• Gravatar data leak

    Posted on December 6, 2021 at 21:50 CST by

    You may have seen in the news that the site that provides the icons/images for this site and other WordPress based sites has been involved in a breach. But as I read it, it’s not really a breach, but rather sloppy coding.

    Nothing breached. Someone found Gravatar is using sequential id’s with JSON based API, which means they can very easily get your publicly available data. Slightly easier than scraping the page. But nothing has leaked, everything that was/is available came under a notice that Gravatar would make those details publicly available. Nothing has leaked, just perhaps Gravatar shouldn’t have made it so easy to get details.

    That said, take the time during this holiday season to review your passwords and especially stop reusing passwords. One of the best proactive things you can do this holiday season is to make yourself a big mug of hot chocolate, sit down in front of your computer or iPad and review the passwords on ALL of your sites. Ensure that you change passwords to much longer and stronger versions of what you are currently using. Do not reuse passwords over and over again on different web sites, as all it takes is an attacker to gain access to one password in an account and the attacker will attempt to reuse it on other accounts. Even if you don’t reuse passwords over and over again, if you haven’t changed passwords in a while, it’s wise to update and revise them. Next look to see if you can add multi-factor authentication on sensitive accounts such as banking as well as email. Review your options for setting up multi-factor. Often you can set up services to trust a browser you use all the time and to send multi-factor prompts when you – or an attacker – tries to log in from a new location.

    Action items for 2022: Choose better passwords and add multi-factor wherever you can.

    Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.