Shoemoney - Skills To Pay The Bills

Udemy Hacked Usernames & Passwords Captured (Irresponsible Response)

Posted: 08 Jun 2016 09:00 AM PDT

This morning Udemy employee, Company Director Veronica Spindler sent out an email to Udemy users. The Subject was “Media Docs” and contained a link appearing to go to what normally looks like a Google Docs button.

When you clicked on the Google Docs looking button it took you to a Google login page (same as you would see with Google Docs).

If you put in your credentials hackers would have access to your account. I tested this with one of my throwaway gmail accounts and it told me password invalid. In fact no matter what I put in it said invalid password.

This is a slick trick hackers use because they not only have your email but now they have every password you think you would use….

This is incredibly valuable data (and sold frequently on the darkweb) because now they can mass attempt to log into bank accounts, social media accounts, and anything else you can imagine.

A few hours later a “Caution” email was sent out by Udemy Director – Veronica Spindler, saying her account was hacked.

This was a VERY bad and irresponsible response by Udemy because… Well see below as I will explain.

This is the most irresponsible… or incompetent response from a company that was hacked then I have ever seen for several different reasons:

Using the word caution in the subject? caution is in understatement. How about *IMMEDIATE ACTION REQUIRED.
Companies get hacked. It will happen eventually… but companies encrypt passwords, plus this is an easy fix because you can force people to change password on next login (after notifying them), this is MUCH more serious.
Really they say YOU MAY WANT TO CONSIDER changing passwords if you use the same one other places? Really? You may want to consider? wtf???
The bullshit thing about checking your Google account to see if someone logged in from another device… obviously they never even really dove into this or they would know it never even logged into Google.
No explanation of exactly your risks…
3 days until you notify your users? Really? You can bet your data has been sold six ways to sunday on the darkweb.

Unbelieveable.

If you fell for this change every password. Don’t “consider” it like Udemy suggests.

I saw on TechCrunch they just raised another 60M. They are going to need it if they are found culpable in legal action from users.

Sample text

- Powering-up thekube
Slide the ON/OFF switch to turn-on thekube, Music will
start playing
3 buttons interface is a simple & ingenios way to control
all the varicus functions of the player.

- Pausing Music streaming
A short press on the >II button will pause music playback
Music playback will resume after the >II button is pressed
again.

- Previous track & Volume Down
A short press on the I<< button will advance playback to
the next track. Hold down the I>> button to decrease the
playback volume.

- Next track & volume up
A short press on the I>> button will advance playback to
the next track. Hold down the I>> button to increase the
playback volume.

- Sequence & shuffle playback
Thekube can be toggled to play in both sequence or shuffle
mode by a long press on the >II button when music
playback is paused.

- Powering-down thekube
Slide the ON/OFF switch to turn-off thekube. When
thekube is turned-on again, it will resume playback of the
soundtrack where it is last turned-off.

- Charging thekube
Connect thekube to any USB powered port. Red light
indicates it is charging. Red light shut-off once charging
is complete. Full charge will take an hour.
It will increase the charging time while operating at the
same time.

Pages

USAHA BERSAMA

Ads 468x60px