Archive for December, 2021

2021: Year In Review

Posted in Commentary on December 31, 2021 by itnerd

At this time of year I like to look back over the past 365 days and pick out the stories that really got my attention. This year has been only marginally better than 2020, which is another way of saying that the focus on the entire planet was understandably elsewhere. Having said that, here’s what happened in tech this year:

Log4j: This popped up at the end of the year and sent the entire planet scrambling to patch everything. Seeing as threat actors are taking advantage of this, you can fully expect that this will still be a story well into 2022. In the meantime, make sure that you’ve patched all the things so that you don’t get pwned.

Speaking of Getting Pwned, The Pwnage This Year Was Beyond Epic: It almost seemed that not a day went by without some company being pwned by hackers. Be it ransomware gangs or other threat actors wanting to cause havoc, make a buck, steal data, or sometimes all of the above. And nobody was immune. Even an Apple contract manufacturer got pwned with data leaked, specifically the schematics of what turned out to be the new MacBook Pros. This will continue into 2022. Mark my words.

Apple’s Continued Fall From Grace: Whether it was the lack of quality of their software, inability to deliver features on time, their employee issues, threats in terms of anti-trust on multiple fronts, lawsuits, AirTags being used for evil purposes, Apple’s horrific misadventures in India, and their issues with attempting to crack down on CSAM, Apple had a multitude of problems to deal with. And it is unlikely to end in 2022 unless they really get their act together.

Speaking About Apple, How About Those New M1 Pro And M1 Max Processors?: While Apple did have its issues this past year, putting out processors that blew people’s minds wasn’t one of them. The new M1 Pro and M1 Max processors that popped up in the new MacBook Pros blew the doors off of anything made by Intel. And while Intel has new Alder Lake processors which are starting to ship, one has to wonder if they will come anywhere close to the power to watt ratio that Apple’s processors currently do? That will be something to watch in 2022.

Speaking Of New Processors, How About That Tensor Processor?: Google released the Pixel 6 phones with a in house designed Tensor processor which is actually quite good and allowed the Pixels to do things that no other Android phone can do. In short, they are trying to do what Apple has being doing with their A series of processors for years. It’s an interesting strategy, and if I am Qualcomm, I’d be a wee bit worried.

Facebook Becomes Meta: Facebook is getting hit from all sides with all manners of bad press. So I guess that Zuckerberg and company thought a name change was in order. Thus they are now known as Meta as they want to expand into the metaverse. Which I guess is the next logical place to go as in the real world they are the most hated company around.

Tile Sells Itself To A Company With Less Than Honourable Intentions: I guess that AirTags finally was the last straw that made Tile sell itself to a company called Life360. This is a company who sells all sorts of location and other data to anyone who will buy it and seemingly makes no apologies for doing so. Which means that if you’re a Tile user, you’re data will be sold to anyone who wants it. Which means by extension, you have a decision to make. Are you okay with that or should you dump all your Tile trackers and spring for AirTags or perhaps take a look at Chipolo trackers? It will be interesting to see what happens on that front in 2022.

The Rogers Family Drama: The Rogers family fought it out in public for all to see over who would control Rogers Communications. It was kind of like the HBO show “Succession” except that the family patriarch is already dead. I have to admit that it wasn’t a good look for Rogers Communications or the family. And I can’t imagine how much morale suffered if you’re a Rogers employee who had to see this play out. But in the end, Edward Rogers got his way and was able to fire Joe Natale as CEO and install the people he wanted to run the company. Now let’s see in 2022 if all this turmoil allows them to buy Shaw Communications and allow Rogers to be competitive with Bell and Telus, which at the moment, they are not competitive with either.

Speaking Of Telcos, Boy Does Bell Canada Customer Service Suck: My wife and I tried to dump Rogers this summer when we wanted to lower our telco bill. But when Bell Canada, who I freely admit have world class Internet products that totally destroys anything that Rogers has to offer, absolutely made a mess of us moving to them because of their absolutely shambolic customer service, my wife and I stayed with Rogers and upgraded to Rogers Ignite instead. And that upgrade went shockingly well and saved us a few bucks too. And this was on top of hearing from lots of my clients, both business and residential that Bell’s customer service is the worst. This is a problem if you’re Bell as if Rogers ever gets their act together and starts offering products that are competitive with Bell, then Bell will be in deep trouble.

