So I did a security audit on myself.
I have 108 passwords word with an average password length of 21 chrs.
I have 5 duplicate passwords, if you really want to hack my pandora play list go ahead!
I currently have 9 google auth or ubikey enabled accounts.
I have 2 weak passwords.
I've had accounts where I have to change my password every 7 days and couldn't reuse a password in the last 6 months.
I have a feeling since he reused a password with multiple banks it was stolen from a bank. I just saw like 2 weeks ago that 60-70 banks got breached.
maybe a password hash list was stolen from a bank.
I know my linkedin password was stolen because I checked via there hash database that was released.
i wonder if the same password on the linkedin account and mtgox.
Maybe i'm paranoid or I should start doing more computer security consulting lol.
and please don't take my comments about BTCSYN as negative, I think they are one of the best run assets and I tried to copy them whenever possible and I personally was a shareholder.
I know I said I wouldn't be back (and I was referring to this thread by the way, because it had turned into a witch-hunt), but this post was very well written. Thank you. (and the above audit is very similar to my situation prior to the overhaul which this incident prompted for me).
And to answer, no I didn't even have a linkedin account, (I believe there was one created for me ages ago by my employer, but I didn't even control the account, let alone set it's password).
As for the bank compromise, yes, it's a possibility. But I have yet to see verification of any of the banks I deal with being "on the list". I know most of the attackes seem to be euro-centric. But one report does say it spilled into north america as well, but didn't elaborate on what banks.
It seemed the attack was focused on stealing money specifically from high balance accounts at those banks, but I suspect stealing other valuable assets was done as well (such as passwords).
