I suspect that this is the worst data breech in the history of the internet to date.
You should consider changing passwords on all of the websites where you have accounts. CWC IT folks recommend that you change passwords on all banking and other financial sites, and any other site where you have sensitive data or data that might facilitate identity theft. We strongly encourage you to change passwords on all accounts with usernames/passwords that you use on multiple sites - and to stop doing that!!
We are querying our myCENTRAL vendor to see if we are vulnerable to "SQL injecting" - the technique used in this exploit.
More suggestions:
- do use strong passwords,
- do not reuse passwords,
- and change them when we hear news like we heard today.
- Even better is to use two-factor authentication (TFA) when it is offered. The most common TFA technique includes sending the user a text message to a mobile device during the login process. The text is typically a number that the user has to enter to complete login to an account. You can expect to see more sites offering, or even requiring, TFA.
(My thanks to Paul Cornia, CIO for NOLS - I blatantly stole much of the text above from his excellent posting advice to all NOLS employees.)
No comments:
Post a Comment