This 'Pop up' appeared when I tried to log in. Is it genuine? I did change my password through the 'Settings' page. How come there is no official announcements about this.
Same for me,- got an email from Shapeways. Was forced to change my password. Found no announcement on Facebook / Twitter
Same here - got an email, stating that there was a security breach. That is the reason, why I never leave credit card or other private information with any company. First they boast "we love your data and it is secure as heaven" .... and later you get the news "... ahh the new chinese/russian hacker bots are so decent - we have lost your data .... sooooooo sorry...."
No announcement because there is no way to spin it positively, as the U.S. marketing team quickly discovered...
I got that popup yesterday when I tried to login, dutifully changed my password, received the email about the breach some hours later. Now I find I get that scare screen whenever I try to view my pending orders, open a materials page etc - despite having changed my password already. Now to see what clicking on "maybe later" will cause (if anything).
Hi everyone, As you have noticed, you should have received official announcement of the breach both via email and a popup when you visit the site. These notifications contain information about the breach and the steps we recommend you take in response. I’ll reach out directly to people who are having problems resetting their passwords. You can also always send support requests to service@shapeways.com.
Underlined: This might be not 100% correct. I was informed via email... I tried to get further informations on Shapeways,- there was no straight popup. A message appeared after trying to login only. So,- if You couldn´t receive email and browse on Shapeways only, there was no information. I think, it is important to let customers know about the breach as fast as possible. Btw: was good to use a separate password ( for important things like Shapeways ). So I don´t had to change password on other sites.
Yep, similar experience: first forced to change, then email arrived, next day popup asking for change again. Pseudo official statements appeared in different places, ranging from hobby forums to news and security sites, so the issue has been publicly recorded. But the killer is this from the email: What happened to storing updated hash when a new login takes place? Did that lesson drop from Security 101?
@kaadesign, the popup appears when a logged in user visits the site or a user with an automatically reset password visits the site and first tries to log in. Those behaviors cover the types of users impacted by the breach. The popup does not appear when guests are visiting the site because they are not impacted by the breach. We definitely agree with you that affected customers should be noted quickly - I hope this info is helpful
"The popup does not appear when guests are visiting the site because they are not impacted by the breach." Hi there, sorry Kat, I don't think that's right. If I'm on the site just to look at other people's models to see if there's anything of interest, then I'll often browse without logging in. Personally, I'm good at checking emails, so I knew about the data being stolen, but others may not be so much.
Since Shapeways doesn't have a telephone number that I could call and verify that the notifications are real I chose instead to ignore the notifications. Without a tangible connection to reality there is no way to know if any of this activity we see online is real. That's the way I view anything having to do with online. How do I know it's not a ploy to OBTAIN passwords? Nevertheless, it's not that big of a deal to me. Everything I have online is backed up offline. Also, my credit cards are backed by fraud protection. If someone uses my card I'll simply cancel the transaction and get a new card.
Hi James You're right, who's to know if it's real or fishing? For that reason, I don't tend to click links in emails warning me about data breaches (it's happened to me too many times - Adobe, AVG antivirus, etc). I just go to the browser and access the site the normal way. I once did something similar with a phone call from the bank. They called me wanting personal information, so I called them back using the bank's published phone number to make sure they were who they said they were. Startled them a little. I also own tin foil hats in an array of colours.
In addition to my tinfoil hat, I have a suit of tinfoil that makes a melodious clanking sound when I walk.
Reminds me of Chuck from better call Saul. But he was sensitive to electromagnetic waves. Being cautious with emails is a good thing! Changing your passwords often, and making them unique is also a good thing
How many times does one have to change the password for the popup to go away? Add "already changed" button?
Good one! I posted this some time back in the forum. Nowadays it's not just China, it's basically every country. Changing passwords frequently is good, but if they can get into the computers of major business then they can get into everyone's computer basically. And it's not people per se, it's highly intelligent robots that are doing the hacking. If you have a robot getting into your computer every five minutes and uploading means for recording your new passwords then passwords wont work too well. The good news is counter measures are being developed as can be seen here and here for example. In the meanwhile I would make the same suggestions you're making but I would also advise looking into ways to nullify what hackers can do when they get your secure data. Things like maybe making it easy for users to download all of their things they've created on Shapeways so that it can be stored offline and easily restored if needed. Can this be done via CSV file? I think I saw Stony saying something about that. And educate people about how banks are very flexible these days when it comes to helping customers with fraud remediation.