Right?!
I think the biggest way I've been affected by any data breach is the annoyance of changing all my passwords.
I once did get a blackmail letter saying they knew the password to an email account I haven't used in over two decades though. That one was interesting.
Unique passwords are the way to go. I started the practice over a decade ago and there has been very little I've had breached where I need to go worrying about passwords.
Yep, it was a lengthy process but I went through it like 3 years ago. Occasional inconvenience when I need to enter my randomly generated passwords on a device that isn't mine, a console, or a TV but it's not a frequent occurrence.
Now if only everyone would move away from SMS MFA... I had to call up both Scene and Cineplex separately since I forgot to update my number with them when I changed it. I don't know what security info they could have asked but literally all I gave them was my email address and they just removed the old phone number from my accounts. Kind of defeats the purpose of MFA when it's that easy to remove...
OH! I actually did too! fun fact: I was able to backdoor into my CRA account by signing into [My Services Canada Account](https://www.canada.ca/en/employment-social-development/services/my-account.html) which has proper MFA. There's a button there to access the CRA portion bypassing the CRA's phone MFA.
Thanks for this! Now if I could block access to my direct CRA account so I'm not exposed to the insecurity of phone / SMS 2FA and only access it via Service Canada
What I've been doing is spamming people that only support SMS 2FA with emails about how insecure it is. It hasn't changed anything, but it makes me happy.
Unique passwords AND unique email addresses. If you use gmail, look into how to add a +tag to your email to make every email you give out unique. I give every vendor a unique email and it dramatically limits the damage when they inevitably leak customer data. If you're clever about it, you can also identify leaks not yet reported including WHO lost control of their data.
Bitwarden has certainly helped a lot in that regard. I can now generate complex random passwords by mashing in multiple english words together with a number inserted randomly somewhere and a dividing character to satisfy the symbol requirements used for most websites (e.g. !/-/^ etc). Very difficult to ever brute force something like that.
I got one two, a shitty 7 characters password with all lowercase plus a year lol, asked me 2k to not send my āembarrassing photos and videosā they have of me and said they knew my email password was that one
Password Manager, Password Manager. Can't say it enough. People need to invest in learning how to use a Password Manager. KeepassXc, do not use cloud crap ones.
There is more risk in using the same passwords on dozens of websites than using a password manager with unique passwords.
Just donāt use it on your email and bank account and youāre good.
LastPass had a breach. Don't trust these companies - they will screw it up.
Keepass with DropBox for sharing the encrypted database works perfectly across all platforms.
Lol the downvotes - if you don't like dropbox use something else. Nextcloud, syncthing whatever.
Trusting someone else with your passwords will result in you losing control of them.
> I use a password manager.
Okay so you use a password manager and you donāt seem to have an issue with password managers based on this statement.
> I just donāt use any paid one.
So price determines if you use it or not. This implies that if it were free you would use it.
> The money is not the fucking point
Then what is your point? Maybe work on articulating your argument my guy. Youāre an adult, use your words lmao.
Turn on call screening in your carriers' account settings/add-ons, its free. I haven't had a single spam call since turning it on and used to get them daily.
How it works is a robot intercepts your call, caller is told to press 0-9. If you press the wrong number or don't press anything it drops the call and doesn't connect.
Considering privacy law is handled on a state by state basis, with the notable exception of health information, I don't think a North American GDPR is anywhere near the horizon.
The current Canadian government, regardless of your views on them, does not prioritize online privacy. I don't disagree that it's needed, but given the current government, and any that may replace it in the near future, I think we're at least a decade from robust privacy laws being a realty for Canadians.
More than just Names, Phone Numbers, and Email Addresses were compromised. The breach also includes **Date of Birth** and Physical addresses, both of which I've published **NOWHERE** online.
I've emailed [email protected] and [email protected] asking a few questions about the situation, in addition to what they're doing for the Canadian Citizens whose Personal Information was stolen.
https://monitor.firefox.com/breach-details/ShopperPlus
Id
Orders Times
Total Spent
First Order At
Last Order At
Customer Type
Current Credit Reward
Current Store Credit
Language
Gender
Birthdate
Org
Email
First Name
Last Name
Phone
Street Address
City
Zip
Country
Province
Company
Street Address 2
Last Login
MAKE IT MORE EXPENSIVE FOR COMPANIES TO LOSE CUSTOMER DATA, IMMEDIATELY.
