Received an email noting an unauthorised login to my rhino account. Have changed the password and allowed two factor authentication for new device logins. A few questions:
Is this as much as I can do?
Can McNeel do anything about this specific incident? Block that IP address or something else?
I don’t let firefox keep track of passwords so login manually for all forums and technical support websites for everything (email, software, standards, etc). So I get a “New sign-in activity” notification email everytime I login. This has served me well however I have not kept up to date with recent hacking trends and counter-measures. Any suggestions? I don’t really want to deal with two factor auth if not absolutely necessary.
Should there be a “It wasn’t me” link in the email so these incidents can be tracked and dealt with by admins?
Changing your password and enabling two factor auth seems to be the best thing you can do for now, yes. Is it possible for you to forward me (aj@mcneel.com) the initial email that stated the unauthorized email to your account?
I wouldn’t say I overreacted, at first glance it looked like someone actually logged into my account while I was asleep. The response to swiftly change password and enable two-factor auth seems quite reasonable. Even in hindsight (see paragraph below) and considering I’m not too precious about my Rhino account. And note that it is the Rhino account, including licences, not just the forum login.
However, while the email notification was sent at 2am local, the actual login was at 4pm local. So it was probably a delayed notification. Usually the notifications come in straight away.
What havoc could someone wreak with a Rhino account? Could licences be “stolen”? Just want to get a handle on the risks. Our IT guy is always telling us about his other clients who have been legitimately hacked.
I get these messages all the time because I do a lot of Rhino testing in new VMs.
Every time I use my credentials on a “new” computer that our servers haven’t seen before, I get a message.
Rhino isn’t unique in this. When I use a different computer to log into online banking, or into my Google account, in addition to a 2-factor challenge, I get a followup message. I look for and expect them.
I get the message all the time too, but usually right then and there. The problem was the delay, it was most likely me logging in at 4pm, but the email didn’t come till 10 hours later (2am), so I was spooked. I’ll check next time to make sure it isn’t just a delayed email.
I suspect the delayed email was because of a messaging server in our Seattle office that needed to be restarted after some bad weather power related problems.
In this case, I’m pretty sure the delay was a fluke.
The server was restarted Tuesday morning and a small backlog of messages went out.
That coincides pretty closely with this timeline.
I suspect John Brock is correct. Have you looked at the timestamp in the message itself? That time tells you the time you logged in. The time the email arrived to your inbox may have been many hours later due to the outage.
At any rate, it is never a bad idea to enable two factor auth.
The first code didn’t work (with and without a space in the middle), hit button to send a new code, the second code was the same as the first code and still didn’t work, hit button to resend again and got a new code that finally worked.
