Stamporama Website Hacked

I don't know if anyone here uses the Stamporama website, but I just an email from them that their website was hacked and the entire user database with email address and password was posted online.

Go change your passwords if you use the site, and, PLEASE use a password manager, so you don't have the same password on multiple sites.

good advice. I don't use the site so I'm safe

Be careful, the email sounds a bit like a phishing email. Are you sure it came from Stamporama? If their email database was hacked (with email addresses) I am not sure they would emails to contact everyone. Has anyone else gotten an email?
Don

I received 2, a couple hours apart. The Forum at the Stamporama has a post that states the same thing the emails contain. Lots of comments from users, but nothing like a "Wait, wait, we really haven't . . . " type post.

The only thing that makes me think the email is genuine is that it doesn't provide a link to click on to get to stamporama to reset your password.

The email is also plain text, and not HTML, so they can't put any links in it or send malicious javascript.

The email looks legit plus when you log onto the website and go to the forum there is a message about it.

I too got an email from SOR advising me of this problem.

Chimo

Bujutsu

I too got the e-mail from SOR. I was also worried that it might be a phishing email, but what benefit can anyone get by you just changing your password. They were not asking for anything else other than go to the SOR site and change your password, which I did.

It is legit. They even announce it on the website now, and I was also in touch with their administrator.

Ok, just to plug something here.

USE A PASSWORD MANAGER.

I use one, and the password on Stamporama was unique to only that site, so my damage foorprint was pretty much non-existent.

Good advice...Be careful as Don says.

Robert

Sorry but that's not good advice. If that gets hacked ALL your business is exposed.

http://www.forbes.com/sites/katevin...r-passwords/

You can use a local password manager. You don't have to use a hosted one.

You think a local one can't be hacked?

If someone manages to hack into your local PC and steals your password file, you've got far greater problems.

Local password files are encrypted. If you use a good strong password, they'd need to steal your file, and convince you to give up your password to them.

With the Lastpass hack you linked to, master passwords might have ben compromised. But those passwords were salted, peppered and hashed 1,000 times. Researchers estimated it would take YEARS to brute force a Lastpass master password.

That's why phishing scemes are so popular. It's a lot easier to trick people into revealing that password than to try and brute force something.

Unbreakable encryption exists. Password managers use good encryption. But you need to use a good strong master password.

You're are the weakest link, not the product you use.

Lots of techno babble, all of which I know all about.

But here's the bottom line. If your browser password extension can show you your password, a browser hack can show the hacker your password. It's that simple. Your fooling yourself if you think it isn't.