Change Your Old Amazon Password Now To Avoid This Cracking Risk

Change Your Old Amazon Password Now To Avoid This Cracking Risk

Some old Amazon account appear to have a flaw in their password protection scheme that makes them more vulnerable to a brute force cracking attempt. For affected accounts, if you haven’t changed your password in several years, and it’s over 8 characters long, it looks like all people have to do is enter the first 8 characters correctly and they’re in. Even if after the 8 characters they just type gobbledygook. [More]

How Does The Gawker Privacy Leak Concern Consumerist Users?

How Does The Gawker Privacy Leak Concern Consumerist Users?

If you’ve got an account on Gawker.com or any of its sister sites (Kotaku, Gizmodo, Deadspin and Jezebel among others), you’ll probably want to change your passwords because anonymous hackers have swiped usernames, email addresses and passwords and made them available via a torrent file. And by change your password, we potentially mean all of them. Now. [More]

The Password Is Dead

The Password Is Dead

It’s not going to be too long before you’ll have to have your face scanned before you can open your email, at the rate the password cracking arms race is going. [More]

Help! My Gmail Account Was Hacked! How Do I Clean This Up?

Help! My Gmail Account Was Hacked! How Do I Clean This Up?

Reader Lisa would like to ask the Consumerist hive mind for advice on cleaning up her recently hacked Gmail account. Here’s her story: [More]

Create A Different Password For Every Site And Never Forget A Single One

Create A Different Password For Every Site And Never Forget A Single One

So many logins to keep track of. You can use a handful of strong passwords across all your accounts but if somehow one gets figured out, your entire networked life could be at risk. But by creating an easy-to-remember pass phrase that uses part of the website’s name it its construction, you have a unique strong password for every account you have without ever even writing any of them down. [More]

Why Phishing Works Even If You're Not Normally Stupid

Why Phishing Works Even If You're Not Normally Stupid

If you spend a lot of time online, you’re probably aware of phishing scams and know what to look out for. In other words, you’re not one of those ignorant types who clicks on links and starts entering personal information without hesitation. Writer and blogger Cory Doctorow is what you might call hyper-vigilant–he keeps unique passwords, uses a VPN when going online in public, and generally knows not to trust strangers. Still, he got phished a couple of weeks ago. [More]

T-Mobile CSR Politely Asks For My Sprint Password

T-Mobile CSR Politely Asks For My Sprint Password

Wilson is switching from Sprint to T-Mobile and fielded an unusual, off-putting request from a T-Mobile CSR: “Please provide your password.” Wilson refused and wonders aloud whether or not it’s kosher to make such an indecent proposal. [More]

Do Not Use "Twitter" As Your Twitter Password

Do Not Use "Twitter" As Your Twitter Password

Twitter is looking out for you. When you register, in addition to telling you how strong or weak your password is, there are also certain passwords that are forbidden. These include “computer,” “twitter,” and “vagina.” [More]

Microsoft Turns A Blind Eye To Phishing Scams On Xbox LIVE

Microsoft Turns A Blind Eye To Phishing Scams On Xbox LIVE

William wrote to us this weekend to point out how little Microsoft does to fight phishing attacks on their hugely popular Xbox LIVE network. It’s unfortunate they don’t take this sort of crime more seriously, since so many kids—who by all rights should have less experience with phishing—are on Xbox LIVE. Below is what two different Xbox CSRs told William when he contacted them to complain about phishing attacks.

American Express Wants You To Use Lame Passwords

American Express Wants You To Use Lame Passwords

We’re no longer indignant about Amex’s weirdly lax security policies anymore, we’re just confused. Why would a major credit card company cold call new customers and insist they give up bank and address info over the phone, or email sensitive data to strangers? Or, we just learned, demand that you use a lame password that isn’t case sensitive, is only 6 to 8 characters long, and can’t contain special characters?

Direct Marketing Association's Opt Out Website Is A Joke

Direct Marketing Association's Opt Out Website Is A Joke

Jonathan wanted to opt out everyone in his family from direct marketing campaigns, something the DMA promises is possible via their website. Surprise! It turns out the DMA doesn’t really care so much about whether or not you want to be taken off any mailing lists, and they have a rotten website and poor security protocols to prove it.

SoCalGas' Password Policy Makes Passwords Pointless

SoCalGas' Password Policy Makes Passwords Pointless

We’re not sure why a company would bother with offering a password feature on their customer accounts if they disable them without warning 3 months later as a matter of policy, but that’s how Southern California Gas Company rolls. Does it really matter, you ask? It might if you’re a victim of domestic violence.

Nigerian Scammers Break Into Your Gmail, Ask Your Friends For Money

Nigerian Scammers Break Into Your Gmail, Ask Your Friends For Money

Andy logged in to Gmail on Sunday, and his friend Jeff started to chat with him. Things seemed a bit off, but Andy really became suspicious when Jeff asked him to wire $500 to an injured friend in Nigeria. The real Jeff, of course, was off playing XBOX and has no friends in Nigeria. Like the scammers hitting up people’s friends for money via Facebook, thieves can log in to your e-mail and chat accounts, pretending to be you.

Free iPhone App Improves Paypal And EBay Security

Free iPhone App Improves Paypal And EBay Security

We’ve posted before about security keys—those little digital keyfobs that generate expiring security codes over and over and make it incredibly hard for someone to gain unauthorized access to your account. They’re a great idea, and now if you own an iPhone you can install a Verisign app that will work with Paypal and eBay, as well as about two dozen lesser known sites. It’s probably the easiest step you can take to vastly improve security on those accounts.

How To Easily Remember A Different Password For Every Site

How To Easily Remember A Different Password For Every Site

Everyone knows that one of the best ways to protect yourself from online security disasters is to use a different password for each account. But do you do it? Probably not, because at first glance it looks like an unreasonable burden, having to either remember dozens of unique passwords or having to keep them all written down somewhere (which in itself is a security risk). The website ideashower.com offers a simple way to create a unique, easy to remember password for every account.

8,000 Comcast Passwords Exposed, Phishing Scam Suspected

8,000 Comcast Passwords Exposed, Phishing Scam Suspected

The New York Times has reported that a list of over 8,000 Comcast user name and passwords were available to the public via Scribd for two months, before a Wilkes University professor discovered it over the weekend after doing a search for his identity online. Comcast is saying it looks like the result of a phishing scam and isn’t an inside job, and that there are so many duplicate entries on the list that it’s closer to 4,000 customers.

DVD Planet Uses 'Ebay' For Password, Sends It To You Via Email If You Ask

DVD Planet Uses 'Ebay' For Password, Sends It To You Via Email If You Ask

Dear DVD Planet, you might want to sit down with the person who designed your customer account system and have a long talk. You know, about things like data security. After we posted this story yesterday about an Amazon shopper who was surprised to find you’d automatically created a barely secure account in his name with his data, another reader—this time a former eBay customer from nearly two years ago—decided to check whether you’d done the same thing to her. Yep! And the password was “Ebay.”

DVD Planet's Automatic Account Creation Raises Security, Privacy Issues

DVD Planet's Automatic Account Creation Raises Security, Privacy Issues

Joel says when he ordered a disc from DVD Planet via Amazon, the company automatically created an account for him on their website. The problem is that the default password they used was so easy to guess that he figured it out on the second try, and he suspects it’s the same password they use on every account. Once you guess it, you can see the customer’s past orders and credit card billing address. When Joel contacted them to have the account removed, he was told that wasn’t possible.