Complaint from MacRumors users about the recent security issue.

[FloatingBones]

MR initially appears to have updated about the breach using a forum that they had disabled so if you didn't see the thread right away then when you came to the site (forums), they were down. The complaint is fairly justified.

I don't see your chain of reasoning for "fairly justified".

It is not that forum information is breached. It is that passwords and e-mails appear to have been stolen and to the point of another member, if PMs are accessed, then there is personal data in there from former market place sales. So to cover bases, treat this like a personal information breach and nothing less.

The blazingly obvious take-away from this: do not ever send personal data in PMs -- on any BBS. If you need to exchange personal information for for market place sales, then use e-mail to exchange those personal information. If you're concerned about security risks of using the market place here, then use a professionally run marketplace service -- a service that will charge you $$$ for its use.

I'd like to know about PMs as well. Not that I gave out bank details or anything, but my home address has been shared.

Consider a different way to say that: you shared your home address on a PM, and that now might have been broadcast. The obvious solution is to never ever share your personal information on a PM.

[...] then I would have likely started figuring out if or where I've used the same password and began changing it on any site I could still access.

Your tag of "Nehalem" indicates that you have written thousands and thousands of messages here. In the year 2013, I presume that any literate users of computer forums know that every single web login should have a unique password.

Please. If you are so darn worried about the integrity of your PMs, then you should never ever have been using your MR password on any other website. Unique passwords everywhere: there is no substitute -- until SQRL systems get deployed.

 

[bmac4]

I don't see your chain of reasoning for "fairly justified".



The blazingly obvious take-away from this: do not ever send personal data in PMs -- on any BBS. If you need to exchange personal information for for market place sales, then use e-mail to exchange those personal information. If you're concerned about security risks of using the market place here, then use a professionally run marketplace service -- a service that will charge you $$$ for its use.



Consider a different way to say that: you shared your home address on a PM, and that now might have been broadcast. The obvious solution is to never ever share your personal information on a PM.



Your tag of "Nehalem" indicates that you have written thousands and thousands of messages here. In the year 2013, I presume that any literate users of computer forums know that every single web login should have a unique password.

Please. If you are so darn worried about the integrity of your PMs, then you should never ever have been using your MR password on any other website. Unique passwords everywhere: there is no substitute -- until SQRL systems get deployed.

Have you consider the fact that our emails have been compromised as well? Any personal info you have on your email could also be at risk. Telling someone to use their email not PMs does no good in this case. Also going through a professional marketplace while using your email with that site could not be at risk. Again this goes far beyond this site, and whether you have personal info in PMs or not. You email is on this site, and now they have that info as well.

 

[Peace]

Have you consider the fact that our emails have been compromised as well? Any personal info you have on your email could also be at risk. Telling someone to use their email not PMs does no good in this case. Also going through a professional marketplace while using your email with that site could not be at risk. Again this goes far beyond this site, and whether you have personal info in PMs or not. You email is on this site, and now they have that info as well.

They may have got your email address. This doesn't mean they have access to your email.

 

[bmac4]

They may have got your email address. This doesn't mean they have access to your email.

Yes that may be, but there is a chance it is not. How many people use the same passwords for different things? If they did then it is very possible they have the email, and password.

 

[GoCubsGo]

I don't see your chain of reasoning for "fairly justified".



The blazingly obvious take-away from this: do not ever send personal data in PMs -- on any BBS. If you need to exchange personal information for for market place sales, then use e-mail to exchange those personal information. If you're concerned about security risks of using the market place here, then use a professionally run marketplace service -- a service that will charge you $$$ for its use.



Consider a different way to say that: you shared your home address on a PM, and that now might have been broadcast. The obvious solution is to never ever share your personal information on a PM.



Your tag of "Nehalem" indicates that you have written thousands and thousands of messages here. In the year 2013, I presume that any literate users of computer forums know that every single web login should have a unique password.

