Google Search

Custom Search

Thursday, October 6, 2011

A climate mangles a rush myth

Late last week, a hacker, using a publicly obtained list of usernames and passwords, began running a login script against PayPerPost.com to determine which of those Username/Password combinations corresponded to existing PPP accounts. From this activity, it is clear that this information was not obtained directly from PayPerPost, but through other online accounts for which you use the same Username/Password.

What this means is that our database was NOT hacked. However, we do strongly encourage you to update your passwords on your other online sites as the PPP accounts this hacker got into were vulnerable because the same email/password login information was used elsewhere on the web. As such, this information is currently out in the public sphere and may be used against you again to access other your other online accounts.

Only a small number of PayPerPost accounts were accessed and, if yours was one of them, you were contacted directly by email yesterday with specific information.

In response to this attack, we have strengthened our password security requirements in PPP and will make a few other behind the scenes changes to make sure this type of scripted event cannot happen in the future. Going forward, the password that you choose for an IZEA site will need to be comprised of at least 8 characters containing at least one letter, one number and one symbol.

Also, keep in mind that PayPerPost shares a user database with WeReward and SocialSpark. So, if you also have accounts in these systems (which were NOT affected by this attack) resetting your PPP password will ALSO reset your SocialSpark and/or WeReward password.

Finally, we do apologize for any frustration or anxiety this may have caused. The interwebs can be a warm, wonderful & welcoming place full of information at your fingertips, but it can also allow unscrupulous people access to your personal information if we all don’t remain vigilant.

We hope that the additional protective actions we have undertaken will help to keep your information safe across all the services you access via the web. Should you have any additional questions or concerns, please don’t hesitate to let us know.

A climate mangles a rush myth.

A climate mangles a rush myth.