Oh no!

 

Just got a message with sexual offer. Changed my PW. Hope, that helps. Thanks Olymoon !

 

Please, for the love of all things good: Choose a password that is difficult to guess and complex enough to not be vulnerable to brute forcing.

Bad
Never substitue letters for numers or characters. Example: Password -> Pa$$w0rd = Very easy to brute force

Good
A phrase made up of 3 or 4 random words is good: Lucky dinosaur skateboard shoes = Difficult to guess and not worth brute forcing

If all else fails, use a password manager (1Password or Keepass) to create a complex password

 

Last edited: Jan 15, 2023

Is this just on Audiosex or sister as well?

 

@Olymoon Are you able to implement MFA?

 

Thanks for the head's up! Just changed to a sturdier password. If you suddenly see posts from me screaming 'peace and happiness' and how I 'love everyone', you'll know I got hacked.

 

Well, password changed.
In the style of the above fellow, if I suddenly behave like a decent person that means I got jacked

 

Account takeover can be made harder by removing the ability to log in with username. The username is the already known, that’s one part of the puzzle.

logging in with email and password forces an attacker to have both parts of authentication.

 

Someone's account also posted the exact same style/link spam yesterday on another one of the audio websites forum. It isn't just random activity.

 

For the love of goddess, use a goddamn password manager. I say this as a sometime computer security guy. You have to remember just one password, and it's synced between all of your devices. I don't even know my AS password, there's no need to.

Unique, impossible to guess and/or dictionary attack passwords per site, that's where you want to be at. I use Bitwarden, but there are others, free and paid for. Give it a go, but you don't want to go back really.

 

And, DO NOT USE LastPass. The hack of LastPass last year and subsequent research into what was stolen and reveled showed how inadequate and incompetent their security practices were, and still are. There's lots of info out now documenting this, but for example, stolen and non-encrypted is the list of every website you have stored passwords for. And it gets much worse. The Security Now podcast #905 has details if you're interested.

My choice is also Bitwarden, a highly respected, Open Source, and free password manager. It's easy to import your passwords and data into Bitwarden from LastPass and others if you're using something else.

 

Following on from @synths4grins comment on the LastPass data breach:

If anyone wants to keep up to date on what is happening out there in the wild, the following links will make sure you have some forewarning.

Code:

https://blog.knowbe4.com/
https://www.hackread.com/
https://thehackernews.com
https://www.bleepingcomputer.com/

 

Last edited by a moderator: Jan 15, 2023

A fact for security researchers is that with increasing complexity and increasing security requirements, e.g. number of digits, frequency of change, the security even decreases. I have observed with my colleagues that they write their passwords on small pieces of paper again or set their date of birth five times separated by $ as password since my company requires 22+ -digit passwords.

So better don't overcomplicate your PW or you won't remember it after the next vacations

p.s.: Thank you for the advice @Olymoon PW changed
Not the same PW for AS and AZ helps not to lose both if one is hacked

 

Last edited by a moderator: Jan 15, 2023

Maybe it is time for you and your colleagues to use a password manager. If it is corporate, I would suggest 1Password as it supports all common browsers, operating systems and phones

 

all you can do is to web sing,
and this web song is called:

Spoiler: spamella porn revenge on audiosex

theme:
hack me one
hack me too
new passwords are sended thrue

chorus 1
i loosed my copyright
but the bites also like to farts.

chorus 2
give me give me your cookies
to exploit your security.

chorus 3
take my musical interlude
a troll life of gratitude.

 

Privately I do use a PW manager.
But on the corporate network something like this is not permitted/planned.

On the other hand: Did you hear about the last-pass hack in the last weeks?
https://www.theverge.com/2022/12/22...breach-cloud-encrypted-password-vault-hackers
That's what I call a security nightmare for their users

In the end there is nothing like absolute security.

Most security problems result from behavioral problems of how the people using the internet. They just don't take it serious what they do there.

 

Last edited: Jan 15, 2023

That is a really bad business decision, do you have a CSO or CISO in your organisation? They should be held accountable, if you don't have one then I would have strong words with whoever is ultiamtely responsible for information security.

I spend most of my life educating people on InfoSec and AppSec, it get worse when people think they know what security is. I can't remember a time when a pen test has yeilded 0 vulnerabilities.

 

You promised you wouldn't tell anyone!