I want to update everyone on the Lifelock alert situation.
We take security very seriously and upon learning of the alert, we directed several people both inside and outside our organization to investigate the problem immediately.
Here's what we found so far:
- Background: the "dark web" is basically some forums, much like this one, that are encrypted or hosted on a non-standard port so they cannot be located or indexed by search engines. Access to these forums, in which hackers sell or trade data, is by invitation only. This particular Lifelock alert indicates that a file was offered in such a forum that references one of our domains. That is the extent of the evidence. Neither Lifelock nor Symantec monitors our servers or has any way to identify an actual breach. Their notification is based entirely on the claim of an anonymous forum user.
- We have established that the alert was real and sent by Lifelock. However, when we contacted Lifelock for further information they admitted they cannot find any supporting information about a breach of our domain.
- They referred us to Symantec, who does the monitoring and provides the alert information to Lifelock. Symantec has no record of a breach or suspicious activity associated with any of our domains. They confirmed by phone that their records classify all of our sites as safe.
- If you wish to verify that information you can check their assessment of our site at:
https://safeweb.norton.com/
Again, this not a generic security check -- Symantec is the source of the data for Lifelock alerts.
- We have asked Lifelock to investigate this alert and why they do not have any data to support it. They have agreed to do so and we hope to hear back from them soon.
- Meanwhile, we have scanned our servers for malware and analyzed the server logs for any suspicious activity. None was found. We scan for these issues daily, but performed a more in-depth scan on Thursday. We found no malware, no successful injection attacks or cross scripting, no rogue file uploads, and no unauthorized access to or unusual activity in our database.
- Please rest assured that even in the event of a breach, no credit card data is stored on our servers and all passwords are encrypted and saved as a 40 character hash of text and numbers.
BOTTOM LINE: Based on this information PLUS data from other professional security resources we believe the following to be true:
- There is no forensic evidence of a recent breach
- Analyzing the email addresses reported we believe the data may be from an old breach (the only one we have experienced), which we publicly reported a number of years ago
- We checked our user passwords against a public database of hacked passwords and found no matches, so we believe that passwords were NOT exposed
NEXT STEPS: We recommend you change your forum password just to be safe. You can do that at:
https://forums.sailboatowners.com/index.php?account/security (you must login to access this screen)
We also strongly recommend that you never use one password for multiple sites, and choose a long password or phrase. 12+ characters is best.
While our site is scanned, tested, and monitored for attacks and breaches daily, we have added an additional layer of security at the network firewall which will block traffic from torrent servers, bots, brute force login attacks, and a wide variety of other suspicious actions and sources. We will also be blocking traffic from countries with little boating but lots of hackers.
We appreciate your patience and understand your concern. If you have any questions please contact us through
customer service. We will continue to update you if new information becomes available.