Lifelabs ransomware/hack

Welcome to Wondercafe2!

A community where we discuss, share, and have some fun together. Join today and become a part of it!

Mendalla

Eastern Lowland Gorilla
Messages
31,149
Reaction score
14,464
Just heard through the media that Lifelabs was victim of a cyberattack. It was reported to the BC and Ontario governments November 1 but is just going public now. They are the largest private lab service in Canada so I am guessing that I am not the only Lifelabs user on here. The company's own letter is linked below along with an article from CBC.


https://www.cbc.ca/news/canada/british-columbia/lifelabs-cyberattack-15-million-1.5399577

If you use Lifelabs portals, they have one for appointments and another for results, please change the password on any account (including your WC2 account) that use the same password. In general, you should be using different passwords for different sites and using a password keeper (Lastpass is the one most recommended by my profession) but if you don't, at least keep a few separate classes. I have different passwords for finance, health, email/cloud, and forums, plus another set for work stuff. In fact, I just changed all my passwords recently even without knowing about this.
 

Mendalla

Eastern Lowland Gorilla
Messages
31,149
Reaction score
14,464
And in case you haven't guessed, this is the kind of s**t that keeps guys like me employed and, sometimes, awake at night. BTW, I do the best I can with the tools I have on WC2 but cannot promise anything near what I have at work. A lot of our security is in the hands of Crocweb, our host, and I can only keep an eye on what is happening and what they are doing. If I felt there was a risk in continuing to use them, there's plenty of other fish in that ocean.

I do recommend looking at the two-factor authentication options on WC2. At least some of you are probably familiar with that from Google and similar. That's the setup where after you enter your password, it texts or emails you a code that you have to enter before you can get in. Just adds another layer over and above the password. There is also the option to use an app for two factor, so that the code would come via the app rather than one of those channels. I am not using it yet myself but may start on some websites

And the usual password advice applies:

A long password is generally recommended (vs. a short complex one)

You should change passwords periodically

Use different passwords for different sites (ie. don't use the same password here as for your bank)

Consider getting Lastpass or similar. This is software that generates strong random passwords, then stores them in a "vault". You only have to remember the password for the "vault", it manages all your other passwords, making it easier to have secure passwords that are different for each individual site that you use. There is an app for mobile devices and a browser extension for when you are on a computer.

And, as already discussed, don't rely on just passwords, esp. for applications like banking where security and privacy are critical. If two-factor authentication is offered, it is probably worth using it. The investment site I use is actually now forcing two-factor on (i.e. you have to use it).
 

Northwind

Still knitting. Walking the path to health.
Messages
10,661
Reaction score
4,075
I don't think I have an account for Lifelabs, though I do use the app, so this might apply to me. I'm going to check out the app you mentioned.
 

Carolla

wondering & wandering
Messages
7,750
Reaction score
5,076
Thanks for the tips Mendalla.

So I read the letter - and now I know what Charlie Brown is doing since he grew up - became a company president! :rolleyes:
 

ninjafaery

I just am
Messages
2,356
Reaction score
404
I"m trying to deal with my email being hacked. When I went to sign in, I was blocked and the recovery email to confirm was gobbeldegook, which means they had my password. Is it possible they could get that info from me using my phone for public wifi?
This is nasty. It sucks. All my business correspondence is there. Someone tried to sign into my amazon account and at least they stopped them.
 
Top