Am I just too paranoid?

[doingsoso]

Does anyone have any birdies whispering in their ear about what precautions LiveJournal is planning on putting in place to prevent Journal hacks like the most recent ones? I don't use a Hotmail account, but you can bet they'll crack gmail addresses too. Sigh. And I did the secret question thingy, but they must have some way to prevent that sort of

Comments

[worldserpent]

I have no idea, but if you have any reason to suspect anything has been compromised, I would get the LJ archive program and back up your journal.

[doingsoso]

I have my journal backed up and archived, and I also have a backup journal. But I would still like Live Journal to make a statement about this, and tell us exactly how it happened and how they plan to prevent it in future, or at least make it much more difficult. This is the first time I've heard of simultaneous accounts being hacked on LJ.

[worldserpent]

How were the accounts hacked? If what happened was that the email account was taken over, and then the hackers used the email account to get into the LJ account, I don't know if there really is anything LJ can do about it? Because technically, if this was the situation LJ itself was not hacked, so there is nothing to distinguish what happened from normal use, IIRC.

[lied_ohne_worte]

According to the rumours I heard (and I think at least one of the "hacked" people posted about it), it was the email accounts, yes. Not really something LJ can prevent.

And if LJ was to make a large "Look, people, if someone accesses/re-registers your email account, they can get into your LJ account, too!" post, it might actually encourage people to try doing this with other accounts.

[doingsoso]

Yeah, I think it had something to do with email addresses. Someone somewhere posted something about hotmail addresses being vulnerable.

But from what I understand Google addresses are vulnerable too. I believe I read something a few months ago about spammers finally breaking Hotmail's and Google's security or some such? Did anyone else read about that?

I'm not as up to date on computer/internet stuff as I used to be. I haven't had the time to dig into the problem.

That's what has me thinking about the hacking. It's not like I give out my email addresses and passwords willy nilly or anything, but I'm still not sure how they got the addresses and/or the passwords to the email address accounts to hack into the journals. And how did they get the separate password for the LJ accounts.

LOL, magic I guess. It was never clearly spelled out in the accounts of what happened. I'm not sure they know themselves.

I reckon I should have put the link in up there so people could read it.http

[worldserpent]

Well... If those sites are really compromised, what can LJ do about it, though?

This is pure speculation, but they suspect for one of the people, he let his email account lapse and it was recreated by the hacker. The hacker used this account to get his LJ password.

Once you have the email account registered to an LJ account in your control, you can have LJ email you a new password at that account. This is so that people who have lost their passwords can get them back.

[redbird]

As I understand it, what's been broken is CAPCHAs. This doesn't mean the world can break into your gmail account, it means spammers can much more easily make new gmail accounts. And some people are more likely to trust stuff from $name@gmail.com than from $name@example.com or $name@obscure.address.in.tw.