Please. If you are so darn worried about the integrity of your PMs, then you should never ever have been using your MR password on any other website. Unique passwords everywhere: there is no substitute -- until SQRL systems get deployed.

Who said I used the same password on any site? I simply said I started changing them because I did use the same email.

Your condescending tone and your ability to make it look like we, the forum members, should know better and are basically stupid is hilarious.
Stop assuming I did something when I did not. How do you know I did something? Oh that's right, you're assuming.

Please, if you're not worried about a security breach then run along.

 

[FloatingBones]

Have you consider the fact that our emails have been compromised as well?

No. Unless you are sharing passwords between your e-mail account and the MR service, it makes absolutely no sense. Rather than asking a question, you need to explain how your e-mail account would be at risk because of the MR problem.

Any personal info you have on your email could also be at risk.

So you claim. Now, you need to explain how you think the two could be linked.

Telling someone to use their email not PMs does no good in this case.

In what case? You have failed to make your case. You're piling on top of a conjecture you have failed to explain. WTF do you think an e-mail service would be linked to the MR service -- unless someone is carelessly using the same password for both?

Again

Again? Repeating the same conjecture again and again does not make it a fact.

In the year 2013, why would any security-literate person not be using unique passwords, and managing them on a service like 1Password or LastPass?

Who said I used the same password on any site? I simply said I started changing them because I did use the same email.

Actually, you said:

Had I known upon coming to this site and seeing the forums down and after reading a brief and vague exchange between Arn, @MacRumors, and rdowns, that there was a security issue and not something meaningless, then I would have likely started figuring out if or where I've used the same password and began changing it on any site I could still access.

Your condescending tone and your ability to make it look like we, the forum members, should know better and are basically stupid is hilarious.
Stop assuming I did something when I did not.

I'm responding to what you said. This is 2013. If you have to figure out where you're using the same password, then your password-management scheme is a failure. Do you disagree?

How do you know I did something?

Because of what you said.

Please, if you're not worried about a security breach then run along.

I'm astonished by the members here who still don't understand the basic need to have unique passwords on all services. It is a no-brainer to use the password-management services to manage those passwords.

 

[bmac4]

Who said I used the same password on any site? I simply said I started changing them because I did use the same email.

Your condescending tone and your ability to make it look like we, the forum members, should know better and are basically stupid is hilarious.
Stop assuming I did something when I did not. How do you know I did something? Oh that's right, you're assuming.

Please, if you're not worried about a security breach then run along.

It seems them people are now trying to blame us as users for having our information on the site, or using a password in more than one location. In your case it sounds as if you did not use the same passwords, but if we did that is still not our fault MR got hacked.

I am with you, and am tired of people assuming we are the stupid ones. I have a junk email, and password that I use on almost nothing but this site. That does not mean I am not worried about a breach. We all should be, and people keep acting as if we are being extreme, and MR handled things like a champ. I am sorry to say they did not, and should be held accountable for it. When we do something wrong in their eyes we are held accountable. What is the difference?

People stop defending MR, and realize they make mistakes, and this was a huge one. If you don't use the same password for multiple things. Good for you, but that does not mean some of your personal info was not exposed. The people that seem to think MR did nothing wrong are the ones that look stupid in my eyes.

 

[bmac4]

No. Unless you are sharing passwords between your e-mail account and the MR service, it makes absolutely no sense. Rather than asking a question, you need to explain how your e-mail account would be at risk because of the MR problem.



So you claim. Now, you need to explain how you think the two could be linked.



In what case? You have failed to make your case. You're piling on top of a conjecture you have failed to explain. WTF do you think an e-mail service would be linked to the MR service -- unless someone is carelessly using the same password for both?



Again? Repeating the same conjecture again and again does not make it a fact.

In the year 2013, why would any security-literate person not be using unique passwords, and managing them on a service like 1Password or LastPass?

