|
|
|
|
|
|
by gregsadetsky
1637 days ago
|
|
|
Can you talk more about the specially crafted request? Were those requests the ones that triggered the emails that many of us received, and were those requests made with the correct or incorrect passwords? Do you have an explanation why some people changed their LP passwords, and then received another login attempt alert email after that? Is that a coincidence (i.e. it was just more incorrect credentials still being tried on the same accounts) or was the attacker aware of the password change? Did the attacker have access to the new password or not? Many of us received the alert email that our passwords had been used (i.e. an attempted login with the correct password from a new IP), but swear that those were unique passwords (in my case, it was computer generated, locally stored in KeePass and never re-used -- many other cases like that). Did the attackers have our passwords in their possession, or no? |
|
|