[cbvinh]

If the OP is admitting that his FB "friend" was being lax with his passwords, why make a general post here about BBID being hijacked? It's about as useful as "BEWARE, Toyota/Honda/Audi/Lexus/etc. was stolen and used for a joy ride" then saying that "yes, it's not the car security system's fault, but the warning needed to be posted."

[hannibalmoot]

Chances are it may have only been an email hack, then the culprit could have contacted anyone in the address book who had a BB pin entered and contacted them from his own BBM that he set up to look like the owner.

He could have done all that without ever hacking the BBM account as all he'd need are the contact's pins to send them a message from a new made up BB ID.

[Richard Buckley]

If the OP is admitting that his FB "friend" was being lax with his passwords, why make a general post here about BBID being hijacked? It's about as useful as "BEWARE, Toyota/Honda/Audi/Lexus/etc. was stolen and used for a joy ride" then saying that "yes, it's not the car security system's fault, but the warning needed to be posted."

So you're saying that a post on CB may not have far reaching application across the community? Like that's never happened before. The OP was, in his own words trying to warn others. I appreciate his efforts, even if not applicable to me.

Posted via CB10

[jrohland]

I thought about what might happen if my BBID got commandeered. I quickly realized it would be a considerable problem. As such, I changed my logon name and password this morning to something I don't use anywhere else. I do wish BlackBerry would implement a 2-part authentication. I know those are not perfect but they are better than not having it. As long as you don't use 2-part as a crutch to use a short/simple password.

[1magine]

I thought about what might happen if my BBID got commandeered. I quickly realized it would be a considerable problem. As such, I changed my logon name and password this morning to something I don't use anywhere else. I do wish BlackBerry would implement a 2-part authentication. I know those are not perfect but they are better than not having it. As long as you don't use 2-part as a crutch to use a short/simple password.

What?

In order to 'hijack' or 'hack' a BBID the Blackberry's Password Program would need to be hacked. This would require them to do something no computer system, including the NSA has been able to do - hack a 128 bit encryption. Or of course the 'hacker' had prior knowledge of the persons e-mail and password. A friend, ex-friend, girlfriend wife. But then, to not hack for malicious purposes but for the purpose of financial gain? COME ON! I swear some people will ignore the most obvious things. This is a hoax. A lie. An internet tale. Notice how the OP was careful not to say this was an I-phone or an Android phone that got hacked to get his BBID? Because the focus is on Blackberry security. Like a previous poster indicated, either the 'friend' was loosey goosey with their e-mail and password info, in which case this discussion is as useful as warning not to leave your car open and running while you go shopping in a crime ridden neighborhood, And even that scenario is more believable than this. Or the whole thing is a steaming pile of horse hooey.

Seriously - go to your device and settings. Look at your BBID? See your login? Nope. You don't. Just the ID. Where's the password? Well try to find it on a BB. The best hackers in the world have tried. You are not getting to it. And all this is if you physically have the unlocked phone in your hands for an unlimited time. Or you can take the ID and attempt a Brute force attack. But I believe after 10 tries you are done. If the guy's email was hacked, and he had the same BBID password as his email, so what? What hacker would even know that a google or yahoo user has a BBID or what the ID is. Just the password. And then to specifically set the ID up on a very traceable device where the EIN and MEIN is part of the same header that gets sent to BB servers as part of an intricate financial scam? Really? All I want to know is if their are any women out there between 18-30 who believe this. Because I need your help. You see I have E.P.S. a terrible syndrome....

[jrohland]

Those of us who actually understand security know you don't attack the hardened front door. You look for other vulnerable access points. I am not worried someone might "hack" BlackBerry's password database. I'm worried they may harvest my account information from some other less secure system. That's why I made sure to create new logon and password that has never been used anywhere else.

With 2-part authentication, even if they somehow get my logon information, they can't get in without the single use code that would be sent to me by whatever means I choose.

Finally, properly secure systems do not store passwords. They store a non-reversible hash of the password. That way, even if the database is compromised the miscreant does not get the password. They get the hash code and would need to run an attack trying to guess the password and see if it creates the same hash code. Which is why longer and/or more complex passwords are a good idea. If they were able to access the passwords from a database it wouldn't make any difference how long or complicated it was.

[Lendo]

I've read enough of this thread to see it's going nowhere. Time to move along people.