Well since you seem to be the genius in this forum and have never used the same password for anything then you are good to go. Now for the the rest of us that at some point in our many years on the internet have repeated passwords. Our information may have been exposed. A lot of people use the same password for everything. If you want to call them stupid then fine go right ahead, but I would guess people like you are in the minority on this.

Now let me explain since you can't see a simple fact. When you signed up for MR you had give a email. That email is now the MR severs. Now those servers just got hacked. Guess what? There is your email for the hacker to see. Now in your case you say you are good because well no one in their right mind would use the same password for MR and their email. But the fact is most people do, so now not only is there MR information breach, but also their email. Now whether the hacker uses this info is something totally different, but it still is a fact they have the info. Beyond that your email hold a lot of personal information which then puts all that info our in the open.

Sorry buddy, but this was not just some simple hack that MR and you should take lightly. More information then you would care to believe is now possible been exposed. You may been in the clear, but those hundreds of thousands of people that don't have the same practices as you are not so lucky.

 

[Orange Furball]

No. Unless you are sharing passwords between your e-mail account and the MR service, it makes absolutely no sense. Rather than asking a question, you need to explain how your e-mail account would be at risk because of the MR problem.



So you claim. Now, you need to explain how you think the two could be linked.



In what case? You have failed to make your case. You're piling on top of a conjecture you have failed to explain. WTF do you think an e-mail service would be linked to the MR service -- unless someone is carelessly using the same password for both?



Again? Repeating the same conjecture again and again does not make it a fact.

In the year 2013, why would any security-literate person not be using unique passwords, and managing them on a service like 1Password or LastPass?



Actually, you said:






I'm responding to what you said. This is 2013. If you have to figure out where you're using the same password, then your password-management scheme is a failure. Do you disagree?



Because of what you said.



I'm astonished by the members here who still don't understand the basic need to have unique passwords on all services. It is a no-brainer to use the password-management services to manage those passwords.

Actually there are a lot of people who use the same password for both email and Mac rumors and a bunch of other sites . For example, I previously have used the orange furball name and my email on XDA, Gmail, eBay, PayPal, you name it I probably use it there. I've never had a reason to change my password because there's never been a breach like this and if there was it has been its been caught early and the users are notified early.

Now I will probably get in trouble for this, but the Loyalists here on Mr getting quite annoying . There was a breach and looks like about 50 percent say that it was not MacRumors fault and the other 50 say they did not handle properly. I'm sure there's more out there just like me on this website that have used the same password and username combination on other sites.

Just because you were "smart" and use a different password for every website that you have ever visited in your whole life does not mean that others are the same way. The admin team screw up here and that's the truth.

Not everyone is just like you and you should respect that some people are more upset about this and you are. If you are not upset then leave the form do not stay here and argue with people for the sake of arguing.

But hey, I'm just an idiot who used the same password multiple times.

 

[SilentPanda]

Actually there are a lot of people who use the same password for both email and Mac rumors and a bunch of other sites . For example, I previously have used the orange furball name and my email on XDA, Gmail, eBay, PayPal, you name it I probably use it there. I've never had a reason to change my password because there's never been a breach like this and if there was it has been its been caught early and the users are notified early.

MacRumors is responsible for the security of your account and data, I agree. But you are also responsible for the security of your accounts and data. Just as nobody keeps a backup until the first time they lose their data, people tend to reuse passwords until their account is compromised. There was a failure at MacRumors be it software or user error, but there was also a failure on members parts to not use unique passwords across sites. MacRumors is no doubt learning from this but users can also learn from this. Go fix your end, let MacRumors fix theirs. The amount of time you've spent posting here you could have changed a good deal of your passwords.

When I found out about the security issue via the site, I just went and changed my unique MacRumors password. I don't really care that this happened. It took me all of 30 seconds to change it.

Go get a password manager, free or otherwise. It's worth the temporary hassle to secure your login across all sites.

 

[roadbloc]

I guess y'all lucky that the hacker doesn't plan to do anything with the stolen data. If you choose to trust whomever did it that is.

Next time don't be a ninny and use different passwords.

 

[Peace]

MacRumors is responsible for the security of your account and data, I agree. But you are also responsible for the security of your accounts and data. Just as nobody keeps a backup until the first time they lose their data, people tend to reuse passwords until their account is compromised. There was a failure at MacRumors be it software or user error, but there was also a failure on members parts to not use unique passwords across sites. MacRumors is no doubt learning from this but users can also learn from this. Go fix your end, let MacRumors fix theirs. The amount of time you've spent posting here you could have changed a good deal of your passwords.

When I found out about the security issue via the site, I just went and changed my unique MacRumors password. I don't really care that this happened. It took me all of 30 seconds to change it.

Go get a password manager, free or otherwise. It's worth the temporary hassle to secure your login across all sites.

I would imagine there's quit the discussion going on behind that curtain eh ?

hehe

 

[FloatingBones]

Well since you seem to be the genius in this forum and have never used the same password for anything then you are good to go.

Didn't someone just pontificate in this thread about not assuming anything?

I'm not a genius on the topic, but I do have a PhD from the school of hard knocks. I got bit by the Gawker Media breach back in December, 2010. I was already using 1Password; it was really stupid that I was sharing the same password on multiple sites (but I did have a unique password on my e-mail ).

The difference is that I never ever blamed Gawker for the collateral damage. I immediately set out to use unique passwords for all web services.

Now for the the rest of us that at some point in our many years on the internet have repeated passwords.

Most of us did. I presumed that many of "the rest of us" took note at the Gawker breach -- and took decisive action to eliminate that threat for the future.

Our information may have been exposed.

The trouble is with your language. You should be saying, "Because we reused passwords on multiple sites, our information may have been exposed."

A lot of people use the same password for everything. If you want to call them stupid then fine go right ahead, but I would guess people like you are in the minority on this.

You're the only one using that adjective here. If I were to use an adjective, I'd suggest "complacent". Also, a small minority -- like you -- blame MR for a failure that you are largely responsible for causing. Based on your promiscuous use of your e-mail password, you could have already been compromised for a long time. Some other site could have shared your account/password -- or even sold it.

Now whether the hacker uses this info is something totally different, but it still is a fact they have the info. Beyond that your email hold a lot of personal information which then puts all that info our in the open.

The fact is that they only have that information because of your promiscuous behavior on the web. And only a tiny minority -- like you -- are complaining as vocally as you are today.

Did you not know about the Gawker breach? Have you not paid attention to the hundreds of data breaches over the last 10 years? Were you ever going to take responsibility to compartmentalize your identification information on the Internet?

More information then you would care to believe is now possible been exposed.

Only for the subset of users who had promiscuous patterns of behavior. Are you going to upgrade your behavior now?

How do you suggest we get the word out for others to upgrade their security practices?

Actually there are a lot of people who use the same password for both email and Mac rumors and a bunch of other sites . For example, I previously have used the orange furball name and my email on XDA, Gmail, eBay, PayPal, you name it I probably use it there. I've never had a reason to change my password because there's never been a breach like this and if there was it has been its been caught early and the users are notified early.

Did you see the money quote from the person/group who allegedly did this hack:

"We're not logging in to your gmails, apple accounts, or even your yahoo accounts (unless we target you specifically for some unrelated reason)," the user known simply as Lol wrote. "We're not terrorists. Stop worrying, and stop blaming it on Macrumors when it was your own fault for reusing passwords in the first place."

Your claim is false. There have definitely been breaches like this like the Gawker Media breach in 2010. I suggest you adopt prevention-oriented measures rather than reacting when something happens. By shifting to a prevention-oriented approach, you will encounter far fewer crimes, diseases, health problems, etc.

