Backstory: As many of you may know, I've spent most of my working career in and out of the Defense Industry. I've held security clearances of various levels on and off for years. About a year ago, I was informed by the US Office of Personnel Management that they were somehow hacked and that anyone who had a background investigation done and were receiving this letter may have had their personal information stolen. They didn't give tons of detail (basically because they didn't have much to go on) but what they did do is offer everyone to sign up for free security and credit monitoring through a company call ID Experts for three years. I figured "what the heck?" and signed up.

I would get emails every few months from this company just telling me all is well, which was fine. But about two months ago, they notified me that my information had popped up on one of their intrusion monitors. I did some checking and found out that a site I visited several years ago was hacked and got some of my long dormant information. ID Experts recommended that I change my passwords to any account with my email attached. Even though I usually do this once a year or so, I did it again immediately that morning. During the month of May, I discovered that these hackers (from the Czech Republic and another location in Russia) had attempted to hack into my Paypal account, one bank account and Facebook (they must be really bored). Fortunately, there are multiple levels of security on all of these accounts so the attempts by these sheep-fvckers were unsuccessful.

My point here is just to warn all of you: Change your passwords. "Ego Google" yourself every year to see what's out there about you and if it isn't fairly innocuous, see if you can get it removed. Do your best to keep yourself off of online search engines such as WhitePages and Peoplefinders (I know this is a pain in the ass but I believe it's worth it). Don't let online accounts just go dormant...close them where possible. Buy a cross-cut shredder AND USE IT. Keep tabs on your credit. I'm pretty diligent about all this stuff and I'm sure that helped to keep any possible damage at bay. But even the best of us will overlook things or become complacent. I used to think all this ID monitoring was a big scam but I'll be keeping these people in place after the three free years is up. You might consider getting an online monitoring service too.

Funny...my ex-wife used to make fun of me because I used to keep such a close watch on our info. I found out through my kids that her personal info was compromised a few years ago causing her considerable headache. She told them "I used to make fun of your dad for doing all this and in the end he was right."

Yes. I was. As usual. :spdchk: :D

One more thing: This is a just a heads-up for everyone. Just take it for what it's worth and please don't turn it into a "government this" or "Hillary that" or some other insipid conspiracy or political bitch-fest.

Thanks, Got a message from somebody just yesterday saying I need to do that.

Oh, It was Pandora. Their info was breached. Gonna do that tomorrow with a clearer mind.

I might change them all to Iron Chef in your honor.

My wife & I got those same notices from DoD. I guess her info was in there due to my background investigation(s). We signed up for the free service, & I check their site occasionally, but no bad news thus far.

I have a bad habit of using the same passwords on many sites. Never for anything serious, like banking, credit card sites, etc., but still, it's a bad habit. Just recently I received an email from one site I visit telling me that I had to change my password, since their stored user info had been compromised. The breach was actually done to Verticalscope, who operates a buttload of sites, so I had to go change things on several others as well. Along with other unrelated sites where I used the same passwords. What a mess.

So now I have unique passwords on all of the sites I use, and I'll never remember any of them. :rofl:

Both my wife and I had our info stolen in that same breach.

U.M.

My credit union forced me to change P/W and go through hell on my account, it was easy to sign in and do business, not so much anymore, I have to type all that shit out every time, for a long time I kept a note on my desk about it, but all the other sites I visit have so far stayed the same.....but the CC companies with Amazon and Wally world are having conniption fits also....

Thankfully I have the two CC and water and electric able to pay by wire from the CU, as I recall I have filled out maybe two checks in the last 4 years or so....:issues: God I"m lazy.....

Thanks, Got a message from somebody just yesterday saying I need to do that.

Oh, It was Pandora. Their info was breached. Gonna do that tomorrow with a clearer mind.

I might change them all to Iron Chef in your honor.

I hadn't heard about that and I have a Pandora account. Did a Google search and nothing really came up about it. Except a thread from an ar15 forum, with other people chiming in saying they got nothing from Pandora, either. :shrug:

You didn't follow the link from the email to change it, did you?

Better to be safe than sorry, I guess. I'll change my Pandora password.

I had someone on FB that I did not know (in France) email me my Netflix password and tell me it was too weak. :eek:

I was lapping in Hillary's grundle just the other day and she mentioned this very thing.

I was lapping in Hillary's grundle just the other day and she mentioned this very thing.

:rofl::rofl:

So now I have unique passwords on all of the sites I use, and I'll never remember any of them. :rofl:

I have multiple passwords as well. I keep a list of them on a jump drive that I try to update regularly.

I might change them all to Iron Chef in your honor.

