There's more than meets the eye
Register now to unlock all subforums. As a guest, your view is limited to a small part of The Sound Board.

Important Notification from Virharmonic

Industry and music tech news, deals and bargains. Anyone can view, any member can contribute.
Post Reply
User avatar

Topic author
tack
Posts: 2370
Joined: Nov 16, 2015 1:10 pm
Location: Ontario, Canada
Contact:

Re: Important Notification from Virharmonic

Post by tack »

That was their followup. This is their initial notice:
We believe that Virharmonic.com has been a victim of hacking and that some emails may have been leaked. We are contacting all email accounts on our website as a pre-emptive measure. We do not store any card numbers or payment details, so no sensitive data of this nature was ever under threat, but we feel that it is crucial to inform you of this breach.

We take security very seriously and are hard at work making sure that no future attempts get through. For your security, we advise that you change your passwords if you use the same passwords as on our website at Virharmonic. We believe that these passwords are sufficiently protected, as they are only ever in encoded form and they should not be unpackable via any form ( in other words nobody should be able to read the passwords under any circumstance), but never the less, we still strongly urge you to change them as a precaution.

It goes without saying that we would never purposely endanger clients or business associates data or information and that we are taking this issue very seriously - our website is now in maintenance mode until we are one hundred percent certain that no further breach is possible.

I thank you very much for your understanding and we sincerely apologise about any inconvenience this might have caused to you.

Please do not hesitate to contact us if you need assistance. We will keep you informed and we will email you again once the website is back up and running.
I appreciated the disclosure.

It's pretty much one of the worst kinds of emails you ever have to send your customers. "We lost your data and have no idea what the bad guys are doing with it." Fortunately in this case it's not overly sensitive data, and based on the description the passwords appear to have been properly hashed and salted (hopefully -- requires reading between the lines).

A technical post-mortem would be nice so that others may learn from their mistakes, but that's rarely ever provided.
- Jason

User avatar

Topic author
tack
Posts: 2370
Joined: Nov 16, 2015 1:10 pm
Location: Ontario, Canada
Contact:

Re: Important Notification from Virharmonic

Post by tack »

Unfortunately the spam to my Virharmonic-exclusive email address has now begun.
- Jason

User avatar

Topic author
tack
Posts: 2370
Joined: Nov 16, 2015 1:10 pm
Location: Ontario, Canada
Contact:

Re: Important Notification from Virharmonic

Post by tack »

haveibeenpwned.com was just updated with a large volume of credentials that has been making the rounds on hacker forums. More details here.

I looked up my personal domain and my Virhamonic email address is included in this dump. I imagine all Virharmonic's customers are as well.

Just a reminder that if you haven't done so already, if you're using the same password you're using for your Virhamonic account anywhere else, you should change all accounts using that password ASAP.
- Jason


Guy Rowland
Posts: 15546
Joined: Aug 02, 2015 8:11 pm
Location: UK
Contact:

Re: Important Notification from Virharmonic

Post by Guy Rowland »

Thanks Jason. Looks like I need to spend a happy weekend changing my passwords - I did a Watchtower check in 1password and, um, this issue requires my attention. Its gotten to the point where a password manager is now essential - I have 177 passwords in mine (and that can't be all), and each one should be unique and strong. There's no safe way of doing that aside from a really good password manager imo.

(Just a thought - this issue is clearly bigger than VIR Harmonic customers, worth highlighting in a new thread do you think?)

User avatar

Topic author
tack
Posts: 2370
Joined: Nov 16, 2015 1:10 pm
Location: Ontario, Canada
Contact:

Re: Important Notification from Virharmonic

Post by tack »

Fine point, Guy. I'll start a thread.
- Jason

Post Reply