Hi,
ok, thanks very much for the advice!
I'll just remember to check if links I post has the word 'authenticate' in them then.
That sounds smart.
I'll also try to use the screen-shots more.
Thank you very much for the advice regarding this.
Best regards, Erik Ribsskog
On Wed, Jan 5, 2011 at 3:27 PM, Mario F. Ruckh <mario@myheritage.com> wrote:
Hi Erik,
Screenshots are safer in any case 😉 Below is a link with an authenticate parameter and if you follow it you will notice that it will log you out of your account and into this "test account". It has the login in the key (though it is impossible to get the password from it). As I said, they are a bit dangerous, so never use them in public (we even stopped using them in emails).
Old authenticate parameters stop working once you change your password, so you should be fine from now on. Though I am not 100% sure if this was how your account security was compromised, if you used one of them, it is very likely.
Best
Mario
Mario F. Ruckh
Second Floor Cardiff House, Tilling Road, London NW2 1LJ, England
Office landline UK: +44 20 3239 3288
|
On 5 Jan 2011, at 16:41, Erik Ribsskog wrote:
Hi,
ok sorry, I'm not sure how to se if a link uses 'authenticate' parameter.
I'll try to read more about this.
I have a blog where I write about genealogy etc., but I think I should maybe use more screen-shots instead.
I'll try to update more about this.
Thank you very much for finding out what the problem was.
This was at Christmas, so sorry that I got a bit angry due to problems, I didn't understand it was the links on my blog.
Sorry again about this!
Best regards,
Erik Ribsskog
On Wed, Jan 5, 2011 at 2:31 PM, Mario F. Ruckh <mario@myheritage.com> wrote:
Dear Erik,
Thanks a lot for your email and sorry for the delay. Your enquiry has been sorted out by one of my colleagues already. I am sorry that your account has been compromised, I can assure you that it has not been our servers, they are very safe and constantly monitored.
If you post links on your blog, please make sure you never use a link that includes an "authenticate" parameter (which is equivalent to a login) in them. Earlier some links in emails included those parameters to make sure users get logged into their site when they click it, but we stopped that to improve the security further.
When you email support, make sure you do that from the same email account from which you have bought your premium subscription, so they can identify you as a paying user and will get back to you immediately.
Best regards
Mario
Mario F. Ruckh
Second Floor Cardiff House, Tilling Road, London NW2 1LJ, England
Office landline UK: +44 20 3239 3288
|
On 24 Dec 2010, at 21:18, Erik Ribsskog wrote:
Hi,
now someone have got access to my MyHeritage-account, (which I pay good money for, like they say in America), and they have added some silly pictures there.
I have a password which is difficult to guess, and a university-degree in IT.
Do you know what's going on?
Thanks in advance for any reply.
<trakassering myheritage.JPG>
|
|