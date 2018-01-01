Hacker News new | comments | show | ask | jobs | submit login
Protecting Your Account (backblaze.com)
4 points by chmars 10 months ago | hide | past | web | favorite | 2 comments



tl;dr:

'The Backblaze login database has in no way been compromised. That said, we have seen a number of automated login attempts to our site and wanted to alert our users of the risk.'

Why would Backblaze send out such an e-mail just to inform about a general risk?

(And why does the e-mail contain clickable links? Phishing is another risk and the standard mitigation is to sell users NOT to click on links in such e-mails …)


Yev from Backblaze here -> the clickable links were an "own-goal" - we were moving pretty quickly and forgot to turn the defaults off in one of our email providers. Given the subject matter of the email, that was more than unfortunate. The good news on that is, we're getting a lot of support tickets from customers asking if this was a phishing email, which leads me to believe more people know about phishing scams than we though - which is great (but not for us in this case)!

We sent the general warning mostly as an FYI. We thought it would be prudent since we saw a spike in automated login attempts. We were thinking of whether or not to just write a blog post about best-practices since we don't generally email all of our users like we did here, but we erred on the side of a one-time FYI send.




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: