
Protecting Your Account - chmars
https://www.backblaze.com/blog/protecting-your-account
======
chmars
tl;dr:

'The Backblaze login database has in no way been compromised. That said, we
have seen a number of automated login attempts to our site and wanted to alert
our users of the risk.'

Why would Backblaze send out such an e-mail just to inform about a general
risk?

(And why does the e-mail contain clickable links? Phishing is another risk and
the standard mitigation is to sell users NOT to click on links in such e-mails
…)

~~~
atYevP
Yev from Backblaze here -> the clickable links were an "own-goal" \- we were
moving pretty quickly and forgot to turn the defaults off in one of our email
providers. Given the subject matter of the email, that was more than
unfortunate. The good news on that is, we're getting a lot of support tickets
from customers asking if this was a phishing email, which leads me to believe
more people know about phishing scams than we though - which is great (but not
for us in this case)!

We sent the general warning mostly as an FYI. We thought it would be prudent
since we saw a spike in automated login attempts. We were thinking of whether
or not to just write a blog post about best-practices since we don't generally
email all of our users like we did here, but we erred on the side of a one-
time FYI send.