I'm flattered, but I really think you should use "Uncle Meat" for bigger impact. :rofl:

I know all of this is a pain in the ass, but damn...one wrong digit in the hands of some douchebag Chechen Rebel and you're screwed. I've had the same Email address for many years. I think it may be just about time to migrate to a new one and keep the old one to give to marketers ;)

The biggest hassle is keeping your name out of the online directories. You send in a request to be removed and they do it. But six months to a year later, they load up a new data dump and you're back in there. I'm really not paranoid: If someone really wants your info, they'll get it. I've done the best I can to protect myself, but if something gets out, it gets out.

Right, wrong or otherwise, the USA isn't the most popular country in the eyes of the rest of the world and there are a lot of people out there hell-bent on doing us harm both individually and collectively, so I see the value of trying to keep as small an electronic footprint as possible.

... Do your best to keep yourself off of online search engines such as WhitePages and Peoplefinders (I know this is a pain in the ass but I believe it's worth it). ... Can you be removed from these sites?

I assumed my address & phone number was mined for telephone directories & my age range from state Motor Vehicles.
I don't do Facebook, etc.

Can you be removed from these sites?

I assumed my address & phone number was mined for telephone directories & my age range from state Motor Vehicles.

It is, but most of these sites have ways in which you can "opt-out" and have your information removed. You have to drill down a bit because they really don't want to remove you so they don't make it obvious. There's usually a link on the sites marked "privacy" or "FAQ's" which will tell you how to do it, and that in itself can be a pain. AND...as I said above...it's usually not a permanent removal. But some folks such as myself find it to be worth the effort.

Also...many of these sites are considered "feeder sites"...that is, multiple sites will get information from a single source. For example, Whitepages might feed ten other sites that also list your personal information. If you can get your information deleted from the main feeder, the rest also lose your info. It's not always easy to figure out, but if you can, it'll save you a bunch of work.

For browsers, get Last Pass. It's free. It will generate random passwords for each site. I decided to use 12 characters instead of the default of 8. It will auto-log in each site. All you have to do is remember only one password.

https://lastpass.com/

Some other advice from an ethical hacker.....

- Make sure your wireless is secured with WPA minimum, WPA2 more better
- Do not leave your Wireless phone in promiscuous mode. If you are not using an ear piece or other Bluetooth hardware, shut Bluetooth down.
- Change your passwords every 120 days minimum.
- Use strong passwords (15 characters, Combo of Numbers, letters (Capital and small) and special characters. Do not use words that are in the dictionary in the clear. Change out some of the letters with special characters with numbers or letters that resemble the letters. If it's in the dictionary "Cain and Able" can hack it.
- Don't save logins or passwords in your browser.
- Keep your software updated. Install updates.
- McAfee, Norton or some other Virus software isn't one hundred percent a guarantee. Especially if you don't ever update the definitions.
- Don't click on attachments in e-mails unless you are absolutely sure the person that sent it to you really sent it to you. It's easy to spoof e-mail addresses.
- It's easy to hide malware in any type of attachment,including pictures. One fo the most fun things we learned was how to put a malware payload in a picture of a pretty girl.
- Protect your PII like Iron Chef said. I've see too many people get taken to the cleaners because they didn't do the simple things. Take it seriously.
- Beware people calling your office looking for info on fellow colleagues. Social Engineering is a reality.

Some other advice from an ethical hacker....

Really outstanding suggestions here. :seasix:

FYI...I had my name removed from three "people search" websites today just as a test. One required that I send in a form. A second allowed me to do it using an online form. The third I sent an Email to and they responded within 2 hours saying my info had been removed as requested.

You can get it done with a little effort.

- Protect your PII like Iron Chef said. I've see too many people get taken to the cleaners because they didn't do the simple things. Take it seriously.
- Beware people calling your office looking for info on fellow colleagues. Social Engineering is a reality.

WTF is 'social engineering'??? :waiting:

This is one example....

I know by looking at your public Facebook profile that you work at company X. I also know since you told everyone that you are going on vacation. I don't know how long though.

I call your office and ask the person for you. You, of course, are not in. I explain to the secretary or whomever it is that I'm a friend of yours and ask, when you will be back. She tells me 2 weeks. That tells me 2 things, You really do work there, and I have 2 weeks to try to figure out how to hack your account without you noticing.

This works because people are basically kind and want to help out. It is counter to everything we are normally raised to do to be unhelpful. Unfortunately, unscrupulous a-holes take advantage of this.

The absolute master of this was a guy named Kevin Mitnick. He's a fascinating guy, but his ego is HUGE. He's written a couple books on the subject that are really interesting. I used him as a reference in a few of my papers and got roasted by my Professors for it. He is NOT well liked but again, he was good at it.