And now for some stats. The top ten countries that visited my blog in 2020 are:

  1. Canada
  2. United States
  3. United Kingdom
  4. India 
  5. Australia
  6. Germany
  7. Norway
  8. Philippines
  9. Netherlands
  10. Singapore

In all almost 1.2 million page views were served up this year. Given the year that we all had, that’s pretty good.

And in terms of the top ten stories that were viewed this year:

  1. Don’t Fall For This Interac Scam That Is Delivered By Text Message [UPDATED]
  2. Here’s How The Last 4 Digits Of Your Credit Card Can Be Used To Commit Fraud
  3. WARNING! A New Text Message #Scam Involving TD Bank Is Making The Rounds [UPDATED x2]
  4. New Program Offering Canadian Seniors Free Smartphones & Low-Cost Data Plans From TELUS To Help Them Stay Connected
  5. Another Reason For Rogers To Be Scared…. TELUS Launches PureFibre X With Canada’s Fastest Internet Speeds
  6. How To Move Your E-Mail And Contacts Off The Rogers Yahoo/Oath E-Mail Platform
  7. Rogers Rolling Out New Modem/Routers For Ignite Internet…. Why You Should Care
  8. Android Auto & Apple CarPlay On My 2016 Hyundai Tucson Limited
  9. Why Bell Has The Upper Hand Against Rogers When It Comes To Internet Access In Canada
  10. Apple M1 Mac SSD Swap Issues – Should You Be Concerned?

The top three items are related to scams, which seemed to be something that was a bit of a theme this year as I spent a lot of time writing about scams in 2021. It also highlights that you really need to be careful out there as there are people who are trying to separate you from your identity or money or both. TELUS made some news at spots four and five that unlike fellow telco Rogers was positive. Speaking of Rogers, clearly the fact that a story about moving your email and contacts off their platform is still resonating years after I published that story says something about how the market see Rogers. And I am kind of surprised that a story about Rogers modems from years ago still gets clicks seeing as Rogers is trying migrate people to their new Ignite platform as fast as possible. I can likely say the same thing about my story about Android Auto and Apple CarPlay on my Hyundai Tucson from years ago as honestly, with pretty much every car coming with either or both, we shouldn’t be talking about this anymore. But having said that, my guess is that there are still Hyundai owners who want this functionality in their cars. If that is you, there’s a cheap to free option for Hyundai Canada owners that I wrote about here. My story about Bell having the upper hand against Rogers entering spot number nine illustrates the sort of trouble that Rogers is an and how much work they will have to be competitive in 2022. And finally the SSD swap issues of the M1 from earlier this year illustrates the software quality issues that Apple really, really needs to address ASAP.

Now if you have something that you think that should be on this list, leave a comment with your thoughts. Happy new year (hopefully)!

Guest Post: 38.6% of Canadians Save Banking Details On Devices: Is There A Safe Way To Do That Asks NordVPN?

Posted in Commentary with tags on December 30, 2021 by itnerd

The latest survey by NordVPN has shown that 38.6% of Canadians save banking details on their devices to use them on shopping apps and websites later. While many customers go for this option out of convenience, cybersecurity experts warn to be careful, especially during the shopping season, as not all methods are equally safe.

People spend billions of dollars during Black Friday, Cyber Monday, and pre-Christmas time, trying to grab the best deals online and save a buck. In 2020, during Cyber Monday, customers in the US spent a whopping $10.8 billion dollars. 23.2% of annual sales in Canada fall on the Black Friday and Cyber Monday week. No wonder that hackers and scammers want to have their share by stealing customers’ banking details.

