Award-winning web development since 1995
Written: February 8, 2019
Online life is complex, so we may take a shortcut and use the same username and password for all of our online accounts, however if there is a data breach and the hackers find out that unique combination, then they may take over some or many of your online accounts. I have an account with Nest and they sent out a very information email alert this week that I wanted to share with you about this security issue:
Hello,
In recent weeks, we’ve heard from people experiencing issues with their Nest devices. We’re reaching out to assure you that Nest security has not been breached or compromised. We also want to remind you of a few easy things you can do to get the most out of Nest’s security features.
For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently.
We take protecting our users’ security very seriously. For added password security, the team looks across the internet to identify breaches and when compromised accounts are found, we alert you and temporarily disable access. We also prevent the use of passwords that appear on known compromised lists. While we can’t stop password breaches across the internet, we’re committed to limiting the impact of compromised credentials on Nest Accounts.
While we continue to introduce additional security and safety features, we need your help in keeping your Nest Account secure. There are several ways for you to protect your home and family. Here’s what you can do:
| • | Enable 2-step verification: The most important thing you can do is enable 2-step verification. Security experts agree that 2-step verification offers an additional layer of security. You’ll receive a special code every time you sign in to your account. It’s easy to do – find the steps here. |
| • | Choose strong passwords: Create a strong password and only use it for your Nest Account. |
| • | Set up Family Accounts: Don’t let other people use your email and password to sign in to the Nest app. Invite them to share access to your home with Family Accounts. |
| • | Be alert: Be on the lookout for phishing emails designed to trick you into sharing your email address and password. |
| • | Protect your home network: Keep your home network router software up to date and only share those credentials with people you trust. Set up and use a guest network if your Wi-Fi router supports it. |
It’s a great responsibility to be welcomed into your home, and we’re committed to keeping you and your Nest devices safe.
If you have questions or need additional help, please reach out to Nest Support.
— rishi
VP/GM of Nest
Literally every week we read online about yet another data breach at a company that we trusted to protect our login credentials, name, address, phone number, and possibly our very sensitive credit card information. Today I received one of these “I’m sorry” email messages from a company called Quora, and they provide a place to raise and answer questions on any topic. I think that Quora did a decent job of alerting me, so I’m including their full email below:
Dear Daniel Payne,
We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.
What Happened
On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.
While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company.What information was involved
The following information of yours may have been compromised:
- Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
- Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
- Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
What we are doing
While our investigation continues, we’re taking additional steps to improve our security:We’re in the process of notifying users whose data has been compromised.
Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.
We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.
We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed.
What you can do
We’ve included more detailed information about more specific questions you may have in our help center, which you can find here.
While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.Conclusion
It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.The Quora Team
So, I was able to reset my password pretty quickly:
Then I could choose my new password:
I don’t like having my private data breached, but it looks like Quora spotted the trouble, communicated what I should do, and let me quickly change my password to regain a secure identity. Well done Quora.
Tags: data breach, Quora
©2019 Tualatin Web LLC. All rights reserved. |
Payment |
Web Hosting |
