LaCie reveals year-long security breach at online store
Storage vendor LaCie , maker of a number of accessories compatible with Apple's Thunderbolt, announced on Wednesday that data from transactions made through the company's first-party online store may have been compromised as a result of a security breach that went undiscovered for nearly a year.
LaCie made the announcement on its website. The company was informed of the breach in March by investigators from the FBI and subsequently hired a digital forensics team to conduct its own inquiry.
"Based on the investigation, we believe that transactions made between March 27, 2013 and March 10, 2014 were affected. The information that may have been accessed by the unauthorized person may include customers' names, addresses, email addresses, and payment card numbers and card expiration dates. Customers' LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords," the notice reads.
Customers affected by the breach should have already received a message from LaCie with additional information. Those with questions can contact the company at 866-236-8208 Monday through Friday between the hours of 9:00 a.m. and 7:00 p.m. Eastern Daylight Time.
LaCie, owned by Seagate, is a major manufacturer of external storage products and is among the most popular providers of such systems to Mac owners thanks to wide-ranging support for the Thunderbolt protocol.
LaCie made the announcement on its website. The company was informed of the breach in March by investigators from the FBI and subsequently hired a digital forensics team to conduct its own inquiry.
"Based on the investigation, we believe that transactions made between March 27, 2013 and March 10, 2014 were affected. The information that may have been accessed by the unauthorized person may include customers' names, addresses, email addresses, and payment card numbers and card expiration dates. Customers' LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords," the notice reads.
Customers affected by the breach should have already received a message from LaCie with additional information. Those with questions can contact the company at 866-236-8208 Monday through Friday between the hours of 9:00 a.m. and 7:00 p.m. Eastern Daylight Time.
LaCie, owned by Seagate, is a major manufacturer of external storage products and is among the most popular providers of such systems to Mac owners thanks to wide-ranging support for the Thunderbolt protocol.
Comments
Is there anyone not using an app like 1Password at this point?
Me. I just haven't gotten around to it yet I guess.
The passwords that I choose are extremely secure though. They're long, they use all sorts of strange characters, numbers and capital/small letters when possible, and they're not going to be guessed by any dictionary. I just keep track of them manually. It doesn't really bother me doing it that way, because I'm used to it and have been doing that for years, but I guess that I might eventually get a password manager one day.
I actually went and changed many of them last week, after I read about some huge security breach affecting certain sites.
Me. Look at how freaking flawed software is, and how vulnerable it is. What's the point? Do I want one central point of failure to lose all my passwords or get them all stolen? They've already admitted to a security breach in the past, and look how secure our entire Internet is, with years-long vulnerabilities and unknown exploitation.
Interesting. Do you have unique passwords for everything? If so, how do manage all of them? I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. After Apple's Go To Fail bug was resolved I changed all of them. With this recent OpenSSL bug I changed all the ones of sites I knew were affected and resolved. I have 8 Google accounts, 3 iCloud accounts, 2 Dropbox accounts, and about 10 accounts for various financial institutions.
Except for the financial institutions — which are oddly stingy about password length and special characters — Google, iCloud and Dropbox all use 50 character alphanumerics with special characters that I could never remember. On top of that my select questions all have answers that are random strings thereby preventing social hacking techniques. I was able to systematically change them over time and keep track of which ones I changed with their Smart Folder feature so I could 1) see which had a date modified older a particular date and 2) which ones had a note field that wasn't blank (which is where I store that info). Took some time but a couple a day only takes a moment and soon enough potential threats are isolated to a particular site.
I can't imagine that being done well without a password manager which, among it's well known features, also has a security audit feature which 1) tells me which passwords are weak (not an issue for me), 2) informs me which passwords are duplicate (also no longer an issue for me), and 3) which passwords haven't been changed in awhile (6-12 months, 1-3 years, 3+ years).
1) Sure, nothing is foolproof but I fear more about having some website's server's hacked with my username and password from that site being tested on others than I am from someone stealing my MBP, getting past VileFault2 on said MBP, and then being able to get into my 1Password database that is protected by 256-AES encryption.
2) What security breach has directly affected 1Password?
Interesting. Do you have unique passwords for everything? If so, how do manage all of them? I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. After Apple's Go To Fail bug was resolved I changed all of them. With this recent OpenSSL bug I changed all the ones of sites I knew were affected and resolved. I have 8 Google accounts, 3 iCloud accounts, 2 Dropbox accounts, and about 10 accounts for various financial institutions.
Yes, every password is unique. I just keep track of them manually using secure notes on my Mac. When something gets changed or added, I just open the note and change it. I have passwords for plenty of sites too, but there are only a small percentage that actually gets used very often.
And for those sites that are important that I might visit very often, like a trading account, those passwords are remembered in my head, even though they might look like this: #3ab23&ksl78Dd7.
Is there anyone not using an app like 1Password at this point?
No password is secure if it's written down in text which is then taken from a website.
My password for a website selling hard drives would be the least of my concerns if the other data they got is my credit and debit card details.
"Modern computers are fast enough and powerful enough to break anything given a chance" It's not a matter of how long your passwords are. it starts at "A" or "0" and goes from there."
I've read that enough times in the past few months to believe it. I see more issues with Disquis or what ever it's called asking for my email list and "friends" pffft * gets up wipes hands on pants, crosses room, enters TOR"
Is there anyone not using an app like 1Password at this point?