“Hackers take advantage of users who use unsecure ways to store banking information on their devices. A person who saves his credit card details in an Apple Pay mobile wallet is much safer than one who keeps a photo of his credit card in the gallery or notes on his phone. And the difference between those options is huge,” says Daniel Markuson, cybersecurity expert at NordVPN.

The habit of saving payment details is similar around the world

38.6% of Canadians save their banking information on their devices. The habits are pretty similar around the world. NordVPN’s research has shown that almost half of Americans (43.9%) store their banking information on their personal devices, followed by Spaniards (39.3%), and Australians (38%). While the Polish (25%) and Dutch (25.6%) care about their credit card safety the most among the surveyed countries, the percentage of people risking their security is still high.

Ways to save banking details on your device and their weaknesses

There are several ways people can save payment card details on their devices:

  • Notepads or photos

Some people choose to store their payment details for shopping online by just taking a photo of their payment card or writing down the payment card and CVV numbers in the notes application. 

Weaknesses: While this option is easy and doesn’t require any technical skills, it is the riskiest when it comes to the security of users’ banking details. The research shows that 25% of Canadians don’t lock their phones. This means that even a random stranger could access their photos, notes, emails, and contacts without any additional effort if they got to an unprotected device.

“Moreover, the device’s data can be compromised even without the device being stolen. Countless number of apps can access your photos and notes, some of them may be malicious,” adds cybersecurity expert Daniel Markuson. 

  • Browser

One of the most popular ways to store payment information locally is in an internet browser (e.g. Google Chrome, Mozilla Firefox, etc.), as this allows users to autofill banking details while shopping online. 

Weaknesses:  This option may be safer than just taking a picture of your credit card and may help to save some time, but experts say it is often targeted by cybercriminals. 

“The biggest issue is that criminals can create malware which will steal all the autofill information you save in your browser, including your credit card details. One nameless malware like that was analyzed by NordLocker at the beginning of this year. The analyzed Trojan-type malware infiltrated over 3 million computers and stole 1.2 TB of personal information, including around 28 million credentials stolen from various internet browsers,” Daniel Markuson explains.

  • Mobile wallets

Mobile wallets (such as Apple Pay, Samsung Pay, Android Pay) may be the safest way to keep your banking details on your device. Those applications usually have strong encryption and ensure the safety of their users.

Weaknesses: There are a lot of mobile wallets and other financial encryption tools out there, but it is important to pay attention to their security standards. Make sure you choose the safest option by researching it before putting in your payment details. 

How to shop online safely

“In general, when it comes to shopping online, make sure you trust the security standards of the company that you are giving your credit or debit card details to. Because once the details are given, the chance of them being leaked or misused is greater,”  says Daniel Markuson from NordVPN

  • Research retailers online. Never rush to make a purchase without doing proper research on the retailer. Check the reviews on various platforms and only then start spending money. Make sure there’s a lock symbol next to the URL, indicating that the website is secure.
  • Use strong passwords. Protect your accounts with complex passwords that contain upper-case and lower-case letters along with numbers and special characters.
  • Don’t click on suspicious links. Closely inspect every email you receive and never click on any links. Hackers can impersonate online shops and redirect you to malicious websites.
  • Avoid storing your payment information on browser. Even though this is not a bulletproof tip, it’s safer to type your credit card information manually.
  • Use virtual cards. Some banks also offer temporary virtual cards you can use in order to shop online without any risks. 
  • Use a VPN. A virtual private network encrypts your traffic and hides your IP address, improving your online security and privacy. If you make purchases on public Wi-Fi, using a VPN is a must. Hackers can create a fake hotspot, infect your device with malware, and steal your credit card details. 

My Tech Highlights Of 2021

Posted in Commentary on December 30, 2021 by itnerd

2021 was only marginally better than 2020. As a result, I didn’t review as much tech as I am used to. Which is why I will not be doing the IT Nerd awards for the second year running. But that doesn’t mean there wasn’t interesting tech to be had. Thus here’s a list of things that really caught my eye in 2021.

InvisQi: This I have to admit was the first cool thing that I came across this year. What InvisQi does is allow you to build a wireless charger into your desk so that you can put your phone (or wireless charge capable devices) on your desk and get a charge. It was simple to install, and it’s made the desk in my home office that much more useful.

