I noticed a email in my main yahoo email account with the same subject of "Looking for Manager" - i'll go have a look at it again and see if this matches up.
Drew
Can confirm that i have too got a email with the same subject and my password for scan in to field - far as i know this is the only site that i still uses this password on - either way i have now reset my password and will be going through all my other passwords.
Last edited by Apex; 15-11-2012 at 03:00 PM.
mikerr (15-11-2012)
Lovely. I have the email to.
Why wasn't we told about this? Why wasn't passwords reset when you learnt of the breach?Our team specializes in forwarding packages and envelopes throughout the world.
Our network of accredited agents operating in more than twenty countries around the world.
LIMITED OPENNINGS!
Blah Blah...
Originally Posted by Saracen
So all 3 of you who've had the spam email have had the same password since 2007 ?
(or the displayed password is a 2007 era one ?)
-Just trying to ascertain if its from the "2007 leak" or newer..
That i can not be sure of - i think this is newer due to the fact i don't remember having a account with scan in 2007.
I have just checked my Gmail spam folder because my account certainly pre-dates 2007, and sure enough I also have the same Email with the SCAN password in the To: field! However it is not my current password because I changed it about a year ago, possibly even longer ago than that, after forgetting what it was. So there is obviously still data lurking around from the previous breach, but it is possibly not anything that has been obtained recently. So if you have never changed your password for SCAN i'd suggest you do it.
I think SCAN are going to have to look seriously at forcing people to change their passwords the next time they login or something.
Last edited by andrewuk; 15-11-2012 at 04:58 PM. Reason: Make clearer to read!
Main PC: SUGO SG01B-F | MSI X79MA-GD45 | Core i7-3930k | 16GB Kingston HyperX DDR3-2133 | 256GB Crucial M550 SSD (OS/Apps) | 5TB Seagate Enterprise HDD (Data/Games) | MSI GTX970 Twin Frozr | Windows 8.1 Pro 64-bit
Server: HP 8300usdt | Core i7-2500S | 16GB Geil DDR3-1333 | 256GB Crucial M550 mSata SSD/HGST 1TB HDD | VMWare ESXi 5.5
NAS: Synology DS1813+ | 8x5TB Seagate Enterprise HDD (30TB RAID 6)
HTPC: Shuttle SH67H3 | Core i5-2400S| 4GB Kingston HyperX DDR3-1600 | 64GB Crucial M4 SSD | XBMC with AEON NOX skin | Windows 8.1 Pro 64-bit
Or, you know, tell users there's been a breach. Sigh.
Crosshair VIII Hero (WIFI), 3900x, 32GB DDR4, Many SSDs, EVGA FTW3 3090, Ethoo 719
Apex,
I have just checked your details and can see you have had your account a lot longer than 2007
Last edited by Chris P; 15-11-2012 at 05:06 PM.
For my scan accounts, yes - same passwords since the accounts were created in 2004 and 2005. The only reason I might think the breach could be newer than that is that I hadn't been receiving spam emails to the scan-specific addresses until a couple of weeks ago (stolen data in 2007 but email not used until just now... ?). The company director that phoned me in person seemed very open and detailed about the nature of the breach, so I have little reason not to believe them. I would like them to update everyone asap however.
Those that have the e-mail, is the subject the same in all of them? As in "Looking for manager"?
I am reasonably sure I have changed my password more than once since using SCAN but just want to check my e-mails to be sure.
It didn't fall off, it merely became insufficient at it's purpose and got a bit droopy...
It's an 'old' password and not my current one. I couldn't put a timeframe on it though sadly.
Then again, I only changed my Scan password a few months back when I started using LastPass (seriously good by the way - just have an insane master password), because I had no reason to suspect it had been compromised.
If this really was a leak back in 2007 then there is not a single reason why customers shouldn't have been informed. Emails and plain text passwords?....
Intresting then because i can not remember having a scan account that far back :s - i might have but i don't remember ¬_¬
Either way i've reset my password and i will be going through all my other accounts and resetting them :s
<edit>
2004 is when i opened my account - eek
Last edited by Apex; 16-11-2012 at 01:30 AM.
Insane master passwords are good, but additional authentication is better.
Personally, I have 2 of those Yubi keys, one contains just the secondary authentication for LastPass and the other has the master password also.
These days I wouldnt be without either the key or LastPass.
Yep, forgot to mention that - I have the Google Authenticator also tied to it. Even if the password got found out, you'd also need my phone
I received the same email this morning
Subject: Looking for Manager
To: <password> <email>
I don't have an automatic black hole for spam so I see all of it and just delete it, but this one caught my eye because it had my password in plain text. I wonder how many still don't know.
A security breach is one thing, it happens to the biggest companies, but not to tell the individuals involved for over 5 years? I've never changed my scan password (until 10 minutes ago) so my password has been available to the bad guys for that entire period, and probably beyond as I doubt Scan will inform their users at this late stage, since presumably they were trying to save face in the first place, it will look even worse now.
This really is disgraceful and completely unacceptable.
Yes the fact that you only change your password once every 5 years is definatly disgraceful and completely unacceptable.
Butuz
There wouldnt be any need to change it if companies weren't so lax and the fact that they didnt tell us is even more unacceptable
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
SCAN.care@HEXUS
LinkBack URL
About LinkBacks
Reply With Quote