Data Breach Notification: LiveJournal

In 2019, there was news of a possible breach of LiveJournal data. In May of 2020, the breach was confirmed by the release of the data on a hacking forum. There were 26 million records exposed from the site, which included email addresses, passwords, and usernames for the service.

There were 52 berry.edu or vikings.berry.edu email addresses included in the breach.

To find out if your information is included, you can go to Have I Been Pwned and enter your email address in the search form. While you are there, you can also sign up for breach notifications involving your Berry or other email addresses by clicking on “Notify Me” at the top of any page on the site.

If your information was included, be sure to change your password for the LiveJournal website. Also, check your posts and settings to make sure they have not been altered.

Be sure to NEVER reuse your Berry email password for any other website or service! Stay vigilant against phishing emails by learning what to look for. Check out the Phishing Quick Info page here on this site at a minimum.

As always, if you have questions about any of this, you can contact Information Security using the information on the right-hand side of any page on this site.

If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted.

Data Breach Notification: Covve

In February of 2020, it was revealed that Covve, who bills their address book app as the “smartest, simplest, contacts app”, experienced a data breach. Covve left a database exposed to the Internet without a password. There were nearly 23 million records exposed by the site, which included email addresses, job titles, names, phone numbers, physical addresses and social media profiles. Your data might have been included in the breach even if you did not use the service, as the data was provided by users of the service who chose to sync their phone and email contact lists with the site.

There were 57 berry.edu or vikings.berry.edu email addresses included in the breach.

To find out if your information was included, you can go to Have I Been Pwned and enter your email address in the search form. You can also sign up to be notified when your information appears in a breach by clicking on “Notify Me” at the top of any page on the Have I Been Pwned site.

If your information was included, there is not much that can be done to remove it from circulation. There were no passwords exposed by the breach, but there was plenty of personal information, as mentioned above. Hackers may attempt to impersonate your contacts or you using the information. As always, be very cautious when dealing with unexpected texts or emails, especially when they contain links or attachments.

Be sure to NEVER reuse your Berry email password for any other website or service! Stay vigilant against phishing emails by learning what to look for. Check out the Phishing Quick Info page here on this site at a minimum.

As always, if you have questions about any of this, you can contact Information Security using the information on the right-hand side of any site page.

If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me.

Data Breach Notification: Adult Friend Finder Website

In October of 2016, the website Adult Friend Finder experienced a data breach. This was a part of the larger Friend Finder Networks breach. There were nearly 170 million records exposed from the site, which included email addresses, passwords, spoken languages, and usernames for the service. 

There were 22 berry.edu or vikings.berry.edu email addresses included in the breach.

To find out if your information is included, you can go to Have I Been Pwned and enter your email address in the search form. You can also sign up for breach notifications from Have I Been Pwned by clicking on “Notify Me” at the top of any page on the site.

If your information was included, be sure to change your password for this website.  Also, there is a chance that hackers may attempt to blackmail you with this information.

Be sure to NEVER reuse your Berry email password for any other website or service! Stay vigilant against phishing emails by learning what to look for. Check out the Phishing Quick Info page here on this site at a minimum.

As always, if you have questions about any of this, you can contact Information Security using the information on the right-hand side of any site page.

Data Breach Notification: Data Enrichment Exposure

In October, a large database was left unsecured and exposed to the Internet. This database contained “enriched” data profiles, which means that someone had taken some basic information about a person, like an email address or social media profile, and then searched and cross-referenced publicly available data to gather as much information as possible about that person. Companies do this for millions of people and then sell these “enriched” profiles to ad companies to help them target potential customers. It’s one of the reasons you get SO MUCH SPAM.

There were over 600 million accounts in the exposed database. There were 2,789 berry.edu or vikings.berry.edu email address in those records. There were NO passwords included in this breach.

To find out if your information is included, you can go to Have I Been Pwned and enter your email address in the search form. You can also sign up for breach notifications from Have I Been Pwned by clicking on “Notify Me” at the top of any page on the site.

The information included email addresses, employers, geographic locations, job titles, names, phone numbers, and social media profiles. While none of the individual pieces of this information alone are considered damaging or sensitive, the accumulation of this data in a single profile not only helps advertisers, but it also helps scammers more accurately target people by sending focused phishing emails that seem more credible.

Stay vigilant against phishing emails by learning what to look for. Check out the Phishing Quick Info page here on this site at a minimum.

As always, if you have questions about any of this, you can contact Information Security using the information on the right-hand side of any site page.

 

Data Breach Notification: Wanelo

 

Sometime in December 2018, the digital mall Wanelo suffered a data breach that included 23 million unique email addresses along with passwords. Some passwords were stored with weak encryption, others with better encryption. Either way, they are exposed and should be changed. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. There were 142 Berry email addresses included in this breach. You can read more about it by clicking on the link in the first sentence of this notice. To find out if you are included, you can go to Have I Been Pwned and enter your email address in the search form. You can also sign up for breach notifications from Have I Been Pwned by clicking on “Notify Me” at the top of any page on the site.

If you are affected by this breach, take the following steps to control and secure your online data:

  1. Go to the site and check that your information is correct
  2. While you are there, CHANGE YOUR PASSWORD!
  3. If you reused that password anywhere else, go to those sites and change the password.
  4. Don’t use that password again!
  5. If the site offers multi-factor authentication (sometimes called two-step authentication), enable it, configure it, and feel a little safer.

Data Breach Notification: Poshmark

In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. Clicking on the link in the previous sentence will take you to an article with more details. The compromised data included email addresses, names, usernames, genders, locations and passwords. There were 198 Berry accounts included in this breach. To find out if you are included, you can go to Have I Been Pwned and enter your email address in the search form there. You can also sign up for breach notifications from Have I Been Pwned by clicking on “Notify Me” at the top of any page on the site.

If you are affected by this breach, take the following steps to control and secure your online data:

  1. Go to the site and check that your information is correct
  2. While you are there, CHANGE YOUR PASSWORD!
  3. If you reused that password anywhere else, go to those sites and change the password.
  4. Don’t use that password again!
  5. If the site offers multi-factor authentication (sometimes called two-step authentication), enable it, configure it, and feel a little safer.