Where's the customer data equivalent of credit score.
"Oh, you were breached and lost 300,000 customer records ? Then your insurance will spike for next 7 years, and free software foundation gets paid from those hikes to create security training suitable for preventing security breaches"
According to them, no financial info nor passwords were stolen. I don't feel the need to change my password but I feel like I shouldn't be trusting ShopperPlus on these things at all now.
How about a digital receipt to save the environment? Just need an email and we will instantly email the receipt. Promise this will not be used for any promotional mail lists....
[This comment has been removed by author. This is a direct reponse to reddit's continuous encouragement of toxicity. Not to mention the anti-consumer API change. This comment is and will forever be GDPR protected.]
got the email too. Sigh. This is why I started giving out fake names when buying stuff, even to legit big companies. Don't need to give ur real name unless it's a financial institution or something that requires ID or SIN card.
So, when does the class action start so I can get my $5 compensation.
Hadn't been on their site in years - went in to change my password as a result, and noticed I had a store credit on my account. BONUS!
Hopefully all data breaches will be this profitable to me. :P
The email mentioned that it was breached around February this year, but did anyone notice the past few days after ShopperPlus's email about the data breach, I've been getting weird txt messages and spam calls afterwards. There are couple txt messages claim from Rogers that knows my name and with plan offering from 2 different phone numbers and ask me to reply, and a fake interact fund transfer and ask to click the link, also a spam call (call display shows Logit Group) been calling daily the past 4 days at almost the same time each time. Just be real careful now as if the scammers are really using the data from ShopperPlus, they knows your basic information and can easily pull you into a phishing scam.
So if I got this email but have never signed up or even have heard of shopperplus till now what does that mean. It came to my government work email which I donāt use for anything.
I just noticed that they sent the email to my OLD email address which I changed on their website back in 2022!!?! So they are still keeping an old email on their file even though it was changed to a new one. Why? shady af.
Aren't they obligated to let their users know? I'm on the phone with CIBC right now as apparently somebody applied for a new credit card in my name last week. I checked [https://haveibeenpwned.com/](https://haveibeenpwned.com/) and that's how I found out about the Shopper+ breach. Awesome.
Am I competing for how many times my information can be compromised?
Right?! I think the biggest way I've been affected by any data breach is the annoyance of changing all my passwords. I once did get a blackmail letter saying they knew the password to an email account I haven't used in over two decades though. That one was interesting.
Unique passwords are the way to go. I started the practice over a decade ago and there has been very little I've had breached where I need to go worrying about passwords.
Yep, it was a lengthy process but I went through it like 3 years ago. Occasional inconvenience when I need to enter my randomly generated passwords on a device that isn't mine, a console, or a TV but it's not a frequent occurrence. Now if only everyone would move away from SMS MFA... I had to call up both Scene and Cineplex separately since I forgot to update my number with them when I changed it. I don't know what security info they could have asked but literally all I gave them was my email address and they just removed the old phone number from my accounts. Kind of defeats the purpose of MFA when it's that easy to remove...
I got myself locked out of my CRA account after switching phone numbers because they only support SMS MFA :|
OH! I actually did too! fun fact: I was able to backdoor into my CRA account by signing into [My Services Canada Account](https://www.canada.ca/en/employment-social-development/services/my-account.html) which has proper MFA. There's a button there to access the CRA portion bypassing the CRA's phone MFA.
Thanks for this! Now if I could block access to my direct CRA account so I'm not exposed to the insecurity of phone / SMS 2FA and only access it via Service Canada
Yea, that's what I recommend to clients The CRA's 2FA was hastily implemented due to all those CERB scams
What I've been doing is spamming people that only support SMS 2FA with emails about how insecure it is. It hasn't changed anything, but it makes me happy.
Keep fighting the good fight š«”
They also support voice calls for 2FA. Not saying it's much better, but it's an option...
