Conversation

Notices

1. Embed this notice
   feld (feld@bikeshed.party)'s status on Wednesday, 26-Apr-2023 20:53:17 JST feld

   in reply to

   • varx/tech
   • lopta
   Based on the bizarre response he sent back I think the guy's full of shit because if those things aren't compromised there's no good reason to do a thorough reset of them
   • Embed this notice
     varx/tech (varx@infosec.exchange)'s status on Wednesday, 26-Apr-2023 20:53:19 JST varx/tech

     in reply to

     • lopta

     @lopta I reset my password using the "compromised account" feature, since it just took a moment. Little to lose. However... I'm not convinced yet that there's a legitimate threat, so I haven't done anything beyond that.

     (I don't use 2FA with Amazon because their 2FA support kind of sucks, and I don't have any "devices".)

     It's easy for people to think they've found something serious and be dead wrong about it. I know this from the perspective both of someone who has raised a false alarm, and of someone who has to field security disclosures. So I'm holding this with some uncertainty, and I figure we'll know soon enough.

   • Embed this notice
     lopta (lopta@mastodon.social)'s status on Wednesday, 26-Apr-2023 20:53:20 JST lopta

     Is everyone signing out of their Amazon devices, setting up 2FA and changing passwords?