Jump to content

Arbiter breach

BT_Blue

By BT_Blue,
in Free For All

 Share Followers 3

Recommended Posts

beerguy55

beerguy55 787

Posted
Posted
2 minutes ago, kylehutson said:

Speaking as a computer nerd...

This means they're not doing things right. If they're properly encrypting, it should take trillions of CPU-hours to decrypt that. Yes, trillions.

Oh, and since I've got my computer nerd hat on - listen to @beerguy55's advice above, too. If you need help setting up a separate password for each site, I suggest LastPass (though there are several competitors which are probably as good, that's just the one I happen to use).

Lastpass for me too - I don't even know what my password is for most websites

  • Like 1
Link to post
Share on other sites
  • Replies 49
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

beerguy55

Use (multifactor authentication) MFA wherever you can (at least where it matters - banks, social media, computer, phone, anywhere with PII or financial info) - use an authenticator app if you have a s

kylehutson

Speaking as a computer nerd... This means they're not doing things right. If they're properly encrypting, it should take trillions of CPU-hours to decrypt that. Yes, trillions. Oh, and sin

Umpire in Chief

Continuing to follow this... I was wondering if any of our members with IT/Security specific knowledge could chime in with additional tips. I'm definitely going to look into lastpass.  

kylehutson

kylehutson 649

Posted
Posted
4 minutes ago, beerguy55 said:

Lastpass for me too - I don't even know what my password is for most websites

Me either - including Arbiter. I got the notification, changed my password, and I don't know what either the previous or current passwords were/are.

Link to post
Share on other sites
aaluck

aaluck 110

Posted
Posted
1 hour ago, kylehutson said:

Me either - including Arbiter. I got the notification, changed my password, and I don't know what either the previous or current passwords were/are.

Now with this last pass can you use it across all of your devices? In other words if I change a password on my work computer will it know it on my home iPad or cel phone?

Link to post
Share on other sites
The Short Umpire

The Short Umpire 78

Posted
Posted
On 8/28/2020 at 1:48 PM, beerguy55 said:

Couple of tips from your local cyber guy - this is what I do for a living.

First - do NOT reuse your password across websites...those who hacked Arbiter now have a set of passwords that they will attempt at any website you can imagine to see what works...and more than half of them likely will work somewhere else - Amazon, Linkedin, banks, etc, etc. 

Also - use this resource - https://haveibeenpwned.com/ - it will give you an idea of what breaches have found your email address...and what else with it.

 

Just curious, I tried HIBP and found some breaches of my email accounts in the past, but it didn't list the Arbiter breach. Is that just due to a delay in reporting? 

Link to post
Share on other sites
beerguy55

beerguy55 787

Posted
Posted
4 hours ago, The Short Umpire said:

 

Just curious, I tried HIBP and found some breaches of my email accounts in the past, but it didn't list the Arbiter breach. Is that just due to a delay in reporting? 

Likely because the breach only impacts 8000 or so people - I'm assuming they draw the line somewhere.   You can always submit it to them.

Link to post
Share on other sites
noumpere

noumpere 3,315

Posted
Posted
9 hours ago, The Short Umpire said:

 

Just curious, I tried HIBP and found some breaches of my email accounts in the past, but it didn't list the Arbiter breach. Is that just due to a delay in reporting? 

I have also heard (but I didn't try to verify) that the Arbiter breach didn't affect everyone.

Link to post
Share on other sites
kylehutson

kylehutson 649

Posted
Posted
17 hours ago, aaluck said:

Now with this last pass can you use it across all of your devices? In other words if I change a password on my work computer will it know it on my home iPad or cel phone?

Yessir.

Link to post
Share on other sites
beerguy55

beerguy55 787

Posted
Posted
On 8/31/2020 at 2:02 PM, Umpire in Chief said:

Continuing to follow this...

I was wondering if any of our members with IT/Security specific knowledge could chime in with additional tips. I'm definitely going to look into lastpass.  

Use (multifactor authentication) MFA wherever you can (at least where it matters - banks, social media, computer, phone, anywhere with PII or financial info) - use an authenticator app if you have a smart phone, or text message code, fingerprint, face, etc.  Something you have + something you know.  A bank card is an example...you have the card, you know the PIN.   Typically anything that requires your cell phone is a good additional layer of security. 

Try to avoid "secret questions"...that's just something else you know and if someone is motivated enough they can figure out the name of your first dog, or your mother's maiden name.

Check security settings of any site you use - turn on notifications where possible (eg. notify you of logins on a new device, notify you if someone changes your password, etc)

Here's a stat for you - 2/3 of people never change their home default wi-fi password.