Apple AirTag: The Apple AirTag got all sorts of press this year for good and bad reasons. For good because it came to the table with features that as long as you’re in the Apple ecosystem, couldn’t be matched by any competitor. And that includes the fact that having over a billion iPhones at your disposal to help you find your stuff can’t be beat. But it also hit the news for all the wrong reasons having been connected to stalking and car thefts. Regardless, Apple did make a splash with the AirTag, and will likely leverage that in 2022 to take over the tracker market.

Ekster Aluminum Cardholder: For my wife and I, the Ekster Aluminum Cardholder has changed our lives in a good way. We both now have slimmed down wallets with only the things we actually need in them. That makes my pockets and her purse say thank you. On top of that, there’s a tracker card that allows you to find this wallet should you lose it. As a result, we’re never going back to traditional wallet ever again.

Apple 2021 16″ MacBook Pro: When it comes to computers, Apple has taken the mind blowing performance of the M1 processor that they released last year, and turned it up to 11 by releasing the M1 Pro and M1 Max chips. Both with mind blowing levels of performance. On top of that, Apple added a mini LED display that crushes any other display in a notebook, and fixed almost everything that MacBook Pro users have been complaining about for the last six years. If there’s one piece of tech that made the biggest splash this year, this was it.

FlexiSpot Electric Height Adjustable Standing Desk: This desk has changed my life. And that is not hyperbole. The FlexiSpot Electric Height Adjustable Standing Desk has given me a workspace where I can comfortably work at for hours because I am able to dial in the exact position that works for me. That’s something that I haven’t had in a very long time and I am sure that my back and various other body parts will thank me for that in the years to come.

Those are the things that really caught my eye in 2021. Hopefully in 2022 the world will become more normal and we’ll all be able to do the things that we’re used to doing. For me that includes reviewing the latest and coolest tech. Fingers crossed that happens.

Fortnite Is Down

Posted in Commentary with tags on December 29, 2021 by itnerd

Epic Games is having a bad day today as it seems that Fortnite is down:

It’s apparently been down for at least 5 hours and players are commenting on Twitter:

At this point there’s no ETA, but this is not a good look for Epic Games. Stay tuned for updates.

UPDATE: Fortnite is live once again.

Norway’s Largest Media Company Is Being Pwned By Hackers As I Type This

Posted in Commentary with tags on December 29, 2021 by itnerd

Apparently an active cyberattack on Norway’s largest media company is underway and the results are absolutely catastrophic according to The Record:

Amedia, the largest local news publisher in Norway, announced on Tuesday that several of its central computer systems were shut down in what it is calling an apparent “serious” cyberattack.

The attack is preventing the company from printing Wednesday’s edition of physical newspapers, and presses will continue to be halted until the issue is resolved, Amedia executive vice president of technology Pal Nedregotten said in a statement. The hack also impacts the company’s advertising and subscription systems, preventing advertisers from purchasing new ads and stopping subscribers from ordering or canceling subscriptions. 

The company said it is unclear whether personal information has been compromised — the subscription system affected by the attack contains names, addresses, phone numbers, and subscription history of customers. Data such as passwords, read history, and financial information are not affected, the company said.

Amedia publishes more than 90 newspapers and other publications that reach more than 2.5 million Norwegians, according to the company’s website. The attack on Amedia is the third major Norwegian cyberattack reported over the last several days.

This is pretty bad as whoever these bad actors are, they’ve taken down this company. And recovery will likely be difficult. I’ll be keeping an eye on this evolving situation.

LastPass Says It Wasn’t Pwned… But This Has Only Clouded This Situation

Posted in Commentary with tags on December 29, 2021 by itnerd

Yesterday, I posted a story where I asked if password manager LastPass had been pwned. This was based on reports of multiple attempted logins using correct master passwords from various locations. This came via multiple users in a Hacker News forum who have shared that their master passwords for LastPass appear to be compromised. 

