SEDO security warning letter

[Fatbat]

This was sent by SEDO this morning...

"We have been informed that due to a security problem at one of our competitors a list of their customer data including plaintext passwords is currently circulating the web including relevant hacker forums."

They then go on to suggest changing passwords, etc.

Anyone know what "competitor" they are talking about?

 

[tomsa]

http://domainnamewire.com/2009/02/04/namedrive-breached-less-than-1-of-accounts-affected/

 

[Stian]

Sounds like a scam to me, I haven't received anything.

Edit: Ah, I thought it was Sedo account passwords lying around.

 

[denny007]

Sedo had to kick Namedrive, of course...such great opportunity ! Did not notice any parking company felt need to send same...pretty low kick if you ask me...

 

[Sonny Banks]

I haven't received anything.

 

[Stian]

Sedo had to kick Namedrive, of course...such great opportunity ! Did not notice any parking company felt need to send same...pretty low kick if you ask me...

Yeah, I didn't get it either what Sedo had to do with it. :?:

 

[tomsa]

Here's the message I get when I log into NameDrive :

Your NameDrive Password
#
As part of a security update, NameDrive has changed the password for your login to access our system.

From now on, we will require you to change your passwords every 90 days as part of good security practices.

To gain access to your account and to retrieve your new password, please click the following link.

Send Password

The new password will be sent to the email you use to login to NameDrive.

If you don't receive an email in the next 10 minutes, please check your spam filter for any mail from NameDrive.com.

 

[Sonny Banks]

Yeah, I didn't get it either what Sedo had to do with it. :?:

I suspect Sedo was hackered too.

 

[Theo]

Sedo had to kick Namedrive, of course...such great opportunity ! Did not notice any parking company felt need to send same...pretty low kick if you ask me...

Sedo didn't name NameDrive in their email - which I think they should have.

The reason that Sedo sent out that email is because many use the same passwords across several PPC company accounts, a big "no-no". So Sedo did the right thing notifying us.

 

[Yusio]

I suspect Sedo was hackered too.

No, they just advised to changed your password as a security precaution.

 

[ARMG]

This is the email from Sedo:

We have been informed that due to a security problem at one of our competitors a list of their customer data including plaintext passwords is currently circulating on the web including relevant hacker forums.

Our Security and Compliance Team has found several of our own customers matching the publicly available list. Due to the seriousness of this matter combined with the possibility that you might be using the same login data/password at more than one parking company, we strongly suggest you to change your password at Sedo.

Sedo uses cryptographically unbreakable ciphertext for password checks and does not store your password in plaintext. This, and a variety of other security measures, ensures that your Sedo account is always safe from third parties.

We generally recommend to always use different login IDs for different sites and never hand out login IDs to any third party.

Should you have any further questions or needs, your dedicated account manager is looking forward to help.


Kind regards,

Your Sedo Security and Compliance Team

 

[Sonny Banks]

No, they just advised to changed your password as a security precaution.

Ok thanks.
I've changed psw anyway.

 

[katherine]

The reason that Sedo sent out that email is because many use the same passwords across several PPC company accounts, a big "no-no". So Sedo did the right thing notifying us.

I agree. I would rather look like an opportunist kicking the competition in the back rather than conceal information that could be potentially damaging to a few customers.

 

[Theo]

On the other hand, I didn't get any notifications from NameDrive.

 

[Sonny Banks]

On the other hand, I didn't get any notifications from NameDrive.

I don't use ND but I've talked 5 minutes ago with the Italian rep he told me the 0.05 of psw are posted on a forum.
They removed that thread with the psw.

My question is: 0,05???? :lol:

 

[Theo]

1% of how many accounts? One million? That's 10,000 passwords. The hackers might as well be posting a portion of the hacked account info.

 

[Sonny Banks]

1% of how many accounts? One million? That's 10,000 passwords. The hackers might as well be posting a portion of the hacked account info.

He don't tell me how much psw only said me 0,05 of ND accounts.

I post here the message (in italian).

"Sono state pubblicate delle password and keyword di meno dello 0,05%, dei nostri accounts su un forum.

Le pagine incriminate su quel forum sono state chiuse. Ed il problema e' stato risolto.

Gli interessati sono stati contattati direttamente.

Per tutti gli altri consiglio comunque di cambiare la pass almeno ogni 90 giorni e di non usare la stessa e-mail e pass per altri accounts".

 

[domaingenius]

I posted this yesterday, on a hunch that they have been hacked, but thread was moved. I would have thought though that ND should have told
its clients in more direct straightforward fashion , not let them learn
via forum !!!

DG

 

[Theo]

I sure hope NameDrive did a mass-password change and not just for the accounts they saw listed.

 

[Sonny Banks]

I sure hope NameDrive did a mass-password change and not just for the accounts they saw listed.

Acro the ND guy told me they don't do a mass psw change.
This is the point is not a great way to make business don't defend their customers.

I'm happy I always used Parked.