Change of Dropbox / eBay / Facebook etc. password due to Mt Gox hack (IMPORTANT)

[elements]

Hi,

as most of you know Mt Gox was compromised yesterday. About 61.000 accounts have their username and email addresses published publicly in the process.

Now, this might be very important for many users:

I have different passwords on all the mentioned sites BUT I use the iPhone and the mac sync features.
Also, I used Notes, Mail, Calendar sync googlemail <-> mac <-> iPhone

So, I wondered even though I have different passwords: if they got to my GMail account, they possibly could get my notes (containing some passwords), mail, google contacts, spreadsheets, etc.

So maybe it is a good idea to change everything which might have been stored with google, dropbox, etc.
Not only your gmail password but also any passwords which were ever stored with google or were mentioned in one of the mails or on one of your google documents and so on.

More tech savvy guys should eleborate on this (since I do not really belong to this group - and I know I shouldn't have important passwords on iPhone notes)!

BUT I think a lot of users have and that's the reason for this post
(The breach might have much more consequences than thought of at first).

Yesterday someone bought 5 highly priced eBay auctions of mine (which were marked as domestic wire transfer only) and then sent me a mail asking if PayPal payment wasn't possible otherwise he wants to draw back from the purchase (which of course I did not agree upon).

Researching his email address I found out, that the email address was part of the published Mt Gox Accounts file (as was mine).

So,

@ users think really hard about what accounts might all be compromised.

@ smart tech guys: please help to bring some light upon this shady subject in this dark hour
 

[paulie_w]

my suggestions:

- don't use the same passwords in different places (get 1Password or KeePass).
- don't use webmail (download the mail locally, make sure your harddrive or at least your home folder is encrypted with a good pw/key)
- don't use dropbox (unless you drop everything into a truecrypt image)

[killer2021]

^agree on all the above.

Basically, right now is a great time to go and analyze your security risk. Go to all your important accounts (banking etc.) and change the password. Then activate all the advanced security features for the account like email alerts or mobile sms verification etc. Get in the habit of checking your bank statements often as an unauthorized transaction has to be reported immediately.

Go to your email and delete any important documents (ie. has personal information etc.). Sometimes they get archived.

You also have to change your habits since you can never be 100% protected from some sort of breach. You need to change your habits such that if your account is ever compromised then you don't lose everything. What I mean by this is:

1. Don't keep any money in paypal or any online money transfer service. Transfer any money to your bank account.
2. If you are debt free and don't have any credit cards and won't be using any credit then place a credit freeze on your credit history. This makes it so no one can get credit in your name unless your credit is unfrozen (difficult process).
3. Don't keep lots of money in the bank. I'd say anything over 1 month expenses is too much unless you are saving up to buy a car or house or big purchase. Any excess money should be invested.
4. Try and keep a low profile on the internet in regards to personal information.
5. Make sure your social networking profiles (ie. facebook) are private. Also browse through your friend list and delete anyone which you don't personally know. That means deleting the random people who added you.

Most people don't take security very seriously because the internet seems like a peaceful place. You have all your friends on facebook. There are tons of free games to play. You can shop on amazon/ebay. You can watch funny cat videos on youtube. With all of this people tend to let their guard down.

[borgfish]

Hello,

since its so important to have a long password, why wont they force you to some minimum lenght ?

What do you think of salting owns passwort ( i got like 5 password level. mtgox and the other bitcoin stuff is like 2nd from below, i dont own shares here)
so it would look like "MYAVERAGEmtgox.comPASSWORD" ?

[BitcoinPorn]

http://forum.bitcoin.org/index.php?topic=19913.msg248514 is a great post that should be checked out to assist in beefing up security.

In fact, all other posts relating to the topic should be locked and that thread should be a sticky maybe (with a clearer title)