When LastPass initially commented on this to BleepingComputer, they had this to say:

LogMeIn Global PR/AR Senior Director Nikolett Bacso-Albaum told BleepingComputer that “LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services.”

“It’s important to note that we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure,” Bacso-Albaum added.

However, users receiving these warnings have stated that their passwords are unique to LastPass and not used elsewhere. BleepingComputer has asked LastPass about these concerns but has not received a reply as of yet.

I was suspicious of that statement, and now that LastPass has released a new statement to The Verge, it really makes me wonder what the truth actually is:

As previously stated, LastPass is aware of and has been investigating recent reports of users receiving e-mails alerting them to blocked login attempts.

We quickly worked to investigate this activity and at this time we have no indication that any LastPass accounts were compromised by an unauthorized third-party as a result of this credential stuffing, nor have we found any indication that user’s LastPass credentials were harvested by malware, rogue browser extensions or phishing campaigns. 

However, out of an abundance of caution, we continued to investigate in an effort to determine what was causing the automated security alert e-mails to be triggered from our systems. 

Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error. As a result, we have adjusted our security alert systems and this issue has since been resolved. 

These alerts were triggered due to LastPass’s ongoing efforts to defend its customers from bad actors and credential stuffing attempts. It is also important to reiterate that LastPass’ zero-knowledge security model means that at no time does LastPass store, have knowledge of, or have access to a users’ Master Password(s).  

We will continue to regularly monitor for unusual or malicious activity and will, as necessary, continue to take steps designed to ensure that LastPass, its users and their data remain protected and secure.

I have to say that I am not buying this. Was it an attack as per the earlier statement? Or was it a screw up that caused this as per their later statement? And this does not explain why reports of multiple attempted logins using correct master passwords from various locations started to pop up. This whole situation is a bit of a mess and some clarity is needed here.

My advice goes something like this: In the absence of hard facts, assume your LastPass account has been pwned. If you stick with LastPass, you need to do the following:

  • Users should change their passwords AND enable two-factor authentication
  • Then users should keep an eye out for suspicious login attempts.

But if you’re really uneasy about staying with LastPass, you should migrate to another password manager ASAP and delete your LastPass account. Hopefully LastPass comes out with a statement and facts to back it up which bring clarity to this situation and peace of mind to LastPass users.

2021 Reflections & 2022 Predictions From StorCentric & Retrospect

Posted in Commentary with tags on December 29, 2021 by itnerd

Today I have some 2021 Reflections and 2022 Predictions that relate to how to protect your company from cybercrime from Mihir Shah, CEO of StorCentric, Surya Varanasi, CTO of StorCentric, and JG Heithcock, General Manager of Retrospect, a StorCentric company.

Here are their 2021 Reflections: 

Mihir Shah, CEO, StorCentric (

  • Cybercriminals and ransomware are evolving: from hitting only single organizations and/or individuals to attacking MSPs, where they could target multiple organizations with one fell swoop (e.g., Kaseya ransomware attack perpetrated by the REvil group). 
  • Cyber insurance became increasingly critical: and it wasn’t just for large enterprises anymore. Small and medium sized enterprises invested, many for the very first time. Yet, confusion and frustration over what it does and does not cover continues. 
  • Enterprises recognized the need to protect themselves against a ransomware-related class action lawsuit: and began preparations for a worst-case scenario. Enterprises also increased their focus on data protection, particularly PII, as well as their ability to demonstrate that every possible precaution was taken to prevent and recover from an attack

Surya Varanasi, CTO, StorCentric (

  • Unbreakable Backup became an indispensable solution for ransomware attack recovery: thwarting cyber criminals ‘attack the backups first’ strategy. 
  • Backup copy immutability became non-negotiable: meaning at least one backup copy must be immutable, unable to be deleted, corrupted or changed in any way, even if the ransomware has already infiltrated your organization, and integrated itself into the backup process

JG Heithcock, GM, Retrospect a StorCentric company (  

  • Ransomware as a service (RaaS) is a huge business with attacks continuing to grow at an alarming pace. Businesses at every size are increasingly exposed to ransomware attacks.
  • Cyber criminals are attacking backups first: and then once under their control, coming after production data. This means that many enterprises are feeling a false sense of security, until it is already too late.
  • Recovery capabilities became the #1 ransomware strategy: while prevention and detection remained indispensable, recovery capabilities became the top priority.

