LogMeIn Database Hacked

[Asrial]

http://community.logmein.com/t5/Central/Phishing-Attempt-04-29-2014/td-p/119792

Just got a phishing e-mail today, regarding LogMeIn. The thing that makes me pause is how it went straight to the account I actually use for LogMeIn.

Further research led me to that thread, and seeing the reports of other people, I strongly suspect LMI's database was breached.

Sadly, the first post is the only post from LMI about the issue.

Ultimately, I recommend anyone using LogMeIn to change their password (just like every other damn site lately it seems, lol).

 

[TechLady]

Wow, that does not look good. Changed password

 

[oldtech]

Does not mean that LMI is compromised. There are other ways they may have used to target the email. Matter of fact, OP you offer no proof whatsoever to support the title of the thread. Changing passwords regularly is a good idea regardless so good reminder there but ease up on the fear mongering please.

 

[ComputerRepairTech]

If its a unique email for that purpose it is likely something was compromised, might just be the forum though.

 

[pceinc]

Appriver quarantined this message. I had to look for it otherwise I'd never have known. My account is not unique for LMI.


Received: from [64.229.146.208] (HELO OHREMPVDFD)
by inbound.appriver.com (CommuniGate Pro SMTP 5.4.1)
with ESMTP id 83544601 for my email address; Thu, 05 Jun 2014 12:04:14 -0500
Message-ID: <XKY85VMB.2854533@bobharris.plus.com>
Date: Thu, 5 Jun 2014 13:07:01 -0500
From: "LogMeIn.com" <security@logmein.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: <my email address>
Subject: Your LogMeIn digital certificate has expired!
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Note-AR-ScanTimeLocal: 6/5/2014 12:04:14 PM
X-Policy: my domain
X-Primary: my email address
X-Note: This Email was scanned by AppRiver SecureTide
X-Virus-Scan: V-
X-Note-SnifferID: 55
X-GBUdb-Analysis: 0, 64.229.146.208, Ugly c=0 p=0 Source New
X-Signature-Violations:
55-5640012-1713-1799-m
55-5640012-0-3423-f
X-Note: StopOnFail for SIGNATURE
X-Warn: 8BIT This email has illegal characters
X-Warn: REVDNS No Reverse DNS record for 64.229.146.208
X-Warn: SIGNATURE Failed Signature
X-Warn: WEIGHT10
X-Warn: WEIGHT15
X-Warn: WEIGHT20
X-Warn: WEIGHT30
X-Note: Spam Tests Failed: 8BIT, REVDNS, SIGNATURE, WEIGHT10, WEIGHT15, WEIGHT20, WEIGHT30
X-Country-Path: CANADA->UNITED STATES
X-Note-Sending-IP: 64.229.146.208
X-Note-Reverse-DNS:
X-Note-Return-Path: wesoadxf@bobharris.plus.com
X-Note: User Rule Hits:
X-Note: Global Rule Hits: G327 G328 G329 G330 G332 G337 G363 G374 G427 G430 G437 G438 G439 G440 G479
X-Note: Encrypt Rule Hits:
X-Note: Mail Class: MALWARE

 

[JustInspired]

I am now using two-factor authentication for my LogMeIn account. You can use the Google Authenticator app for LogMeIn.
http://help.logmein.com/SelfServiceKnowledgeRenderer?type=FAQ&id=kA0a0000000shEiCAI

 

[Asrial]

If its a unique email for that purpose it is likely something was compromised, might just be the forum though.

I'd never used their forums before. Your actual account is apparently linked to it, but when I went to post in that thread, I had to create a "profile" first.

Another person also mentioned that maybe e-mail addresses have been sold to a 3rd party.

I wouldn't make such a big deal about it, and might even potentially dismiss it, if it wasn't for the number of people saying they create an unique e-mail address for each account created for their clients.

The issue I have is their lack of communication. There's nothing beyond the first post dismissing it as a generic phishing attack.

Unfortunately, I have the nagging feeling it's not so generic.. and given that I use Central for client access, I can't really take it lightly either. What scares me is if one of them had never gotten through my spam protection I'd have never known.

 

[Asrial]

I am now using two-factor authentication for my LogMeIn account. You can use the Google Authenticator app for LogMeIn.
http://help.logmein.com/SelfServiceKnowledgeRenderer?type=FAQ&id=kA0a0000000shEiCAI

My password system has gotten hammered lately. Heartbleed (and Heartbleed Redux), eBay, a personal forum I visit got hacked and now this situation with LogMeIn..

I really feel bad for people that use one password for EVERYTHING.

 

[pceinc]

LMI's response to my email into support regarding this issue.

"Thank you for contacting LogMeIn. We are aware of the situation and these emails did not originate from LogMeIn. These emails do not indicate a breech in our security, as phishing attacks are almost always executed by mass ‘guessing’ and spamming of email addresses. I apologize for the inconvenience and we have recommended customers to delete these emails and do not open.

If you have clicked on the link, please contact your anti-virus service for guidance."

 

[ComputerRepairTech]

I just looked at my spam box. I have a spam on 5/21/2014 going to my logmein only email address. This email address is not used for anything but logmein and havent used logmein in quite a while. I did do a logmein trial but under a different email. So yeah I think its very likely that their user database was compromised. On the other hand I suppose it could be a wild guess since its logmein@unuseddomainhere.com but given the timing I seriously doubt it.

 

[Asrial]

This email address is not used for anything but logmein and havent used logmein in quite a while.

It just feels too.. convenient.

Again, the main issue is a lack of a response AFTER all the people coming in with similar situations. Plus, the initial response from them is too generic anyways.

YOU: "My computer freezes up a lot."

ME: "It's fine. They do that every now and then."

YOU: "..."

I'm not expecting a massive investigation, or for there to even be answers, but maybe a bit more information on WHY we shouldn't worry about a breach regarding at least passwords.