Standard post potential security incident rules apply folks. Don't engage with s...

jacquesm · on Nov 10, 2014

> Don't engage with suspicious emails.

You shouldn't do that anyway, regardless of whether there is an incident afoot or not.

> Do not attempt to access your account for now.

Why not? The horse has bolted. Just assume that it is compromised and that anybody can read over your shoulder. That's probably safest with a service like this anyway.

> If you have used your Browserstack password elsewhere, go and change it about the place.

No, if you've used your Browserstack password elsewhere then you should immediately stop that practice and use different passwords for all the services you use, not just change it everywhere else.

> Watch out for any links from untrusted sources on this subject as they may be malicious.

Links from untrusted sources can always be malicious, and should be treated as such. In general, if you didn't initiate the conversation you have to be wary and you should always verify the source of links in email or other communications (and preferably websites) before you start running their code (aka: clicking on their links).

If you are using Browserstack and if you plan on continuing to use them and/or their competitors make sure you interface with test systems only and make sure those systems do not contain any real (privacy sensitive) user data or other data that might lead to your service being compromised in turn, assume someone is reading over your shoulder at all times. This includes test scripts, especially scripts containing credentials, those should really only live as long as the test session.