Here are their 2022 Predictions:

Surya Varanasi, CTO, StorCentric ( “Massive data growth combined with significant changes in the way we work today and a rapid rise in cybercrime has driven increased challenges for data center managers. In 2022, it will be critical to respond to these demands, and to pursue and achieve digital transformation strategies that enable organizations to store, manage and protect data at scale. And I predict that in 2022, data center managers will find that the ideal way to do this will be to start with the right data storage foundation. 

In 2022, organizations will seek a data storage foundation that enables them to support a mix of workloads. The storage will allow for flexible configurations and simplified expansion to meet a wide variety of capacity and performance requirements. Next, organizations will seek a solution that provides multi-protocol support. Certainly, at a minimum, the storage will support block (iSCSI, FC) and file (NFS, CIFS/SMB). However, given the increasing desire to run cloud-native applications, backup and restore critical data, as well as archive data in the cloud, S3 object storage support will become a must-have as well. 

Today’s digital transformation strategies would be remiss if data protection and business continuity were not at the top of the list of considerations as well. This is especially true in 2022, when data center managers are not just concerned with equipment malfunction, but also insider threats and external cybercriminal activity, such as ransomware attacks. So, capabilities such as immutable volume and file system snapshots that deliver secure point-in-time copies; object locking for bucket or object-level protection for specified retention periods; and pool-scrubbing to detect and remediate bit rot and data corruption will be deemed essential.”

JG Heithcock, GM, Retrospect a StorCentric company ( “Today, more than ever, data can be lost by accident, damaged by a natural disaster, or fall victim to cybercrime. In 2022, with ransomware continuing to grow as a threat, data protection will become the most indispensable component of every organization’ digital transformation strategy. In 2022, the 3-2-1 backup rule will continue to be the golden rule of complete data protection. This means that organizations will keep three copies of data saved across at least two media types, with one more copy saved offsite. In 2022, ROI will also remain the name of the game, so organizations will seek a proven solution that makes this easy and affordable to implement. The ideal backup solution will enable a backup script to a local destination and a backup transfer script to an offsite target. Using a transfer script to copy backups to a second location enables the administrator to perform the operation offline, without the original source needing to be used. In 2022, there will be various options available for implementing 3-2-1 workflows. The first possibility will be disk and cloud. Combining local disks and cloud storage locations is a common pattern for a backup strategy. An available backup on a local disk translates into very fast recovery time, as the local network allows for much higher bandwidth. A remote backup on a cloud storage location insulates the organization’s data from disaster, malware, and other problems that arise. The second option will be network-attached storage (NAS) and cloud. NAS devices are an affordable on-site storage location for backups. Leveraging an on-site NAS ensures a large, dedicated storage pool and high bandwidth for backups. Transferring those backups to the cloud as an offline process allows administrators to avoid touching the original source multiple times. The third option will be disk and tape. Disk remains the most common storage media, and tape continues to make strides in speed and storage capacity. With a local disk, the administrator can quickly back up their environment and have the backups available for fast restore. Using a tape library for offsite storage enables the administrator to store their backups in a safe location (like a security deposit box or a third-party storage locker) that – unlike the cloud – the administrator has physical access to. Of course, in 2022, going beyond the 3-2-1 backup rule will provide organizations with extra insurance to protect their digital transformation initiatives. Organizations can choose to utilize a second cloud storage location (i.e., 3-2-2 strategy) or NAS, tape and/or cloud (i.e., 3-3-2 strategy) for added redundancy. Finally, in 2022, utilizing WORM storage in the cloud with Immutable Backups will provide the best protection against ransomware attacks. With a locked backup, malware cannot delete your critical data, enabling the administrator to recover if the worst does happen. By combining the 3-2-1 backup with immutable backups in the cloud, administrators can ensure their organization’s data is protected against the latest threat landscape.”

