YANO's digital garage

Copyright ©YANO All rights reserved. https://www.bravotouring.com/~yano/

Last-modified: 2019-09-12 (木)


[一語一絵/IT系]

Bitlyのメアド漏洩 / 2018-05-07 (月)

連休中から

Good day!

We considered your resume to be very attractive and we thought the vacant position in our company could be interesting for you.

Our firm specializes in online services in the matter of business administration.
We cooperate with different countries and currently we have many clients in yours region.
Due to this fact, we need to increase the number of our destination representatives' regular staff.

Part-time and full-time employment are both currently important.
We offer a flat wage from $1500 up to $7000 per month.

If you are interested in our offer, please [a:http://tangray.nl/priva/Software/appDev/test/.settings/]visit our web page.

Attention! Accept applications only on this and next week.

Respectively submitted
Personnel department
…など英語のスパムが続々着弾。

MAY 2014: URGENT SECURITY UPDATE REGARDING YOUR BITLY ACCOUNT
https://bitly.com/blog/より

spamassassinの検出漏れにしては本文が長いケースも多い気がしてきたので、調べてみると[External]短縮URLサービスの[External]Bitlyに登録したメアドである事が判明。

すわ、個人情報流出インシデント祭り勃発か!と興奮しつつググってみたところ、4年前に[External]Bitly、アカウントのクレデンシャル情報が侵害を受けた疑いという記事があったのを発見。

「なんで今頃?」と思いつつ、メールを検索したところ

We have reason to believe that your Bitly account credentials have been compromised; however, we have no indication at t
his time that your account has been accessed without permission.
Just to be safe, we have proactively disconnected any connections you might have had to publish on Facebook and Twitter
from your Bitly account. You can safely reconnect these accounts at your next login.
Although you may see your Facebook and Twitter accounts connected to your Bitly account, it is not possible to publish t
o these accounts until you reconnect your Facebook and Twitter profiles.
To ensure the security of your account, please take the following steps:
1) Go to Your Settings Profile tab and reset your password.
2) Go to Your Settings Connected Accounts tab to disconnect and reconnect any Twitter or Facebook accounts. If you have any connected applications, disconnect and reconnect through the third-party application.
3) Go to Your Settings Advanced tab to reset your API key. If you are a developer using your API key, copy the new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
We have taken measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward.
We apologize for any inconvenience and we will continue to update our Twitter feed, @Bitly, as we have any further updates.
Sincerely,
The Bitly Team
https://bitly.com/
という通知があったよ。

登録はしたものの基本的に使ってないサービスなので悪影響はないのだが、漏洩から4年経って動き出したのは気味が悪いな。

【参照】
●INTERNET Watch https://internet.watch.impress.co.jp/
Bitly、アカウントのクレデンシャル情報が侵害を受けた疑い 2014/05/09
●Bitly Blog https://bitly.com/blog/
MAY 2014: Urgent Security Update Regarding Your Bitly Account 2014/05/11
●Wikipedia https://ja.wikipedia.org/wiki/
短縮URL
●Wikipedia https://en.wikipedia.org/wiki/
Bitly