Just don't suggest his actions are turd like .. he doesn't appear to like that

 

Had exactly the same with my Facebook on Thursday. I just changed my password slightly and signed back in.

Simple.

If it happens again I'll just change back to my old password.

 

Lots of people do that too .. it's crazy, why risk it? if someone has your password, chances are it's part of a big list and will likely be used for bruteforce on multiple sites. Changing it back puts you at risk. Add a number, a full-stop, add a capital, unless someone is targeting you specifically they'll just move on when it fails.

 

Fair point. That's what i did this time , added initials to it.

 

We spotted a security breach for a third party website in work and tested the publicly disabled usernames and passwords against our customers, those that matched we reset to a randomly generated secure password and send them letters saying they can follow the password reset route or call up and confirm security. The number of them that were unhappy or tried to set it back to the same password was unreal.

I'd be over the moon if a company was that proactive with my details.

 

do you mean you ran a script against user accounts using well known password like

Password123
P@ssword
letmein
12345678


etc etc

 

No, there is a paid subscription for IT security professionals that gives you details on recently posted Hacks, etc. If you follow the bread crumb you can normally find the lists online.

So we ran the usernames and passwords on said list (from a forum I think) against our LDAPs, those that authenticated where changed and the customers informed. Of course we didn't have the passwords to tell them the new ones, so they had to perform an action to recover accounts.

Difficult to share the reasoning as we don't want to highlight any potential hacker wannabes to this kind of data.