
On 01/03/2022 at approximately 2:41 AM, I was alerted to a login attempt against my Parallels account. This incident was slightly alarming because of the fact that I have not logged into this account for years, so the login attempt couldn’t possibly me from me. The account is so old, that it is still under my former name “Shiro Ulv” – it was last used in 2014. Upon further review, it has been determined that the attacker likely has access to an old password which I have since retired – they were unable to actually gain access to the account because I utilize two-factor authentication and they did not have access to my second factor.
As a result of this attempted account intrusion, I will be treating this as if the attacker managed to gain full access and performing the necessary remediation measures. This should be taken as a cautionary tale that anyone, especially people with abandoned/orphaned accounts on online services which are no longer used, can be subjected to a data breach or intrusion no matter how good their security hygiene is.