Email about account breach

noway2

Senior Member
2A Bourbon Hound OG
Charter Life Member
Multi-Factor Enabled
Joined
Dec 16, 2016
Messages
21,183
Location
Onboard the mothership
Rating - 100%
5   0   0
A little bit ago I received an email, presumably from this site saying the following:
DragonByte Security has detected that your account has been the subject of a breach on another site. We recommend you change your password and enable two-factor authentication to stop your account from being a target of further breaches.

  • Forbes (forbes.com) happened on Feb 14, 2014, added to the system on Feb 15, 2014 at 6:24 AM

While adding two factor authentication and what not could be a good idea (depending on how it's implemented it may be a pain to use in practice), I am having trouble understanding how a login from a site (forbes) that I am not even aware that I have, or had, has anything to do with this site? Second, the password for this site is both unique in that it was never used elsewhere and strong. Consequently if they got a password from another site, it wouldn't do squat for them on this site. Third, why is it now complaining about a possible "breach" from over THREE YEARS AGO! Lastly, the email contains a link that supposedly takes you to this site to change your login. Sorry, but that is also how phishing emails work and clicking on it, even when the hover-over shows the URL apparently being valid is a no-go as I was reading this morning that this can be faked using unicode and that this is a new tactic in phishing.
 
FYI, CFF does have 2FA.
I was looking at it. Does that mean that every time I would log in, I would have to get a code and what not? That would be a real pain in the rump, especially when I use multiple devices.
 
I was looking at it. Does that mean that every time I would log in, I would have to get a code and what not? That would be a real pain in the rump, especially when I use multiple devices.
No, you only need to authenticate every 30 days.

Easiest way I've found to manage 2FA is to keep Google Authenticator on my phone and use that for all the online services/sites I use that use 2FA. I find using Google Authenticator more convenient than receiving a text message with the auth code.
 
Last edited:
No, you only need to authenticate every 30 days.

Easiest way I've found to manage 2FA is to keep Google Authenticator on my phone and use that for all the online services/sites I use that use 2FA. I find using Google Authenticator more convenient than receiving a text message with the auth code.
What about Fruit products like an iPad? Is there something similar for that?
 
@toddje has a thread on this, not sure where it went.

Basically the security software we added monitors email addresses for known account breaches. We have NOT been breached and would like to keep it that way. If you have got the email that @noway2 posted it's from us, letting you know that the email address you used to register here MAY have been compromised on the sites that have been specified in the email.
 
Last edited:
Back
Top Bottom