A little bit ago I received an email, presumably from this site saying the following:
While adding two factor authentication and what not could be a good idea (depending on how it's implemented it may be a pain to use in practice), I am having trouble understanding how a login from a site (forbes) that I am not even aware that I have, or had, has anything to do with this site? Second, the password for this site is both unique in that it was never used elsewhere and strong. Consequently if they got a password from another site, it wouldn't do squat for them on this site. Third, why is it now complaining about a possible "breach" from over THREE YEARS AGO! Lastly, the email contains a link that supposedly takes you to this site to change your login. Sorry, but that is also how phishing emails work and clicking on it, even when the hover-over shows the URL apparently being valid is a no-go as I was reading this morning that this can be faked using unicode and that this is a new tactic in phishing.
DragonByte Security has detected that your account has been the subject of a breach on another site. We recommend you change your password and enable two-factor authentication to stop your account from being a target of further breaches.
- Forbes (forbes.com) happened on Feb 14, 2014, added to the system on Feb 15, 2014 at 6:24 AM
While adding two factor authentication and what not could be a good idea (depending on how it's implemented it may be a pain to use in practice), I am having trouble understanding how a login from a site (forbes) that I am not even aware that I have, or had, has anything to do with this site? Second, the password for this site is both unique in that it was never used elsewhere and strong. Consequently if they got a password from another site, it wouldn't do squat for them on this site. Third, why is it now complaining about a possible "breach" from over THREE YEARS AGO! Lastly, the email contains a link that supposedly takes you to this site to change your login. Sorry, but that is also how phishing emails work and clicking on it, even when the hover-over shows the URL apparently being valid is a no-go as I was reading this morning that this can be faked using unicode and that this is a new tactic in phishing.