T-Mobile Has Been Pwned Again

Posted in Commentary with tags , on December 28, 2021 by itnerd

If you’re a T-Mobile customer you have to be wondering if the company can keep customer data safe. I say that because the news is out that they’ve been pwned. Again:

Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.

The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.

The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.

This comes after T-Mobile had a massive data breach in the summer. And keep in mind that this company has been pwned in the past too. Clearly this company does not have the best track record of protecting data. Which if you’re a T-Mobile customer, should make you reconsider if you should be dealing with them.

Has LastPass Been Pwned? [UPDATED x2]

Posted in Commentary with tags on December 28, 2021 by itnerd

That’s the question that a lot of LastPass users have been asking as LastPass members have reported multiple attempted logins using correct master passwords from various locations. This comes via multiple users in a Hacker News forum who have shared that their master passwords for LastPass appear to be compromised. There is a patten that seems to be emerging though. The majority of reports appear to come from users with outdated LastPass accounts. This indicates the master password list being used may have come from an earlier hack. Which also means that threat actors were possibly inside LastPass for a while. And changing the master password doesn’t help. Which spells big trouble for anyone who use this service.

The only conclusion that I can come to is that there must have been a data breach at LastPass which if true is catastrophic for LastPass and their users.

Now to protect yourself, I’ll give you two options. Here’s the first if you want to stick with LastPass:

  • Users should change their passwords AND enable two-factor authentication
  • Then users should keep an eye out for suspicious login attempts.

I won’t go as far as to guarantee that this will fully secure your passwords, but it’s better than nothing. I think the real solution is to migrate away from LastPass to keep yourself secure. I personally use eWallet as that isn’t reliant on a third party and is totally in my control. But importing your LastPass data into another password manager is another option. A search with the search engine of your choosing will help you find directions for that.

Now I have been scanning Twitter and the LastPass website and I have seen no comment from the company on this. But I have to assume that they will have to make some sort of comment on this as the longer they stay silent, and the more people report issues, the worse this gets for LastPass.

UPDATE: BleepingComputer is reporting the following:

LogMeIn Global PR/AR Senior Director Nikolett Bacso-Albaum told BleepingComputer that “LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services.”

“It’s important to note that we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure,” Bacso-Albaum added.

However, users receiving these warnings have stated that their passwords are unique to LastPass and not used elsewhere. BleepingComputer has asked LastPass about these concerns but has not received a reply as of yet.

To me this sounds like more than credential stuffing. But there’s more. I got this tip from a reader:

BleepingComputer has noted the same thing:

To make things even worse, customers who tried disabling and deleting their LastPass accounts after receiving these warnings also report [12] receiving “Something went wrong: A” errors after clicking the “Delete” button.

So what’s clear to me is something is really up with LastPass in a bad way. And whatever it is, it isn’t trivial. That’s not good for LastPass users. At this point, the company really needs to explain what is going on.

UPDATE #2: I just got this Tweet in terms of being able to delete your LastPass account:

Shutterfly Pwned By Ransomware Attack

Posted in Commentary with tags on December 28, 2021 by itnerd

Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data:

On Friday, a source told BleepingComputer that Shutterfly suffered a ransomware attack approximately two weeks ago by the Conti gang, who claims to have encrypted over 4,000 devices and 120 VMware ESXi servers.

While BleepingComputer has not seen the negotiations for the attack, we are told that they are underway in progress and that the ransomware gang is demanding millions of dollars as a ransom.

Before ransomware gangs encrypt devices on corporate networks, they commonly lurk inside for days, if not weeks, stealing corporate data and documents. These documents are then used as leverage to force a victim to pay a ransom under the threat that they will be publicly released or sold to other hackers.

Given that the group behind this is the notorious Conti ransomware as a service gang, this is going to a huge problem for Shutterfly as they have to make a call as to whether to pay up or not. This will be one to watch as this like a lot of Conti attacks is pretty high profile.