

SEOmoz hacked? - joewee

Nothing on the website or blog, but received this:<p>On Friday, May 31st, we discovered that an encrypted portion of some of our member passwords may have been made public for a brief period of time. Within minutes we were able to remove the potential vulnerability. Fortunately, Moz uses a two-part hashing scheme for our passwords, so there is little risk of an account being compromised.<p>As a precautionary measure, we are implementing a password reset. Please log in to your account at https://moz.com/login where you will be prompted to start the password reset process.<p>Further details:<p>No plain text passwords were exposed or stored in our system, and in our investigation we have found no evidence of any unauthorized access to user accounts or credit card information (we never display credit card numbers).<p>We were not hacked and our systems were not compromised. This is a precautionary measure to ensure your account integrity.<p>Like many companies, we use a two-part process for password encryption. This makes it significantly harder for security breaches to occur when this type of vulnerability is exposed.<p>At Moz, the security of your data and account information is a mission critical priority for us. We apologize for the inconvenience of changing your password, but we want to take every precaution to ensure your data is safe!<p>Accessing your account at https://moz.com/login will prompt you to change your password. If you have difficulty changing your password, or any questions or concerns, please be sure to contact us right away.<p>Thank you for your patience!<p>The Moz Team
======
aioprisan
Apparently the breach was in their HTML code? Shouldn't this logic be server-
size? If I were a MOZ user, I'd be very concerned. Per their comments at
[http://devblog.moz.com/2013/06/how-we-fixed-a-password-
expos...](http://devblog.moz.com/2013/06/how-we-fixed-a-password-exposure/)
"Yes, we are talking about the HTML source code." I initially thought this was
a DOZ lawsuit related retribution.

------
a3n
This is a phishing attack, I received the same email. If you hover over the
link, it actually goes to bronto.com, not moz.com as the link text would have
you believe.

It looks like bronto.com got hacked, not moz.

~~~
joewee
I dont think so, the bronto URL redirects to moz.com, the password reset
happens on moz.com

But it is weird to use a marketing company to send out password reset
instructions.

~~~
dangrossman
> But it is weird to use a marketing company to send out password reset
> instructions.

It's weird to not disable link tracking (the automatically added redirects
through the marketing company's domain), it's not weird to use an e-mail
company to send e-mails. Managing per-ISP/mailer throttles/quotas, IP
blacklists, spam report responses and relationships in general is a full-time
job for several people.

If you have tens of thousand to millions of customers, you do not send mail
from your own servers if you want it to actually arrive in inboxes.

~~~
a3n
So then how do I tell when it's a phishing attack?

~~~
turboroot
The answer is not black and white, although there are certain indicators that
make an email very likely to be malicious.

In this case, record the ultimate destination of the link in an isolated
browser session (to prevent a possible CSRF attack), then make your judgement
from there.

------
chewxy
I got this email even though I do not have a SEOMoz account (or if I did, I
must have forgotten about it)

------
hiddenfeatures
I posted this already. To answer your question: The email clearly reads "We
were not hacked"

~~~
joewee
I still wonder how they discovered that the passwords were exposed.

~~~
hiddenfeatures
Got informed by a user of a weakness in web interface AFAIK