 

[bmac4]

MacRumors is responsible for the security of your account and data, I agree. But you are also responsible for the security of your accounts and data. Just as nobody keeps a backup until the first time they lose their data, people tend to reuse passwords until their account is compromised. There was a failure at MacRumors be it software or user error, but there was also a failure on members parts to not use unique passwords across sites. MacRumors is no doubt learning from this but users can also learn from this. Go fix your end, let MacRumors fix theirs. The amount of time you've spent posting here you could have changed a good deal of your passwords.

When I found out about the security issue via the site, I just went and changed my unique MacRumors password. I don't really care that this happened. It took me all of 30 seconds to change it.

Go get a password manager, free or otherwise. It's worth the temporary hassle to secure your login across all sites.

Sure people should be more cautious, but not everyone thinks about that. People want convenience. Making one password makes remembering very easy. You have to remember that not everyone is as technology savvy as you are. I am not saying Orange is not because I know he is. What I am saying is a lot of users on this site are not people that think about this type of thing.

I have different passwords, but having any hack on a site that I am a member of does not sit well with me. Who knows what they got, and what they plan to do with it. Maybe you don't have the password, and maybe you don't have personal info on the site. Honestly though you have no idea what a hacker can do with what little information they could have gotten about you.

It like saying my house got robbed, but they only stole a box that had some worthless crap in it. Yeah it may not hurt you right now, but it sure makes you feel uneasy, and you have no idea if they may try it again.

 

[djtech42]

Didn't someone just pontificate in this thread about not assuming anything?

I'm not a genius on the topic, but I do have a PhD from the school of hard knocks. I got bit by the Gawker Media breach back in December, 2010. I was already using 1Password; it was really stupid that I was sharing the same password on multiple sites (but I did have a unique password on my e-mail ).

The difference is that I never ever blamed Gawker for the collateral damage. I immediately set out to use unique passwords for all web services.



Most of us did. I presumed that many of "the rest of us" took note at the Gawker breach -- and took decisive action to eliminate that threat for the future.



The trouble is with your language. You should be saying, "Because we reused passwords on multiple sites, our information may have been exposed."



You're the only one using that adjective here. If I were to use an adjective, I'd suggest "complacent". Also, a small minority -- like you -- blame MR for a failure that you are largely responsible for causing. Based on your promiscuous use of your e-mail password, you could have already been compromised for a long time. Some other site could have shared your account/password -- or even sold it.



The fact is that they only have that information because of your promiscuous behavior on the web. And only a tiny minority -- like you -- are complaining as vocally as you are today.

Did you not know about the Gawker breach? Have you not paid attention to the hundreds of data breaches over the last 10 years? Were you ever going to take responsibility to compartmentalize your identification information on the Internet?



Only for the subset of users who had promiscuous patterns of behavior. Are you going to upgrade your behavior now?

How do you suggest we get the word out for others to upgrade their security practices?

It's still an issue. I have never had a major scale hack like this happen to me before, so I always just used one complex "un-hackable" password that I remember through muscle memory. When something like this happens, it exposes the password and boom, doesn't matter how complex the password. I know now to use things like iCloud Keychain, but how would I have known to do that before when I wasn't extremely paranoid? How can you call using the same or similar passwords "promiscuous?" I have been very careful on the Web. Apparently MacRumors wasn't careful enough.

 

[Shrink]

I was a moron. I came to computers for the first time three years ago. I thought I was being so clever using the same password on a number of sites until about 2 years ago, when I started using LastPass to generate unique passwords for each new site.

When MR experienced the security breach, it forced me to go change the passwords on a bunch of sites.

MY FAULT for being a dumb newbie...but I learned.

 

[bmac4]

Didn't someone just pontificate in this thread about not assuming anything?

I'm not a genius on the topic, but I do have a PhD from the school of hard knocks. I got bit by the Gawker Media breach back in December, 2010. I was already using 1Password; it was really stupid that I was sharing the same password on multiple sites (but I did have a unique password on my e-mail ).

The difference is that I never ever blamed Gawker for the collateral damage. I immediately set out to use unique passwords for all web services.



Most of us did. I presumed that many of "the rest of us" took note at the Gawker breach -- and took decisive action to eliminate that threat for the future.



