CyberVor

As you may have heard, earlier this week it was reported that a Russian cybergang had stolen 1.2 billion user name and passwords as well as 500 million email addresses. These astounding numbers were discovered by a Milwaukee security firm, Hold Security, as reported in the New York Times. You may remember Hold Security as those who identified and tracked the Target breach back in February.

While it is still an ongoing investigation, and some may be skeptical of the details of the massive breach, Hold Security released a blog post on August 5th stating that the cybergang, being referred to as “CyberVor,” “is currently in possession of the largest cache of stolen data,” and that “as long as your data is somewhere on the World Wide Web, you may be affected by this breach.”

What does this mean for you?

We would like to take this time to remind you of a few password-safety best practices and how you can protect yourself in a situation such as the “CyberVor breach.”

1. Use Unique and Strong Passwords for every site.

Make sure that you are using unique passwords so that you can minimize your damages from future hacks. Also, if you have used your RoboForm Master Password on other sites, we recommend that you change your Master Password immediately. You can do so via your RoboForm Online Account portal: https://online.roboform.com/login

2. Change your passwords regularly.

It is extremely important to change all of your passwords on a regular basis. Out of precaution, you may want to change your online banking passwords and passwords on any financial or other sensitive sites. RoboForm users can use RoboForm’s Password Generator to quickly generate new passwords for their logins (you’re welcome!).

3. Use a Password Manager to safely store your online login information.

We had to say it-, if you’re not using RoboForm’s password manager already, we highly recommend that you start to now. Having a password manager allows you to easily follow online security best practices. RoboForm will remember all of your passwords for you and safely encrypt them all behind your one Master Password. RoboForm also allows you to use strong and unique passwords for every site. That way, if a hacker has one password, they don’t have them all.

Be sure to follow RoboForm on Facebook and Twitter for updates on the “CyberVor breach,” as well as other critical, online security news.

8 Tips for Keeping Your Passwords Safe This Summer

The Sun Isn’t the Only Way to Get Burned

The summer is a great time to relax, whether it’s on a beach or on your front porch. Unfortunately, while enjoying picnics and barbeques, online security is the last thing on most peoples’ minds. Therefore, we at RoboForm Password Manager have assembled these 8 simple tips for keeping yourself safe this summer.

1. Always log off of websites - This is especially important when travelling or using a shared computer.

2. Update your software- Although sometimes annoying, these software updates often contain important security upgrades.

3. Monitor your bank accounts/ credit cards- We recommend checking them weekly to look for fraudulent charges.

4. Don’t use duplicate passwords- Duplicating passwords is like men wearing Speedos, it should never happen! You should be using a unique password for every website that you login to.

5. Protect your mobile phone with a PIN- Simple, but many people do not do this.

6. Don’t keep a list of logins/ passwords- You’d be surprised how many people carry around a list of passwords in their wallets or purses!

7. If you see a shark fin in the water, go back to shore- It’s likely just a kid messing with you, but better to be safe than sorry.

8. You got a new puppy? Great! Just don’t use its name in any of your passwords- Never use personal information like names, birthdays, etc. in your passwords.

Have any password security tips of your own for the summer? Please share them with us using the hasgtag #RoboTips and you could see them featured on our Facebook or Twitter pages! And remember, hackers don’t take summer vacations!

Has Your Android Device Been Hacked via Heartbleed?

According to a post on Gizmodo on April 15, not only is Heartbleed causing heartache on hundreds of servers all over the internet, but security researchers have also warned that the bug could allow direct hacks of Android, too. The Gizmodo post recommends that you install Heartbleed Detector, a free app developed by Lookout Mobile, to determine if your device is at risk. For more details visit Gizmodo.

RoboForm Not Affected by the Heartbleed bug

What is the Heartbleed Bug?

The Heartbleed Bug was disclosed Monday night and can occur in open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where most sensitive data is stored.

The bug appears in OpenSSL versions 1.0.1 to 1.0.1f. Version 1.0.1g fixes the bug.

How Does the Heartbeat Vulnerability Affect RoboForm?

It doesn't.

RoboForm servers used OpenSSL ver 1.0.0 and 0.9.8 which were not affected by the Heartbleed Bug.

Upon learning of the bug, we updated all our OpenSSL versions to the 1.0.1g which is published fix for the Heartbleed bug.

What should you do next?

Your Master Password has always been secure, so you do not need to change it.

However, this bug has been out there for a long time and it's possible that sites you regularly visit would be susceptible the vulnerability.

You can check whether or not sites are susceptible using this tool: http://filippo.io/Heartbleed/

We recommend you generate new passwords for any website in which you store sensitive information, such as email, banking, etc. However, you should wait until these sites have updated their OpenSSL version and replaced their certificates with new certificates being issued on 4/8/2014 or later.