Recently Creative's Soundblaster forums were pulled down after a data breach which included Email addresses, Forum user names, IP addresses and Encrypted passwords.
What would be the course of action in terms of securing myself from any further attack?
Change all your login passwords everywhere, and if possible ( your convenience ) change your email address, and "speak" to your ISP about changing your External IP. [this would normally change on a regular basis anyway, but is best to prompt the ISP ]
Consider one of the available secure password managers for future use these can create fully random secure long complex passwords for all your sites but allow you to use them normally.
Also in future opt-in to any two tier security available to secure login.
If you have any mission critical data think about your backup policy to secure this and also consider data encryptions, [ I would not expect this to apply to a normal home user]
@barman
I use Lastpass for all of my password/logins with long complex passwords. Would you still recommend changing each sites password? What about usernames? Changing my email address would be major, what about all of the subscriptions and people that only contact me with that email address?
Edit: I think the rest of my system defense is ok.. I run WD, standard user account, DEP enabled for all apps and have a lot of data locations shut off with Controlled Folder Access..
Does lastpass have a auto change facility built in part of the creation system for passwords are they changed automatically on a timer?, this sort of thing is very likely "overkill" for a personal system so can be ignored . but is a good security feature in office environments where email passwords do get passed around
The convenience factor for the email has to be a major factor in your decision and should not be a major issue retaining the address, as long as the password is changed.
A system I have implemented for clients moving from one email to another, (company rebranding, buyouts Etc), is to retain the old email but only use this for receiving mail, a New address is used for all outgoing mail, stating that the email has changed, (add to signature), so after a while the old address falls out of use, Most email systems will allow you to check mail from more than one address and even flag those coming via the old address for your attention, (you can then recreate subsctriptions you may have, or not
No auto-changer for PWs I am aware of. This is a sample LastPass PW generator screen. Nothing here, or on main Edit Site screen.
Lastpass does have a password changer but I've never understood how they work. The password would still have to be changed manually through the particular websites settings anyway?
That's true. Setup correctly, if you change a PW in a site, LP will ask "Save Password change?". You can accept, or Not Now.
Found this. The Auto-Change is a Beta feature and limited in scope. The article explains in detail, with a list of sites supported.
Generating Secure Passwords | User Manual
Hi.
If Soundblaster forum is the only hack, then (obviously) changing the password on that one, and any other place where you may have used the same password would be the first steps. Then, I would check on this site to see if your email address(es) have been pwned:
Have I Been Pwned: Check if your email has been compromised in a data breach
If so, change passwords accordingly. And, check this site on a regular basis. Sites/databases get hacked, and then show up months (or ever years) later.
If LastPass is signed in while you are making password changes at the various sites, it will ask you if you want to make updates - select yes.
Changing your public IP address can be done by turning off your modem for up to 10 minutes, to grab a new, dynamic address from your ISP. If you pay for a static IP, well, that's another matter.
2FA is always preferable where available.
Quote
