,
and that issue was some time ago ... .

who / what is sending those eMails to you ?.
My identity theft protection alerted me. It said the following:
The site linuxmint.com has been reported to possibly have suffered a data exposure that could include usernames, passwords, emails and more information. The possible exposure would have happened in October 2016 although it was reported in October 2018

User avatar
karlchen
Level 19
Level 19
Posts: 9497
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: What is going on with all these breaches?

Post by karlchen » Fri Oct 19, 2018 11:17 am

Hm. As I understand "all these breaches" boils down to a belated alert, belated by only 2 years, about the Linux Mint forum breach 2 years ago?! :roll:
Of course, an e-mail address, which was harvested in October 2016, will still be found on https://haveibeenpwned.com/. Pwnd once, pwned for all times. Applies to my e-mail address as well.
Image
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.21a 64-bit
Ubuntu 18.04.1 32-bit Mate Desktop, Total Commander 9.21a 32-bit
Windows? - 1 window in every room

zakthemaster
Level 1
Level 1
Posts: 3
Joined: Sun Aug 05, 2012 4:05 am

PSA! linuxmint.com data breach alert from LifeLock

Post by zakthemaster » Fri Oct 19, 2018 11:13 pm

I recieve an alert from LifeLock that my username and password for here was exposed on the dark web.

Here is what life lock said:
The site linuxmint.com has been reported to possibly have suffered a data exposure that could include usernames, emails and more information. The possible exposure would have happened in October 2016 although it was reported in October 2018
So change your passwords if haven't in the last 2 years.
Admins please do what you need to in order to properly alert people.
Last edited by xenopeek on Sat Oct 20, 2018 2:07 pm, edited 1 time in total.
Reason: same subject; topics merged

stormryder
Level 3
Level 3
Posts: 145
Joined: Sun Nov 30, 2014 8:40 am

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by stormryder » Sat Oct 20, 2018 12:29 am

zakthemaster wrote:
Fri Oct 19, 2018 11:13 pm
I recieve an alert from LifeLock
Hopefully you aren't paying for such outdated information, I read about that on clem's blog the day after it was discovered.
This is one of the reasons I trust mint. I think clem addressed it in a very professional way.
https://blog.linuxmint.com/?p=2994

User avatar
catweazel
Level 17
Level 17
Posts: 7769
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by catweazel » Sat Oct 20, 2018 12:40 am

stormryder wrote:
Sat Oct 20, 2018 12:29 am
zakthemaster wrote:
Fri Oct 19, 2018 11:13 pm
I recieve an alert from LifeLock
Hopefully you aren't paying for such outdated information, I read about that on clem's blog the day after it was discovered.
This is one of the reasons I trust mint. I think clem addressed it in a very professional way.
https://blog.linuxmint.com/?p=2994
Except that's the wrong link.

https://blog.linuxmint.com/?p=3001
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

stormryder
Level 3
Level 3
Posts: 145
Joined: Sun Nov 30, 2014 8:40 am

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by stormryder » Sat Oct 20, 2018 12:56 am

catweazel wrote:
Sat Oct 20, 2018 12:40 am
Except that's the wrong link.
Thanks, I just googled it.

User avatar
smurphos
Level 8
Level 8
Posts: 2215
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by smurphos » Sat Oct 20, 2018 2:21 am

stormryder wrote:
Sat Oct 20, 2018 12:29 am
zakthemaster wrote:
Fri Oct 19, 2018 11:13 pm
I recieve an alert from LifeLock
Hopefully you aren't paying for such outdated information,
A tenner a month according to their website and it takes them 2 1/2 years to notice a reported breach and even then they get the dates wrong. What a LOB....

i'd be demanding a refund at this point.

Just subscribe to this free service - https://haveibeenpwned.com/

IIRC a forum password change was mandatory when the forums were brought back online after the breach.

User avatar
xenopeek
Level 24
Level 24
Posts: 23193
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by xenopeek » Sat Oct 20, 2018 3:51 am

We are only aware of a breach on our website in February 2016. The authoritative website https://haveibeenpwned.com/ does not show any other breaches either.

Perhaps the following can explain why you're getting an alert now. We've been contacted early October by a company like LifeLock, monitoring stolen data for sale on the darknet, who had also found what they thought was proof of a new breach. They responsibly reached out to us to validate the data. We were able to confirm that the data they had was an exact match for the data stolen during the February 2016 breach on our website and that it was not a new breach.

I suspect LifeLock has found the same data on the darknet but hasn't reached out to us to validate the data and, mistakenly, is reporting it as a new breach.

Following the breach in February 2016, security of all our websites was improved. You can read about what was done at the time here: https://blog.linuxmint.com/?p=3007. Everybody who had an account back in February 2016 has already changed their password since and has been informed at the time (see example of email sent here viewtopic.php?f=60&t=217506) that they should change their passwords on other websites if they weren't using unique passwords.
Image

Post Reply

Return to “Open chat”