The trouble is with your language. You should be saying, "Because we reused passwords on multiple sites, our information may have been exposed."



You're the only one using that adjective here. If I were to use an adjective, I'd suggest "complacent". Also, a small minority -- like you -- blame MR for a failure that you are largely responsible for causing. Based on your promiscuous use of your e-mail password, you could have already been compromised for a long time. Some other site could have shared your account/password -- or even sold it.



The fact is that they only have that information because of your promiscuous behavior on the web. And only a tiny minority -- like you -- are complaining as vocally as you are today.

Did you not know about the Gawker breach? Have you not paid attention to the hundreds of data breaches over the last 10 years? Were you ever going to take responsibility to compartmentalize your identification information on the Internet?



Only for the subset of users who had promiscuous patterns of behavior. Are you going to upgrade your behavior now?

How do you suggest we get the word out for others to upgrade their security practices?

Again you are assuming. You have no idea how many people use the same password for many logins. I never once said it was the right thing to do, but blaming the user for a site getting hacked it just stupid. What little information you have on MR is at the hackers hands now. Whether you want to believe it or not. Sure it may be same amounts of information because you seem to be so smart, but who's to say they can't use that information? I don't know what hackers can.

Why don't you read my post again before posting. I said I did not use the same login, or password for sites. I am saying the people that did. I know that I need different passwords. You just seem to believe everyone should be as "smart" as you. Facts are it just is not true.

Having a site hacked is very scary. Whether you have information on it or not. To know someone can get back their security does not sit well with me. Using your 1password I am sorry to say does not make you safe. All these things can be hacked, and guess what again all your info is stolen.

----------

What happens when lastpass, and 1password are hacked? Are you guys still safe?

 

[SilentPanda]

I would imagine there's quit the discussion going on behind that curtain eh ?

hehe

I haven't a clue. I'm not a mod anymore. My guess is that probably not. arn isn't super talkative back there anyway and he has better things to do at the moment than chat up the mods who can't really help or give information to him.

I'm okay with people being upset. I'm okay with people being mad a MacRumors. It is the fault of MacRumors that this happened. But people seem to want something to be done to fix what has already happened... and that's just not possible.

Others are offering advice so that users don't get bit again, mostly to use unique passwords via a password manager. Sure you didn't do it before, but you can do it now. Assume every web site you create credentials at, the admin is a moron. Assume they keep your information in a plain text file that is visible to anybody. Be responsible for your own security going forward. If others are also adding security on top of that, great. We can learn, MacRumors can learn. Stop thinking, "MacRumors shoulda done this" or "Every user shoulda done that". Put a password manager in place now. I think I've had to deal with at least 4 security issues so far this year and every time I've just done a few clicks to generate a new password and voila... no biggie. MacRumors, Sony, EA, and Adobe... it happens, fix your end while they fix theirs.

 

[djtech42]

I haven't a clue. I'm not a mod anymore. My guess is that probably not. arn isn't super talkative back there anyway and he has better things to do at the moment than chat up the mods who can't really help or give information to him.

I'm okay with people being upset. I'm okay with people being mad a MacRumors. It is the fault of MacRumors that this happened. But people seem to want something to be done to fix what has already happened... and that's just not possible.

Others are offering advice so that users don't get bit again, mostly to use unique passwords via a password manager. Sure you didn't do it before, but you can do it now. Assume every web site you create credentials at, the admin is a moron. Assume they keep your information in a plain text file that is visible to anybody. Be responsible for your own security going forward. If others are also adding security on top of that, great. We can learn, MacRumors can learn. Stop thinking, "MacRumors shoulda done this" or "Every user shoulda done that". Put a password manager in place now. I think I've had to deal with at least 4 security issues so far this year and every time I've just done a few clicks to generate a new password and voila... no biggie. MacRumors, Sony, EA, and Adobe... it happens, fix your end while they fix theirs.