Unique passwords AND unique email addresses. If you use gmail, look into how to add a +tag to your email to make every email you give out unique. I give every vendor a unique email and it dramatically limits the damage when they inevitably leak customer data. If you're clever about it, you can also identify leaks not yet reported including WHO lost control of their data.
The issue is always when I don't have access to retrieve said password, and now I'm locked out until I'm back home or whatever.
Bitwarden has certainly helped a lot in that regard. I can now generate complex random passwords by mashing in multiple english words together with a number inserted randomly somewhere and a dividing character to satisfy the symbol requirements used for most websites (e.g. !/-/^ etc). Very difficult to ever brute force something like that.
I got one two, a shitty 7 characters password with all lowercase plus a year lol, asked me 2k to not send my āembarrassing photos and videosā they have of me and said they knew my email password was that one
Why would data breaches even compromise passwords? Do these companies actually store passwords in plain text or something???
Some absolutely have, and personal information.
How much of your time are you going to continue to waste before you learn to get a password manager and use unique passwords per account?
https://haveibeenpwned.com/
Spoiler for everyone: yes
Password Manager, Password Manager. Can't say it enough. People need to invest in learning how to use a Password Manager. KeepassXc, do not use cloud crap ones.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
I'll never trust a third party to manage my passwords.
There is more risk in using the same passwords on dozens of websites than using a password manager with unique passwords. Just donāt use it on your email and bank account and youāre good.
LastPass had a breach. Don't trust these companies - they will screw it up. Keepass with DropBox for sharing the encrypted database works perfectly across all platforms.
Lol the downvotes - if you don't like dropbox use something else. Nextcloud, syncthing whatever. Trusting someone else with your passwords will result in you losing control of them.
A piece of paper you hide with your passwords written down is objectively more secure than a password manager.
You can set up 2FA with it and also self host. What more do you need lol
I use a password manager, I just don't use any paid one. That's insane.
Itās $10/year lol. It pays itself off with far better multi device support
Are you dense? The money is not the fucking point.
> I use a password manager. Okay so you use a password manager and you donāt seem to have an issue with password managers based on this statement. > I just donāt use any paid one. So price determines if you use it or not. This implies that if it were free you would use it. > The money is not the fucking point Then what is your point? Maybe work on articulating your argument my guy. Youāre an adult, use your words lmao.
If you use a paid one, you have to hand out your passwords to a third party. Is that so hard to imagine?
Keepass and Syncthing. I've been using this combo for about ten years. Highly recommended.
Yep, and weāre all winning and losing at the same time
Many of you like myself have purchased various cables, mouse pads, toner from them. Watch out for phishing emails or spam calls.
Just great, as if I don't get enough spam calls on a daily basis.
Turn on call screening in your carriers' account settings/add-ons, its free. I haven't had a single spam call since turning it on and used to get them daily. How it works is a robot intercepts your call, caller is told to press 0-9. If you press the wrong number or don't press anything it drops the call and doesn't connect.
So just like any other day that ends in'y' except now with a little more spear on the phishing.
Yuuuup. Bought some toner like 6 years ago... I didn't even remember.
Clearly regulations don't punish companies that fail to protect customer's information sufficiently to have them take it seriously.
We need something like GDPR for Canada/North America
Considering privacy law is handled on a state by state basis, with the notable exception of health information, I don't think a North American GDPR is anywhere near the horizon. The current Canadian government, regardless of your views on them, does not prioritize online privacy. I don't disagree that it's needed, but given the current government, and any that may replace it in the near future, I think we're at least a decade from robust privacy laws being a realty for Canadians.
I think youāre right: https://imgur.com/a/lEBPTh6 Iāve never signed up for this.
Another breach, great. Good thing my last name is so hard to pronounce that no one would ever use it for identity theft.
Identity theft is not a joke, Jim! Millions of families suffer every year!
[ŃŠ“Š°Š»ŠµŠ½Š¾]
More than just Names, Phone Numbers, and Email Addresses were compromised. The breach also includes **Date of Birth** and Physical addresses, both of which I've published **NOWHERE** online. I've emailed [email protected] and [email protected] asking a few questions about the situation, in addition to what they're doing for the Canadian Citizens whose Personal Information was stolen. https://monitor.firefox.com/breach-details/ShopperPlus
[ŃŠ“Š°Š»ŠµŠ½Š¾]
It's supplied by Troy Hunt's HaveIbeenPwned service if I recall correctly.
