|
December 20, 2015, 05:57:45 PM |
|
I know everyone already knows this, but please do not reuse passwords across sites. If you do, please change them now. Also make sure you use strong, unguessable (and unique!) passwords on every site your visit.
I've noticed the last couple of days, a rash of login attempts (and unfortunately logins) across bustabit and moneypot, by what appears to be set of harvested bitcoin gambling username/password lists. All users have in common that they reuse their small and weak passwords. I'm emailing all the involved users, trying to get an idea of where they reuse their passwords to narrow down the source, which could be:
* A site that's vulnerable to brute-force login attempts (so they're attacked there, and re-used) * A site that's had its data leaked (containing plaintext or hashed passwords) * A malicious admin, who is using their users username/passwords on other sites
Also, 2FA has already saved one user 1 BTC, so that's something worth using too. But a secure, unique password on all sites (especially your email) is paramount.
|