I'm mainly angry at the fact that the hacker had the nerve to come on here and say he isn't planning on doing anything with the information. Why should we trust him? People already have suspicious activity warnings in their accounts.

 

[FloatingBones]

I have never had a major scale hack like this happen to me before, so I always just used one complex "un-hackable" password that I remember through muscle memory.

The mischief happened from presuming this was a way to have secure passwords.

In one sense, you are safer than many. If someone does a dictionary attack on the password hashes, your password won't get a hit. In that sense, you bought yourself some time -- to update all your account passwords.

When something like this happens, it exposes the password and boom, doesn't matter how complex the password.

Bingo. That demonstrates the fragility of the system that you were using.

I know now to use things like iCloud Keychain, but how would I have known to do that before when I wasn't extremely paranoid?

Being cognizant of the large number of database breaches over the past 10 years?

How can you call using the same or similar passwords "promiscuous?"

Because the security of all of your accounts sharing a particular password are only as strong as the security of the weakest site. For all you know, your superduper password was compromised years ago. You do not know -- you will never know. Practice safe password: use a unique password for every site.

Did you take the time to look up the proposed SQRL protocol to deal with the website-login problem?

I have been very careful on the Web.

No. You have used the same password on multiple sites. That is not being careful at all.

Please investigate one of the password-management systems.

 

[SilentPanda]

I'm mainly angry at the fact that the hacker had the nerve to come on here and say he isn't planning on doing anything with the information. Why should we trust him? People already have suspicious activity warnings in their accounts.

I don't think anybody is saying to trust him/them.

 

[SandboxGeneral]

I don't think anybody is saying to trust him/them.

I like to use Steve Gibson's philosophy from the podcast Security Now of TNO. Trust No One.

 

[theSeb]

Again you are assuming. You have no idea how many people use the same password for many logins. I never once said it was the right thing to do, but blaming the user for a site getting hacked it just stupid. What little information you have on MR is at the hackers hands now. Whether you want to believe it or not. Sure it may be same amounts of information because you seem to be so smart, but who's to say they can't use that information? I don't know what hackers can.

Why don't you read my post again before posting. I said I did not use the same login, or password for sites. I am saying the people that did. I know that I need different passwords. You just seem to believe everyone should be as "smart" as you. Facts are it just is not true.

Having a site hacked is very scary. Whether you have information on it or not. To know someone can get back their security does not sit well with me. Using your 1password I am sorry to say does not make you safe. All these things can be hacked, and guess what again all your info is stolen.

----------

What happens when lastpass, and 1password are hacked? Are you guys still safe?

Please stop digging. It's becoming painful to read, especially the last bit. I think in your excitement you have actually forgotten what point you were trying to make. Yes, you're outraged. In the time you and the OP have been moaningabout this you could have already changed all of your passwords.

The way this problem was communicated by MR was not appropriate - we have covered this. There are many lessons to be learnt here. Lessons for MR moderators and back end admin and lessons for the users. Maybe a basic security best practises article from Macrumors would be a good start to help users like you and the OP?

What exactly are you arguing about now? What do you hope to achieve? I don't think even you know anymore.

 

[bmac4]

Please stop digging. It's becoming painful to read, especially the last bit. I think in your excitement you have actually forgotten what point you were trying to make. Yes, you're outraged. In the time you and the OP have been moaningabout this you could have already changed all of your passwords.

The way this problem was communicated by MR was not appropriate - we have covered this. There are many lessons to be learnt here. Lessons for MR moderators and back end admin and lessons for the users. Maybe a basic security best practises article from Macrumors would be a good start to help users like you and the OP?

What exactly are you arguing about now? What do you hope to achieve? I don't think even you know anymore.

See here is your problem. You cant read. I never once said I needed to changed my passwords. I never had the same passwords. I am good, but many are not. Many don't take safety measures like this cause they don't know they need to. Come back when you have read my post.

 

[The Mrs.]

This is the first I've heard of a breach.