% of members to lose $ due to this hac k?

Have any been reported as hacked yet?

What % will be hacked & actually lose $ from an account, bank or otherwise where their is actual money?

How many members will have a fraudulent CC charge due to this SDMB hack?

Would a mod please fix that space in my title?


How could there be fraudulent CC charges?

Is not an email addy & a possible screen name and if you use a pattern type PW all that is needed?

With a credit card account password, & your account name from the SDMB hack if you used the same email or nickname (gusnspot ) could they get the card number and use it to make purchases? :confused:

My prediction is 0% (+ or - .0001%)

The SDMB may not have anyone’s CC info, but most people are lazy and will use the same user ID and password combination everywhere they can. That’s where the real hazard comes in - people break into systems like this one, then go out to credit card and banking sites with all of the IDs and passwords to see what works

so, some hacker gets my email address and the password I use here. I don’t see how they’d get my credit card number.

Can’t they just stick the screen name or email addy into a login place on where you check your CC account & put in the password they have. It comes back & says the PW is incorrect. They now know they have the correct ID so they pull the next series of PW they have generated until they get in? May have to retry several times after waiting for the site to set but eventually??

This makes me glad I’m an old fuddy and have never engaged in Internet banking. An ATM is as hi-tech as I get.

Credit cards are another matter, but I’ve been hit with fraud before, and the company never makes me pay.

This is why they tell you to NEVER duplicate passwords between accounts.

If that’s the way your CC works, you definitely need a new bank.

I don’t know of a financially based site that specifies whether you failed your password or your login. My CC just says “your login or password is incorrect” then locks you out after three tries. And the lockout doesn’t just unlock itself after a few minutes (what site would do that, ever??).

So, no.

Also the passwords were encrypted were they not?

I highly doubt any measurable percentage of Dopers have bank user ID’s that are the same as their Dope screen name, or even the same email associated with their Dope account. That would be super hella stupid, and kinda weird.

Even if they did, I would hope that by now they have changed any passwords associated with the same user names. And yes, as mentioned above, the websites usually just say that either the username or password is incorrect, but not which one.

Personally, I have no concern.

Not with anything that isn’t almost trivial for modern methods to crack.

The ATMB thread has a couple of people reporting that they have Twitter accounts that used the same password suddenly started following a bunch of new accounts. So it looks like passwords have been cracked and sold to at least one criminal organization.

If you try to log in to this very SDMB with a bad password, it says:

And yes, one certainly hopes that ALL computer accounts, web or otherwise, would work this way. This practice goes way back before the Internet, by the way.

You appear suspiciously knowledgeable about this subject… :screwy:

Remembering 70 different passwords that have to be changed every time some moron hacks into a site is completely impractical for most people.

They don’t expect you to do it, they tell you to do it so they can say “told ya so” if something like that happens.

I keep mine in a little book in my desk at home. I figure if someone’s breaking into my house, they’re going to take my stuff, not sit at my computer and try to get into my bank account. It’s the onine bad guys who are trying to get at my passwords, and they can’t see into my book. So I use different, secure passwords everywhere, and refer to my book when I need to.

If you don’t want to use a password manager, then at least make sure anything requiring high security (e.g. bank account ids and passwords) bears no relation to anything requiring low security (e.g. SDMB). I can assure you that even before this current incident if you got my SDMB password it would only help you get on to a couple of other sites that I consider very unimportant, and to even do that you would have to find those other sites.