Stage III (that I know of)

[dkogan]

The attacks continue. Looks weak, though; evidently they've run out of javascript exploits and are now down to phishing. Tsk. Although they seem to be using previously-broken accounts for the phishing, so they get some credit for tiering their attack methods.

Not that I'm one to talk, seeing as I got taken by both stage I (unbeknownst to me), and

Comments

[jonlubbe]

How can we avoid getting hacked?
What should we avoid doing, and how did they wind up hacking you?

[dkogan]

Nothing. You're doomed, doooooomed!

It was a browser exploit. At this point, I think everyone who was going to get hacked that way has gotten hacked - they just don't all know about it. Check your userinfo for emails that aren't yours, change your password, and set your cookies to bind to IP when you log in. I think that should prevent anyone who hacked your account prior to the recent domain changes from using the stolen data to log in as you.