I received a very similar message from Amazon on 3/7/16. Discussion boards seemed to indicate it was legit, however my password was never actually changed by Amazon as the e-mail indicated, nor did I ever change it manually as a result. The e-mail also appeared legit on the headers, but now that I look at a little more closely it originated from amazonses.com which is seems like it might be an e-mail service you can subscribe to? Even though it had all the hallmarks, I never could figure out how it was a valid phishing attempt since no malicious links were contained in the e-mail, and logging on to Amazon to change my own password would result in ? From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Jeff Palmer via Outages Sent: Tuesday, April 05, 2016 12:45 PM To: Joey Kelly Cc: outages@outages.org Subject: Re: [outages] eBay password changes -- were they attacked? If it's a phishing scenario, no matter how they store and protect passwords, they'd be compromised. Keeping in mind, this is not confirmed, and at this point is pure speculation. As for who made them the password police, that is one of the inherent duties in providing such a service. If they knew your account was compromised and did nothing about it, you'd be emailing with a very different attitude. On Apr 5, 2016 12:20 PM, "Joey Kelly via Outages" <outages@outages.org> wrote: On 04/05/2016 10:51 AM, DJ Anderson via Outages wrote:
I got one of those a few weeks ago.
When I inquired about it I was told that the password I was using was found on some leaked password list and due to that they had set a temporary password to protect my account.
-DJ
Does that not imply they are not using salted hashes, but storing the passwords in plaintext? Or maybe they're intercepting the passwords and testing them against a dictionary? I might be OK with the latter, maybe (but who appointed them to be the world's password police?) --Joey Kelly <snip> -- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550 _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages