This is a strange topic for a neighborhood / suburban lifestyle blog post, but I'm absolutely dumbfounded that it hasn't been covered by the mainstream American news media, so here goes - SOMEONE should be spreading this word.
Yesterday morning, the Canadian Broadcasting Corporation (CBC) reported that a hacker group publicly released a cleartext file containing 62,000 usernames and passwords to accounts including those on PayPal and Facebook. Within a few hours, thousands of people had downloaded that file of personal information. Most of the compromised accounts belonged to Americans but, again, no major American news media outlets carried the story.
Within a few hours, a collection of bloggers including Dwight Silverman at Houston Chronicle released links to sites (including one by Gizmodo) that published queries allowing users to check whether their passwords had been compromised.
Here's what happened to us: we checked all our email addresses against the Gizmodo query, and the response we got each time was, "Your information has not been released to the public". Friday morning, I went in and changed PayPal passwords on both my business and personal accounts anyway (better safe than sorry). Unfortunately, my husband did not, and his PayPal account was hacked this afternoon. Only because I happen to follow the CBC, we were aware of the risk and managed to freeze his account shortly after it was compromised, but we do have a collection of fraudulent charges that we are now dealing with.
I suppose this timing could have been a grand coincidence, but my suspicion is that the hackers released 62,000 passwords to the public and then silently reserved another XX,000 passwords for their own use and/or to sell to the highest bidders. So in other words, don't get an automatic warm-fuzzy when you enter your info into any given widget and it tells you you're safe. We certainly were not.
This is not a small-potatoes issue - PayPal is a BANK! It's a major financial institution doing massive numbers of financial transactions on 232 million accounts and which has direct access to users' credit cards and brick-and-mortar checking accounts! I simply can't imagine how or why the American news media would not be following this story!
Go check your PayPal account, if you still can. And good luck.
Thank you so much for this information and recommendation. My account had not been breached (yet) but I am grateful for the heads up to change the password.
ReplyDelete