Received the email from Burning Shed, regarding a security breach. Some customer information was compromised, but not any credit card info. They are asking all customers to log-in & change their passwords.
The site is currently off-line, likely with security going through things.
Here is some of the email I received:
Dear Burning Shed Customer
We are sorry to inform you of a breach of security breach here at Burning Shed that has resulted in the unauthorised disclosure of some personal data. You were not in the group of people affected by this but we felt it was important to let you know.
If you have used the same password you used on burningshed.com anywhere else, please change it immediately.
The breach was discovered on Friday 17th April 2020 and is likely to have taken place on the 18th December 2018.
A hacker managed to download a section of our customer database. This consisted of some email addresses, plus the encrypted passwords for those email addresses. Our IT experts do not believe that postal addresses or any other information was accessed. Your email address and password were not included in this download.
However, we know that the hackers did decrypt some of the account passwords. We do not think your password was compromised but if you have used your Burning Shed password on anywhere else online then we recommend that you change it as soon as possible (especially if you also use the same email address to login to that site).
We can however guarantee that no payment information of any kind was compromised as part of this breach. We do not hold any of your credit card or PayPal details on our database. They have not been compromised. You do NOT need to cancel your credit card or PayPal account.
.
But you don't learn until you make a mistake. Using the same password to all accounts is the biggest mistake you can ever make. So, I was one of their victims, unfortunately. Because I'm stupid, and I wrote the same password to any social networks, online shops. Yep, I lost some money from my card. It was a good lesson for me, and I think for anybody who is reading this. I warn you to change your password. And be attentive at scams. This is a good article http://wpaudioplayer.com/ about how you differentiate a scam from a reliable website.
Yes. Pretty painless.
👍
Just reset my password. Worked smoothly for me.
.
😎
I’ve just managed (after a few attempts) to log in using the temporary email password and have finally set up a new strong password.
I received the email about resetting my password, but have not received their email to do so! Currently about 2:05 CST.
They are still down and I want to buy Old Haunts. I seemed to have missed the release of that one.
Still offline currently, noon (Central Time).
.
I seem to have been in the unluckier group: “However, we know that the hackers did decrypt some of the account passwords, including yours.“
Like many people I have been lazy and used the same password on multiple accounts, so I’ve now spent many hours changing all those.
At least I’ve learned a lesson from this!
Just to make it clear - they are saying that if you have used your Burning Shed password elsewhere, then change those other passwords, especially if you use the same email address to login.
The Burning Shed website is currently down, and when it returns we will all be forced to set up a new password there.
I have the same email.
"Took place on 18th December 2018"!!
That's before I signed up with Burning Shed, assuming they mean 2018 and not 2019. It would explain why I'm "not in the group affected".