Ένα email λάβαμε πριν από λίγες ημέρες που μας προέτρεψε να αλλάξουμε τον κωδικό μας στο stickypassword και μας εξηγούσε ότι η υπηρεσία δέχθηκε μια mini επίθεση.
Τα ευχάριστα νέα είναι ότι δεν παραβιάστηκαν τα κρυπτογραφημένα δεδομένα σου, δηλαδή οι κωδικοί που έχεις αποθηκεύσει στο stickypassword. Η υπηρεσία υπενθυμίζει, ότι δεν θα σου ζητήσει ποτέ να αλλάξεις τον κωδικό σου στο web, μια τέτοια ενέργεια θα πρέπει να γίνεται πάντα μέσα από την εφαρμογή, σου εφιστά δηλαδή την προσοχή σε phising emails.
Τέλος μια καλή πρόταση είναι να ενεργοποιήσεις και το 2FA στο λογαριασμό σου. Το email που λάβαμε.
Security precaution advisory
For us at Sticky Password, security is the foundation of everything we do. We work hard to ensure that all of our customers’ data and sensitive information is kept private and safe. Given the nature of the internet, bad actors are continuously attempting to gain unauthorized access to resources of companies and individuals everywhere. While such activities are uncomfortable and disconcerting, they are part of the internet security landscape.
Our security team noticed increased traffic that may have been the result of a phishing attack targeting our users and their StickyAccounts. The event which resembled a DDoS attack targeted our StickyAccount infrastructure by trying to fraudulently submit various email addresses gained by the attacker before the attack from an unknown source in the wild, in order to try to find existing StickyIDs (valid Sticky Password user email addresses).
The bottom line is that NO encrypted user data was compromised. Sticky Password’s security infrastructure performed as designed and protected the encrypted data of our users.
However, due to this attack, your email address may be more vulnerable to Sticky Password-themed phishing attacks in which the attacker attempts to impersonate Sticky Password (e.g. trying to gain access to your Master Password). Please remember to be cautious of phishing emails. We will NEVER ask you to change, confirm or verify your Master Password through the web! When changing your Master Password, always do so ONLY through the Sticky Password application on your device.
Moreover, we recommend that you take the following precautions to ensure your StickyAccount containing your data is safe against other attacks:
1) As a security precaution, we strongly recommend changing your Master Password.
While there is no evidence that there was unauthorized access to your account, as a security measure following an attack, it’s essential to change the Master Password. Also, make sure that your Master Password is strong by fulfilling all recommended criteria for Master Password strength when creating it.
Your Master Password can be changed in the Settings menu of the Sticky Password app. The process is described in the following tutorials. Select the operating system you are using: Windows, macOS, iOS, Android
If you have Sticky Password installed on multiple devices, it is necessary to process the change on only one of your devices. Then when accessing Sticky Password on your other devices, you will be prompted to insert the old Master Password before the information about the new Master Password is confirmed.
2) Use the One-time PIN for device authorization.
This way, new devices can connect to your account only after a special security code (the One-time PIN) you receive via email is entered. For added security, this previously optional setting has now been set as default for all users.
3) Consider enabling Two-Factor Authentication.
To increase the security of your Sticky Password account even further, consider enabling Two-Factor Authentication as an additional layer of protection of the content of your password database.
Your Sticky Password Team