Since many of us have reverb.com accounts...
The date of the compromise isn't mentioned, and the Reverb site has no mention of the compromise, but many folks with Reverb accounts are getting e-mailed notices of a site compromise. I've looked at the e-mail header and it definitely comes from Reverb. Time to change your password to be safe.
This stuff happens. Sometimes people are lax. Sometimes the bad guys just outpace the security folks who are working just as hard at keeping things locked up. "...publicly accessible for a short period of time" makes me think that directory permissions changed and exposed info was stored where it shouldn't be. Here's the basics from the e-mail:
Dear Reverber,
We take our users’ privacy and security very seriously. Out of an abundance of caution, we wanted to inform you that Reverb recently became aware of an issue relating to user contact information.
At this time, we believe that contact information, including name, address, phone number, and email, was publicly accessible for a short period of time. We do not have reason to believe that any of this information has been misused, nor do we believe that password or payment information were involved.
As soon as we learned of this issue, we immediately worked to resolve it. We conducted an investigation of the situation to determine what happened and are taking steps to prevent something like this from happening again.
As a general reminder, we recommend that you change your Reverb password on a regular basis. If you’d like to update your password you can do so easily from your Account Settings page.
Reverb site compromised. Change your password.
-
Partscaster
- Reactions:
- Posts: 1557
- Joined: Thu May 28, 2020 12:41 pm
- Location: Mars: Sector 6
I will. Thanks.
"The man that hath no music in himself, nor is not moved with concord of sweet sounds, is fit for treasons, stratagems, and spoils. The motions of his spirit are dull as night, and his affections dark as Erebus. Let no such man be trusted."
-
BatUtilityBelt
- Reactions:
- Posts: 1724
- Joined: Thu May 28, 2020 4:25 pm
Seems legit (not sarcasm).
-
ronnx
- Reactions:
- Posts: 165
- Joined: Sat Oct 24, 2020 12:01 pm
- Gearlist: Agile, Squier, Ibanez, Italia, Fender., Peavey, Epiphone and Partscasters.
I recently added DuckDuckGo to my Firefox browser. I've noticed several sites I visit only sparsely have sent me messages on some unknown trying to access my accounts. I'm thinking it may have something to do with adding DDG's browsing protections. ???
-
BatUtilityBelt
- Reactions:
- Posts: 1724
- Joined: Thu May 28, 2020 4:25 pm
From the email, it seems to relate to people with Reverb accounts.
-
andrewsrea
- Reactions:
- Posts: 1372
- Joined: Wed May 27, 2020 4:43 pm
- Location: Lake Saint Louis, MO
- Gearlist: 28 Guitars: (2) basses, (2) acoustics, (3) hollow bodies, (3) Semi hollow, (1) Double-neck, (17) Solid-bodies
Appreciate the heads-up. i got the email and had to read it a few times to understand what it meant. I got out of it that our personal info was accidentally exposed, but they are not sure any one was looking.
I have life long identity service and insurance due to my US government clearance information was hacked (yes, the CCP has my fingerprints and social security number) and my medical insurance (Anthem) personal info was hacked.
This email read different from those hacks. This read like one of their software designers were doing their work, not realizing they left the door open.
I have life long identity service and insurance due to my US government clearance information was hacked (yes, the CCP has my fingerprints and social security number) and my medical insurance (Anthem) personal info was hacked.
This email read different from those hacks. This read like one of their software designers were doing their work, not realizing they left the door open.
Live life to the fullest! - Rob