Educause Security Discussion mailing list archives
Re: Disney+ Hackef
From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Tue, 19 Nov 2019 15:01:18 +0000
Sure could be….some other questions. Lockout policy? What are the requirements for passwords? If they use 2FA(option?), what are the possible solutions? As an adjacent note, take a look at this site. https://gimletmedia.com/shows/reply-all/v4he6k It is a good pod cast to listen to, but the security links at the bottom are great. I have to look at it more, but it seems Google Authenticator may be better than using SMS for 2FA (less chance it will be taken). Robert W. Barton Executive Director of Information Security and Policy Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Scantlin, Aaron J. Sent: Tuesday, November 19, 2019 6:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Disney+ Hackef I don’t know… the vast majority of this is FUD. This is the single relevant excerpt from the article: “Two users who spoke with ZDNet on the condition we do not share their names admitted that they reused passwords. However, other users said online that they did not, and had used passwords unique for their Disney+ accounts. This suggests that in some cases hackers gained access to accounts by using email and password combos leaked at other sites, while in other cases the Disney+ credentials might have been obtained from users infected with keylogging or info-stealing malware.” While this might be the early signs of some major security failing, I think that the number of compromised accounts is small enough to suggest that password reuse is a much more reasonable suspicion. Aaron J. Scantlin Security Analyst, Division of IT GSEC, GCFA, GNFA University of Missouri - Columbia (573) 884 - 7555 scantlina () missouri edu<mailto:scantlina () missouri edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Ronald Loneker Sent: Monday, November 18, 2019 8:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Disney+ Hackef Everyone - Well that didn’t take long... https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/ Ron Loneker Jr Director, IT Special Projects College of Saint Elizabeth -- ---------------------------------------- Ron Loneker, Jr. Director, IT Special Projects College of Saint Elizabeth 2 Convent Road Morristown, NJ 07960 Phone: 973-290-4229 E-mail: rloneker () cse edu<mailto:rloneker () cse edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Disney+ Hackef Ronald Loneker (Nov 18)
- Re: Disney+ Hackef Scantlin, Aaron J. (Nov 19)
- Re: Disney+ Hackef Barton, Robert W. (Nov 19)
- Re: Disney+ Hackef Kevin Wilcox (Nov 19)
- Re: Disney+ Hackef Barton, Robert W. (Nov 19)
- Re: Disney+ Hackef Scantlin, Aaron J. (Nov 19)