Why even care anymore? With this kind of announcement it becomes clear that your identity is fair game to anyone. What good is a secure password when that password is stolen by a bad guy with apparent ease? Why not just use the age old favorites like “123456” or “password” if the bad guys are gonna get it anyway? Just pass laws that take the consumer totally of the hook for any losses. Make the website operators totally liable for damages. When they lose enough money they’ll figure out a way to make their sites secure. Nothing like losing money to sharply focus a company’s attention to security.
/s
I am dumbfounded by your comment. Because someone might hack into AppleInsider's servers it means that no online account you have should have a password more complex than 123456? Is that what you're professing?
Does that mean you also don't use any two-step authentication?
PS: The "customer" should not be off the hook if they willfully make foolish decisions that resulted in their identities and money being stolen. Thankfully most sites don't allow easily guesses passwords to be used.
That is impressive password to remember multiple passwords of that type. I only know three, if you don't count bank PINs, hate codes and padlocks. My MBP password, my 1Password password, and my one iCloud ID used only for Find My iPhone; all of which are long phrases that, while possibly well known, have enough variances that they are extremely strong.
BTW, Keychain's Secure Notes are what I used before I had 1Password. I can t imagine going back.
Talk to anyone that works in IT and buy them enough drinks they will tell you most company websites are unsecure.
I would say 1 out of 10 are actually proactive in protecting client information.
People tend to think things are set and forget and dont need updating creating a false sense of security that hackers love to exploit.
That is impressive password to remember multiple passwords of that type. I only know three, if you don't count bank PINs, hate codes and padlocks. My MBP password, my 1Password password, and my one iCloud ID used only for Find My iPhone; all of which are long phrases that, while possibly well known, have enough variances that they are extremely strong.
BTW, Keychain's Secure Notes are what I used before I had 1Password. I can t imagine going back.
I didn't know them to begin with, but each time I used them, I would have to look them up, and eventually I just ended up memorizing a few of the ones that get used on a daily basis. I saw that 1password is currently half off, so who knows, maybe I'll eventually switch over from my manual method.
Me. Look at how freaking flawed software is, and how vulnerable it is. What's the point? Do I want one central point of failure to lose all my passwords or get them all stolen? They've already admitted to a security breach in the past, and look how secure our entire Internet is, with years-long vulnerabilities and unknown exploitation.
Better than nothing. Lastpass, 1password, and KeePass are all great Managers. They can be portable and I think all of them have multiple layers of security. Encryption, Master Passwords, File checks ect....
I think this is brilliant marketing. The more people will doubt cloud services, the more hard drives they will buy.
/s
Then I'm fully behind them. The less 3rd party cloud I have to deal with the better.
(I'm being serious though =D)
Does that mean you also don't use any two-step authentication?
I mean EXACTLY that! Every single day we read about yet another security breach allowing our user id’s and passwords to be stolen. From Target to LaCie, to the Schnuck’s grocery store chain in St. Louis, to the Heartbleed bug it has become perfectly clear that using strong passwords is USELESS if they can be stolen at will from websites or company servers. If some bad guy empties out my bank account I’ll just sue the pants off the bank. Everybody does it, everybody expects the retailer or bank or whatever to make them whole again. The bad guys are filing fraudulent income tax returns using someone else’s SS number and raking in their refunds. The IRS is too understaffed to do much about it. The bad guys are creating fraudulent SS accounts and redirecting the deposits to their own bank accounts. Crime on the Internet is all over the place, unstoppable, pandemic. So what’s the use? I’ll just make YOU pay higher prices to get my funds back. Oh, and the legal system favors the criminal anyway. The guy who steals my identity gets a couple of months... or more likely probation.
I say this out of complete frustration with the online universe we have created. I’ve had it and I don’t care any more.
"The "customer" should not be off the hook if they willfully make foolish decisions that resulted in their identities and money being stolen. Thankfully most sites don’t allow easily guesses passwords to be used."
But they ARE off the hook. They DO get their funds restored. And if I leave my front door unlocked the insurance company still pays and YOU get higher premiums to offset the loss. Har, har, what a racket.
<snip> I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. <snip>
Huh, I thought I had a lot with over 75 in my password manager. :-) I don't hang out in as many forums, I guess.
I like how AppleInsider dodges the whole security controversy by offering no-secure login at all. I hope everyone out there in reader-land isn't reusing passwords to log into AI!
I've evaluated quite a few password apps, and eventually settled on mSecure for iPhone. It has all the features I needed. And this way, my passwords are with me wherever I go, when I need them. Not quite sure I trust the "in the cloud" password managers yet. Even Apple's.
Quote:
Why even care anymore? With this kind of announcement it becomes clear that your identity is fair game to anyone. What good is a secure password when that password is stolen by a bad guy with apparent ease? Why not just use the age old favorites like “123456” or “password” if the bad guys are gonna get it anyway? Just pass laws that take the consumer totally of the hook for any losses. Make the website operators totally liable for damages. When they lose enough money they’ll figure out a way to make their sites secure. Nothing like losing money to sharply focus a company’s attention to security.
Would you ... umm ... mind telling me where you bank at? Uh, no reason, just askin'... ;-)