What is going on with all these breaches?

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Locked
diener
Level 1
Level 1
Posts: 15
Joined: Wed Jan 14, 2015 8:53 pm

What is going on with all these breaches?

Post by diener »

I keep getting emails noting that linuxmint.com was hacked and information was leaked. Lifelock is going bonkers and haveibeenpwned seems to back this up as well.

What's going on?!

EDIT - I should note that it appears to only be a single breach, so my topic title is a bit misleading now that I have read more into it.
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 2 times in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
User avatar
Pierre
Level 21
Level 21
Posts: 13192
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: What is going on with all these breaches?

Post by Pierre »

that was true - - but that issue was Fixed Up, in just a Few Hours,
and that issue was some time ago ... .

who / what is sending those eMails to you ?.

NB: as long as You Have Changed Your Password - - you should be fine.
8)
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
diener
Level 1
Level 1
Posts: 15
Joined: Wed Jan 14, 2015 8:53 pm

Re: What is going on with all these breaches?

Post by diener »

Pierre wrote: Fri Oct 19, 2018 11:06 am that was true - - but that issue was Fixed Up, in just a Few Hours,
and that issue was some time ago ... .

who / what is sending those eMails to you ?.
My identity theft protection alerted me. It said the following:
The site linuxmint.com has been reported to possibly have suffered a data exposure that could include usernames, passwords, emails and more information. The possible exposure would have happened in October 2016 although it was reported in October 2018
User avatar
karlchen
Level 23
Level 23
Posts: 18173
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: What is going on with all these breaches?

Post by karlchen »

Hm. As I understand "all these breaches" boils down to a belated alert, belated by only 2 years, about the Linux Mint forum breach 2 years ago?! :roll:
Of course, an e-mail address, which was harvested in October 2016, will still be found on https://haveibeenpwned.com/. Pwnd once, pwned for all times. Applies to my e-mail address as well.
Image
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 762 days now.
Lifeline
zakthemaster

PSA! linuxmint.com data breach alert from LifeLock

Post by zakthemaster »

I recieve an alert from LifeLock that my username and password for here was exposed on the dark web.

Here is what life lock said:
The site linuxmint.com has been reported to possibly have suffered a data exposure that could include usernames, emails and more information. The possible exposure would have happened in October 2016 although it was reported in October 2018
So change your passwords if haven't in the last 2 years.
Admins please do what you need to in order to properly alert people.
Last edited by xenopeek on Sat Oct 20, 2018 2:07 pm, edited 1 time in total.
Reason: same subject; topics merged
stormryder

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by stormryder »

zakthemaster wrote: Fri Oct 19, 2018 11:13 pm I recieve an alert from LifeLock
Hopefully you aren't paying for such outdated information, I read about that on clem's blog the day after it was discovered.
This is one of the reasons I trust mint. I think clem addressed it in a very professional way.
https://blog.linuxmint.com/?p=2994
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by catweazel »

stormryder wrote: Sat Oct 20, 2018 12:29 am
zakthemaster wrote: Fri Oct 19, 2018 11:13 pm I recieve an alert from LifeLock
Hopefully you aren't paying for such outdated information, I read about that on clem's blog the day after it was discovered.
This is one of the reasons I trust mint. I think clem addressed it in a very professional way.
https://blog.linuxmint.com/?p=2994
Except that's the wrong link.

https://blog.linuxmint.com/?p=3001
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
stormryder

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by stormryder »

catweazel wrote: Sat Oct 20, 2018 12:40 am Except that's the wrong link.
Thanks, I just googled it.
User avatar
smurphos
Level 18
Level 18
Posts: 8501
Joined: Fri Sep 05, 2014 12:18 am
Location: Irish Brit in Portugal
Contact:

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by smurphos »

stormryder wrote: Sat Oct 20, 2018 12:29 am
zakthemaster wrote: Fri Oct 19, 2018 11:13 pm I recieve an alert from LifeLock
Hopefully you aren't paying for such outdated information,
A tenner a month according to their website and it takes them 2 1/2 years to notice a reported breach and even then they get the dates wrong. What a LOB....

i'd be demanding a refund at this point.

Just subscribe to this free service - https://haveibeenpwned.com/

IIRC a forum password change was mandatory when the forums were brought back online after the breach.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
User avatar
xenopeek
Level 25
Level 25
Posts: 29504
Joined: Wed Jul 06, 2011 3:58 am

Re: PSA! linuxmint.com data breach alert from LifeLock

Post by xenopeek »

We are only aware of a breach on our website in February 2016. The authoritative website https://haveibeenpwned.com/ does not show any other breaches either.

Perhaps the following can explain why you're getting an alert now. We've been contacted early October by a company like LifeLock, monitoring stolen data for sale on the darknet, who had also found what they thought was proof of a new breach. They responsibly reached out to us to validate the data. We were able to confirm that the data they had was an exact match for the data stolen during the February 2016 breach on our website and that it was not a new breach.

I suspect LifeLock has found the same data on the darknet but hasn't reached out to us to validate the data and, mistakenly, is reporting it as a new breach.

Following the breach in February 2016, security of all our websites was improved. You can read about what was done at the time here: https://blog.linuxmint.com/?p=3007. Everybody who had an account back in February 2016 has already changed their password since and has been informed at the time (see example of email sent here viewtopic.php?f=60&t=217506) that they should change their passwords on other websites if they weren't using unique passwords.
Image
Locked

Return to “Open Chat”