I just got the email from haveibeenpwned. F Trello.

  • @CosmicTurtle
    link
    English
    261 year ago

    Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.

    • never use the same username and password in two or more places
    • always use MFA, a hard token if you can like a yubikey
    • @[email protected]
      link
      fedilink
      English
      101 year ago

      It’s a breach.

      Attackers queried email addresses and trello responded with names and user names.

      • Dr. Moose
        link
        English
        61 year ago

        real names is definitely a breach

      • @scarilog
        link
        English
        41 year ago

        Oooh that’s pretty bad

    • @JustUseMint
      link
      English
      11 year ago

      Physical token over TOTP authenticator?

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        all the root secrets are available in plain text the generator app at some point, they have to be. moving that to a single purpose device greatly reduces the risk of vulnerabilities in your phone leading to exfiltration via internet connection

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        I cannot think of a use-case outside of statecraft. Maybe companies engaged, or being engaged, in corporate espionage.

    • @Paragone
      link
      English
      -81 year ago

      Do you own a Yubikey?

      Have you ever succeeded in getting it to work with anything??

      It didn’t work with gmail, or any other online account I had.

      An absolute waste of $$.

      • @[email protected]
        link
        fedilink
        English
        81 year ago

        mine works for my personal google account, work one is sso and doesn’t have it enabled. otherwise gh, aws, auh0 support it, I’m forgetting some others I use. beyond that you can generate 2fa codes too

      • @CosmicTurtle
        link
        English
        21 year ago

        I use yubikey everywhere it’s available for me. Initially, the first few websites in the early years were challenging. I think a lot of devs were still trying to figure out the workflow.

        But today, it’s usually as simple, or simpler, than TOTP.

        So it might be worth trying again. I’d use a YubiKey 4 or higher if you can. If you have an older one, you may want to upgrade to take advantage of the newer technology like NFC and Bluetooth if you’re into that.

        I just wish YubiKey could store more than like 30 TOTP tokens.

      • Subverb
        link
        English
        11 year ago

        I use mine with AWS.

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        Sounds like a skill issue.

        Have had yubikey for a few years. It was a pain to set it up initially, but it took me less than an hour if I remember correctly. Since then the only issue I have is that sometimes I accidentally bump into it and it pastes an OTK to a random place.