Rev Customer Databased Hacked?

[Martin Baxter]

As well as changing your password, which I think should be done as a
matter of course, I would suggest also changing your onrev contact email
if you can. Ideally it should be a new one only used as contact email
for that account and maybe redirected to a real mailbox.

This is because there is danger of this stolen info being used in a
spear-phishing email, perhaps purporting to be from runrev about "your
onrev account" and containing a poisoned URL of some sort or some other
trickery.

If the contact email is unique to the account (and non-obvious), then it
makes it easier to identify any fraudulent emails of this sort.

IMO, online security is a contradiction in terms. Even if you are smart,
your security is nowadays crowdsourced and therefore dependent on so
many unknown others, many of whom are not smart, that it is wise to
assume everything online will eventually be compromised, and plan
accordingly. We are now in the "steal everything" era of online crime.

It always irritates me when online credentials consist of any factors
which cannot be changed if they are compromised - as in this case the
account id. This is the problem with biometric credentials, once they
are compromised, how do you change them to repair your security?

The weakest link is in-between the chair and the keyboard and,
unfortunately, cannot easily be upgraded or patched. ;-)

Martin Baxter


On 11/07/2011 14:34, Gregory Lypny wrote:
> Hello everyone,
> 
> Have any of you received this message from Heather?  Implications?
> 
> Gregory
> 
> 
>> Dear Gregory Lypny,