Security Week reports in, “Sophos Kills Partner Portal After Suffering Breach” that the security firm Sophos has disabled its partner portal after discovering a breach.
They aren’t saying much yet — kudos to them for their disclosure and response — but they think that the breach came from an older part of their portal, and not their new one hosted by SFDC. They expect the portal to come back after this week’s holidays.
I recommend two-factor authentication as a big help. I know a company that has a wide range of options including soft tokens that can run on smartphones. They got a perfect score from SC Magazine, are a price leader, and also won their award for Best Multifactor Authentication.
(Full disclosure — I work for them.)