BreachExchange mailing list archives
Trapster.com emails users that their website was hacked possibly exposing usernames and passwords
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Mon, 17 Jan 2011 19:25:55 -0500
Email being sent on behalf of Trapster.com to users. No other confirmation as to a breach at this point. ------------------------------------- http://wl4.peer360.com/b/qUlpevGWIJlJ474GE14y/main.asp?hl=89767844 Dear Trapster User: The Trapster team has recently learned that our website has been the target of a hacking attempt, and it is possible that your email address and password were compromised. We have taken, and continue to take, preventative measures to avoid future incidents but we are recommending that you change your Trapster password. As always, Trapster recommends that you use distinctive passwords for each site you visit, but if you use the same password on Trapster that you use on other services, we recommend that you change your password on those services as well. For information on how to reset your password or improve the security of your passwords for your Internet usage, please click FAQs. Sincerely, The Trapster Team ------------------------------------------------------------- http://wl4.peer360.com/b/21149i2125JE276H0ogX/main.asp?hl=-1&utm_medium=email&utm_source=peer360&utm_campaign=Trapster+Compromised+Accounts+Messaging+-+C1&utm_content=trapster+header_600 FAQs: How do I know if my password was hacked? We believe it’s best to be cautious. So, if you’ve registered your account with Trapster, then it’s best to assume that your e-mail address and password were included among the compromised data. We therefore recommend changing the password on your account, and if you used that password on any other site, you should change your password on that site as well. Should I be concerned about my other online accounts? What if I used that password on other sites? If you used your Trapster password on any other web site you should change the password on that site as well, particularly if you used the same e-mail address with that site. Additionally, it is generally suggested that password security increases if you follow these guidelines: At least 8 characters, and for added security, 14 or more Avoid common words and phrases Use both upper and lower case characters, and include numbers and symbols Do not base your password on any personal information How do I change my password? Log on at Trapster.com, and then go to My Account followed by Manage Account. Enter your new password and then click Update Account. If you’d like to change your registered e-mail address, again go online and go to My Account, then Manage Account. Click on change e-mail and put your new e-mail in the space provided. Then click on Verify. Wait for a confirmation e-mail to that address to verify your new e-mail account. I don’t remember my Trapster account password. What should I do? If you have forgotten your password, or need your confirmation e-mail or code resent, just visit http://trapster.com/forgot-password.php. What do you know about the incident? This was a single event. We understand how it occurred, and have taken steps to help prevent it from happening again. Please note that we are taking these actions with our users as a precautionary measure. While we know that we experienced a security incident, it is not clear that the hackers successfully captured any e-mail addresses or passwords, and we have nothing to suggest that this information has been used. Are you notifying those whose details may have been compromised? We are in the process of notifying those users who registered with Trapster. What are you doing so that this does not happen in the future? We have already rewritten the software code to help prevent this type of attack from happening again, and continue to implement additional security measures to further protect your data. What if I want to delete my account? If you wish to delete your account, log on at Trapster.com, go to My Account, followed by Manage Account. Click at the bottom of the page on “I want to cancel my Trapster account.” If you have further questions or are experiencing difficulties in changing your password, please e-mail us at outreach () trapster com. Please note, for security reasons we will not be able to supply additional details about the incident itself. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Trapster.com emails users that their website was hacked possibly exposing usernames and passwords Jake Kouns (Jan 17)