Skip to main content

Hover Updates

August 4 Security Incident

Hover on August 10, 2015
Volume discounts: a megaphone and a microphone to show this is an announcement

On August 4th, 2015, we reset all of our customers’ passwords and emailed them a password reset link to create a new one.  Your account security is extremely important, which is why we acted quickly to reset all customer passwords.

Over the past few days, we’ve continued to investigate and we now have further details to share.

What Happened?

 

What’s Next?

Our team of developers, security experts and support staff have worked around the clock since the incident occurred. This incident has caused us to scrutinize, test, and improve all Hover processes, ranging from tightened access controls to systems design.

We appreciate your patience and cooperation while we worked through this issue.

Additional Security

There are further measures you can take to keep your account even more secure, which we encourage you to do.

Use A Unique & Complex Password

Use a unique and complex password and never reuse passwords for different services. A good password is at least 12 characters long and consists of different letters (a mixture of upper and lower case), numbers and symbols. A password manager like 1Password or LastPass will allow you to easily generate great passwords and securely store them so you don’t need to remember them all.

Use Two-Factor Authentication

With two-factor authentication, you will add an additional step required to access your account. After entering your password when logging in, you will be prompted to provide a unique and time-sensitive code accessed via your mobile device. This keeps your account safe even if someone accesses your password. For instructions on how to set this up, see our two-factor authentication article.

Frequency Asked Questions

How do I access my account?

Visit https://www.hover.com/signin/forgot_password to choose a new Hover account password. If you’ve already done that, no further action is needed.

Was my Hover account accessed?

There is no evidence that any Hover accounts have been accessed.

Was my financial/payment information accessed?

There is no evidence that any financial/payment information has been accessed.

How are passwords secured?

All account passwords are encrypted using industry-standard, high encryption (bcrypt). Additionally, we never send lost passwords.  To reset a password, customers must use a password reset link and email, which contains a time-limited encrypted token.