fringe: Harmony Central Breach

[security curmudgeon <jericho () attrition org>]

Courtesy of a DL reader:


---------- Forwarded message ----------
From: Harmony Central <HarmonyCentral () harmonycentral rsys1 com>
Date: Fri, Dec 11, 2009 at 11:11 AM
Subject: Harmony Central - Important Message to Our Users


View web version. To ensure delivery, please add
HarmonyCentral () email HarmonyCentral com to your address book.
Harmony Central



December 11, 2009



Dear Harmony Central member,

Thank you for your participation in the Harmony Central community.  We
are writing to inform you of an incident that took place on Tuesday,
December 8, 2009, and to suggest some steps you may consider in
response.

What Happened.

Someone without authorization temporarily gained access to the Harmony
Central site.  That person or persons also gained access to our stored
member information, which includes e-mail addresses.  If you have
provided us with other information, like your date of birth, we have
also stored that information.  Our stored information also includes
member passwords, which are protected by multiple levels of encryption.

Our Response.

Our team stopped this intrusion.  We are working hard to further
improve the security of the Harmony Central site.  We regret that this
incident has caused the site to go offline temporarily.  We also regret
any concern that this incident may cause you.

What You Can Do.

As noted above, our stored passwords are protected by multiple levels
of encryption.  However, out of an abundance of caution, we recommend
that you reset your password as soon as Harmony Central is available.

Also, as always, please remain cautious when responding to e-mail
communications.  Please remember – no one from Harmony Central will
ever ask you for your password or log-in information.  No one from
Harmony Central will ask you for a credit card number, or Social
Security number, or anything of the sort.  If you ever receive any
message supposedly from Harmony Central asking for that or any personal
information, note the sender, delete the email immediately, restart your
computer, and alert us to the situation. Never click on any links or
attachments contained in an email of this type.

We appreciate your patience, and expect to have the site back up soon.

Sincerely,

Your Harmony Central Team

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php