Folks, I am speculating here but if the attacker just go some of the accounts then it is possible that the attacker hacked into some of the on-rev servers but not all of them, then, just the users on those machines were compromissed. I did not change my password, I am still deciding if I will do it or not.
Again, if you have a need for utmost security, you should not be on shared hosting, you need to me on your own box on co-location with security experts on payroll. If you are on shared hosts, then, by default, you are subject to such attacks. Cheers andre PS: I have a lifetime on-rev account and am happy with it. I also have a VPS (it is as good as I can pay) for more sensitive stuff and I have one or two linodes. On Mon, Jul 11, 2011 at 1:42 PM, Marian Petrides <mpetri...@earthlink.net>wrote: > I am an On-Rev lifetime subscriber but don't recall getting this message. > So it must be something else, I guess. > > On Jul 11, 2011, at 11:25 AM, Bob Sneidar wrote: > > > I have received it. It's probably legit. I don't see any links to a site > to authenticate, so what would anyone gain by telling you to change your > password? > > > > Bob > > > > > > On Jul 11, 2011, at 6:34 AM, Gregory Lypny wrote: > > > >> Hello everyone, > >> > >> Have any of you received this message from Heather? Implications? > >> > >> Gregory > >> > >> > >>> Dear Gregory Lypny, > >>> > >>> I need to inform you that over the weekend we experienced an attack on > our customer database. Although we caught this very quickly I regret that > some information may have been compromised. A small number of accounts were > affected, unfortunately yours was one of them. > >>> > >>> The information concerned includes your name, email address, on-rev > username and the server you are hosted on. It does not include your > password, or any postal address or billing information. This information > alone does not represent a security risk. However, if you have any concerns > at all that your password for your on-rev account is not secure, you should > change it immediately. cPanel offers a secure password generator that > includes numbers and punctuation in a random string, we strongly advise you > use this service. > >>> > >>> We deeply regret this breach of our security procedures. We felt it > important to inform you of it as quickly as possible as a precautionary > measure. > >>> > >>> We have already traced and fixed the exploit that made this possible > and can assure you that the same error will not happen again in the future. > >>> > >>> > >>> Regards, > >>> > >>> Heather Nagey > >>> Customer Services Manager > >>> http://www.runrev.com/ > >>> LiveCode - Realize fast, compile-free coding > >> _______________________________________________ > >> use-livecode mailing list > >> use-livecode@lists.runrev.com > >> Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > >> http://lists.runrev.com/mailman/listinfo/use-livecode > > > > > > _______________________________________________ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- http://www.andregarzia.com All We Do Is Code. _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
