The Sound Board

Posted: **Apr 21, 2018 11:31 am**

That was their followup. This is their initial notice:

We believe that Virharmonic.com has been a victim of hacking and that some emails may have been leaked. We are contacting all email accounts on our website as a pre-emptive measure. We do not store any card numbers or payment details, so no sensitive data of this nature was ever under threat, but we feel that it is crucial to inform you of this breach.

We take security very seriously and are hard at work making sure that no future attempts get through. For your security, we advise that you change your passwords if you use the same passwords as on our website at Virharmonic. We believe that these passwords are sufficiently protected, as they are only ever in encoded form and they should not be unpackable via any form ( in other words nobody should be able to read the passwords under any circumstance), but never the less, we still strongly urge you to change them as a precaution.

It goes without saying that we would never purposely endanger clients or business associates data or information and that we are taking this issue very seriously - our website is now in maintenance mode until we are one hundred percent certain that no further breach is possible.

I thank you very much for your understanding and we sincerely apologise about any inconvenience this might have caused to you.

Please do not hesitate to contact us if you need assistance. We will keep you informed and we will email you again once the website is back up and running.

I appreciated the disclosure.

It's pretty much one of the worst kinds of emails you ever have to send your customers. "We lost your data and have no idea what the bad guys are doing with it." Fortunately in this case it's not overly sensitive data, and based on the description the passwords appear to have been properly hashed and salted (hopefully -- requires reading between the lines).

A technical post-mortem would be nice so that others may learn from their mistakes, but that's rarely ever provided.

Posted: **May 16, 2018 7:55 pm**

Unfortunately the spam to my Virharmonic-exclusive email address has now begun.

Posted: **Jan 17, 2019 9:52 pm**

haveibeenpwned.com was just updated with a large volume of credentials that has been making the rounds on hacker forums. More details here.

I looked up my personal domain and my Virhamonic email address is included in this dump. I imagine all Virharmonic's customers are as well.

Just a reminder that if you haven't done so already, if you're using the same password you're using for your Virhamonic account anywhere else, you should change all accounts using that password ASAP.

Posted: **Jan 18, 2019 4:26 am**

Thanks Jason. Looks like I need to spend a happy weekend changing my passwords - I did a Watchtower check in 1password and, um, this issue requires my attention. Its gotten to the point where a password manager is now essential - I have 177 passwords in mine (and that can't be all), and each one should be unique and strong. There's no safe way of doing that aside from a really good password manager imo.

(Just a thought - this issue is clearly bigger than VIR Harmonic customers, worth highlighting in a new thread do you think?)

Posted: **Jan 18, 2019 9:26 am**

Fine point, Guy. I'll start a thread.

The Sound Board

Important Notification from Virharmonic

Re: Important Notification from Virharmonic

Re: Important Notification from Virharmonic

Re: Important Notification from Virharmonic

Re: Important Notification from Virharmonic

Re: Important Notification from Virharmonic