I’m shocked that I’ve not heard a word out of the FOSS or privacy communities that I follow about this, especially when GitHub was supposedly effected:
Anyone know any details?
2 Likes
It is on our local news service
I would like to know if they have my google password?
4 Likes
Until I see an original and reliable source reporting on this and providing actual evidence, I’m not taking this serious.
2 Likes
Likewise. It seems a little suspicious that only sites/channels that profit from clickbait headlines are reporting this so far, and that they don’t mention any details about what type of attack was experienced. Also, they all seem to claim it’s a “blueprint” for future attacks, when the only methodology stated was that info users put online themselves (which they should have kept private) was part of how the data was accessed.
In fairness, I know it can take some time to deduce these things, and if the scale of attack is anywhere near what is reported, it might be a while before the companies affected can accurately let their users know if they’ve been compromised.
1 Like
All I know is that my Google account is not (yet) breached because I use 2FA and haven’t got an email from Google saying: did you log on from a new computer?
It’s probably a scam or then there’s one big 0-day vulnerability which has been found by a very talented group (=country/agency)..
1 Like
How do you define a reliable source?
I dont know what to read these days.
2 Likes
That is so true about so many news items it makes it much worse if you try to follow a story across different countries. Add political bias plus internet plus scare stories plus what sells papers or sites… the list goes on
5 Likes
That story looks and smells like clickbait to me…
I work with CyberSecurity people and they ping me regularly about “new stuff” and I haven’t heard anything from them in weeks…
2 Likes
That is a new word for me.
I wonder how our ABC came to fall for it?
1 Like
Iknkw what this is but why, what does it gain for a site if the final reaction is fake news.
Maybe some advertising deals are paid by clicks?
2 Likes
This. Another example in the US is how companies like The Weather Channel nearly always overestimate the severity of hurricanes because it draws in viewers, and thus they get paid more from their advertisers (their reporters have even been caught pretending to have to lean into the wind to stay standing when someone behind them walked by normally). It may hurt their reputation, but if nearly all news sites/channels do this from time to time, most people don’t know where to go to find sources of info with integrity.
This is why I was suspicious when I couldn’t find any reports about the “breach” on sites like this one that don’t profit from views on ads.
3 Likes
Also, why hasn’t Google invalidated my password yet? Have any of you received a message (either through email, IM, or SMS) to change your password for one of those services yet?
These services are known to be absolutely paranoid about security, so they would immediately send password change requests to all affected clients. Why hasn’t this happened yet?
4 Likes