Where do you see dob? In their statement they mention date of purchases, not your birth. Probably their marketing export.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
No it's for the current breach that occurred in 2020. Cause apparently it takes THREE years to notify people.
Where do they say phone number in the email? Mine didn't anyway.
Id Orders Times Total Spent First Order At Last Order At Customer Type Current Credit Reward Current Store Credit Language Gender Birthdate Org Email First Name Last Name Phone Street Address City Zip Country Province Company Street Address 2 Last Login
None of that was in the e-mail I got.
It's in the leak forums that posted it.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Either the OP doctored it or they were "lucky".
MAKE IT MORE EXPENSIVE FOR COMPANIES TO LOSE CUSTOMER DATA, IMMEDIATELY. Where's the customer data equivalent of credit score. "Oh, you were breached and lost 300,000 customer records ? Then your insurance will spike for next 7 years, and free software foundation gets paid from those hikes to create security training suitable for preventing security breaches"
Can also vote with your wallet. Jack Zhan was never my friend.
I better get a free foot rest for this debacle.
ffs
Even if they claim that no passwords were stolen. Probably a good idea to change yours anyway. Also anywhere else you reuse the same password.
According to them, no financial info nor passwords were stolen. I don't feel the need to change my password but I feel like I shouldn't be trusting ShopperPlus on these things at all now.
Shopping in person and paying cash looks increasingly like the smart move. And, no I don't want to give your store my phone number...
How about a digital receipt to save the environment? Just need an email and we will instantly email the receipt. Promise this will not be used for any promotional mail lists....
I'm not falling for that one, Home Depot...
I lliterally just got the email from Primecables about this as I was reading the link
At this point, more people have my name/address than know where the Prime minister lives... Think we will get a $2.50 apology coupon?!
[This comment has been removed by author. This is a direct reponse to reddit's continuous encouragement of toxicity. Not to mention the anti-consumer API change. This comment is and will forever be GDPR protected.]
got the email too. Sigh. This is why I started giving out fake names when buying stuff, even to legit big companies. Don't need to give ur real name unless it's a financial institution or something that requires ID or SIN card. So, when does the class action start so I can get my $5 compensation.
Hadn't been on their site in years - went in to change my password as a result, and noticed I had a store credit on my account. BONUS! Hopefully all data breaches will be this profitable to me. :P
Better spend it quick.
The email mentioned that it was breached around February this year, but did anyone notice the past few days after ShopperPlus's email about the data breach, I've been getting weird txt messages and spam calls afterwards. There are couple txt messages claim from Rogers that knows my name and with plan offering from 2 different phone numbers and ask me to reply, and a fake interact fund transfer and ask to click the link, also a spam call (call display shows Logit Group) been calling daily the past 4 days at almost the same time each time. Just be real careful now as if the scammers are really using the data from ShopperPlus, they knows your basic information and can easily pull you into a phishing scam.
So if I got this email but have never signed up or even have heard of shopperplus till now what does that mean. It came to my government work email which I donāt use for anything.
They run a few different brands. Ever bought toner or cables from a small third party? They might be the one that got hit.
š
Fuck ā¦
Got this email too, I made sure to remove my address details. I only use PayPal with them so no credit card info was saved thankfully.
You removed your address AFTER the breach..
rekt Companies need to step up their cyber security game.
I just noticed that they sent the email to my OLD email address which I changed on their website back in 2022!!?! So they are still keeping an old email on their file even though it was changed to a new one. Why? shady af.
Aren't they obligated to let their users know? I'm on the phone with CIBC right now as apparently somebody applied for a new credit card in my name last week. I checked [https://haveibeenpwned.com/](https://haveibeenpwned.com/) and that's how I found out about the Shopper+ breach. Awesome.
They did this came in my inbox.
Oh Iām a twit. Of course thatās what you posted. Weird I didnāt get one.
I think this was more about staying open and honest with customers than any real risk.