Technology Department News

Online Security – Part 2

padlock

‘Tis the season. I just received a notification that Pure Michigan’s account was compromised:

December 20, 2019

As most of you are aware, Wednesday, December 18th an email was sent out appearing to be from Pure Michigan / Michigan Festivals and Events regarding updating your membership information. Unfortunately our account with Constant Contact was compromised. Constant Contact recognized that it was a faux email, and quickly disabled the provided links so others were not at risk. We have taken the necessary measures to secure the account again.

While we are needing your updated information, please contact our office directly for forms.

Please accept our apology in this error.

Wishing everyone Happy Holidays

Mike Szukhent
Michigan Festivals and Events Association
President, CEO

This follows on the heels of the news that 2019 brought us at least 948 reported attacks. Oh, and 1,500 Ring passwords have been discovered to be available via the dark web (in other words, there are 1,500 known user name and password combinations from Ring available to the bad guys).

This follows the news that MysteryScience had a data breach. A couple of our users reached out to me when they received an email stating that MysterScience had been breached and telling them to reset their password. I reached out to MysteryScience to confirm that there was a breach. I also reminded people to NOT follow the link in the email. Instead, always go to the site by typing in the URL yourself. This way, if the email is legitimate, you’ll be prompted to change your password. If the email was a phishing attack, you haven’t fallen for it.

MysteryScience did finally get back to me.

So sorry for any confusion! I’m glad you’re careful and double-checking. Yes, there was indeed a data breach. If you’d like more information, you can look at this FAQ directly on our website: https://mysteryscience.com/docs/security-update-dec-2019

You can reset your password from the link in the email we sent out to all users affected by this breach. Alternatively, you can go directly to our website at www.mysteryscience.com, and it will prompt you to reset your password there.

I hope this clarifies–and I’m sure glad you reached out to confirm!

MysteryScience

All of this is a good reminder to never use the same password twice. This can be accomplished via utilizing a good password manager (which I’ve been advocating for since 2016).