 

As far as passwords - size matters - go for length, not crazy characters.  Put in a passphrase that is easy for you to remember, hard for someone to guess...even if it's all lower case if it's 15 characters or more it will be time consuming to hack.  (eg. drinkingbeerisawonderfulthing)..you can throw in some caps if you want to make it even harder  (or let your password manager do it for you - but you still need a really strong password for your password manager - and your computer...and your work account, etc, etc)

Also - don't use common phrases - eg. ilovekale vs ilovebeer - guess which one is 50 times harder to crack.

PIN's - go 8 characters at least...that's just math - 4 characters 10000 combinations, 6 - one million, eight - 100 million

Finally - remember - hacking people is now easier than hacking technology - social engineering, mostly email phishing, is the prime way they're going to try to get your password, your money, your identity.   It's also cheaper.  The guy who sent you that phish email last week likely works in a cubicle, has a manager, has an annual review, performance objectives, a training plan, and may even share company bonuses.

Don't click links in emails unless you are 150% sure you know the source...I just go to the website and log in...if that Amazon email was real, the info will be there in my account.

I can go on and on and on.   Awareness is our best, and sometimes only, tool - there are companies in the world with THOUSANDS of employees whose only job is cybercrime.

Anyway - ask away - PM or here....this is my career, 25 years - I'm head of cybersecurity of a multi-billion dollar company.

  • Like 5
Link to post
Share on other sites
Umpire in Chief

Umpire in Chief 1,660

Posted
Posted
On 8/31/2020 at 4:02 PM, Umpire in Chief said:

Continuing to follow this...

I was wondering if any of our members with IT/Security specific knowledge could chime in with additional tips. I'm definitely going to look into lastpass.  

SO I subscribed to lastpass last night. I did a lot of research between it and a few other password management tools and think this is a very good product and for the price its a no brainer.

Check it out https://www.lastpass.com/

  • Like 1
Link to post
Share on other sites
Umpire in Chief

Umpire in Chief 1,660

Posted
Posted

Oh wow I just logged into my account. and was not surprised... I looked into ArbiterPay and had a zero dollar balance...

I wasn't hacked or anything they just charge a hefty $10.00/ month inactivity fee. Which I wasn't aware of. I use to keep this as my secret hide away money. 

I guess those last couple of games in my career ended up being free.... :(

 

  • Sad 3
Link to post
Share on other sites
kylehutson

kylehutson 649

Posted
Posted
17 minutes ago, Umpire in Chief said:

I wasn't hacked or anything they just charge a hefty $10.00/ month inactivity fee. Which I wasn't aware of. I use to keep this as my secret hide away money. 

I guess those last couple of games in my career ended up being free.... :(

That sucks.

I have a separate bank account for my stuff where SWMBO has look-but-don't-touch privileges. I set that up after she spent money that I needed to go to a conference for my day job (it would get reimbursed, but it made for an unpleasant conference). She doesn't mind too much because that's also my fun money (usually meaning taking her out to eat).

Link to post
Share on other sites
BlueRanger

BlueRanger 94

Posted
Posted

I hope to God this finally torpedoes the absolute dumpster fire of a website and software that is Arbiter. It is outclassed and outmatched in literally every way by other softwares (Assignr, RefTown, etc.) that there is ZERO reason to continue giving these dinosaurs money. LET IT DIE! :fuel:

Link to post
Share on other sites
kylehutson

kylehutson 649

Posted
Posted
11 hours ago, BlueRanger said:

I hope to God this finally torpedoes the absolute dumpster fire of a website and software that is Arbiter. It is outclassed and outmatched in literally every way by other softwares (Assignr, RefTown, etc.) that there is ZERO reason to continue giving these dinosaurs money. LET IT DIE! :fuel:

I'm OK with that, but I hope *somebody* wins. I'm not going to block schedules on 10 different calendars.

  • Like 2
Link to post
Share on other sites
Umpire in Chief

Umpire in Chief 1,660

Posted
Posted
On 9/3/2020 at 12:36 PM, kylehutson said:

I'm OK with that, but I hope *somebody* wins. I'm not going to block schedules on 10 different calendars.

This was the greatest thing About Arbiter IMO. It didn't date long before all groups I worked with used Arbiter and life was easy. 

  • Like 1
Link to post
Share on other sites
  • 2 weeks later...
johnnyg08

johnnyg08 1,716

Posted
Posted

The part that frustrated me about this was when this occurred in the middle of July, they lied about it.

I didn't get notified about this until my check cards were getting declined and I had to call the bank to figure out wtf was going on and they told me that some idiot was driving up and down the Cali coast trying to cash fraudulent checks in my name. He had ALL of my verification information. 

I could have nipped this before it all went down had they been honest about it right away.

 

  • Thanks 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 3
Go to topic listing




×
×
  • Create New...