 SarahPremium,ExMod 2002-05
join:2001-01-09
Cambridge, MA
kudos:5
 ·MegaNet Communic..
| reply to Hall
Re: site user password intrusion info said by Hall: Generally speaking, who cares about the username (and password) for this site. As he pointed out, the thing to worry about is if people use the same e-mail and password for logins at other sites such as online banking, ebay, Paypal, etc. It may be a username that he uses on other sites. Not every site uses an e-mail for a login.
--
Join the DSLR Kiva team! |
|
|
|
 GeekNJPremium
join:2000-09-23
Waldwick, NJ | reply to Hall
said by Hall:said by R2:I echo PapaDos' questions. What about UserName?
Also, you may had stated this somewhere, but just to clarify:
If our Email address is listed as "Not Public" on our page, was our Email address taken? Generally speaking, who cares about the username (and password) for this site. As he pointed out, the thing to worry about is if people use the same e-mail and password for logins at other sites such as online banking, ebay, Paypal, etc. And whether or not your e-mail is *displayed* on your profile page here isn't relevant. They got access to the back-end of the site, not the front, visible side. It's relevant because many sites, such as this one, use username/password and folks use usernames across sites.
For the poster that asked if it's hidden, does that mean they didn't get it? They absolutely got it. The "hidden" just means what shows or doesn't show on someone's web page, not what data is stored about you.
Safest to assume they now have all info about you that is captured on this site. Make your decisions based on that.
--
Tweaked your connection? | Mail Parse | Speed Converter |
|
 WeirdalPremium
join:2003-06-28
Grand Island, NE
kudos:20 | reply to justin
said by CyclonRed :Not all of the accounts were compromised - last number I read was 9K.
9k emails were sent to the subset of users that have been active in the last 12 months. DSLR has 1.6 million users, and 8% of that is 135,000. That includes some deleted, dollarcided, and banned accounts too, but I doubt that's more than a few hundred of the 135k.
said by Justin :
I identified the newest accounts, those that were obtained and have logged in over the last 12 months, and have alerted those by email. This amounts to some 9000 accounts.
--
»[Info] The DSLR Orangeface extension 2.0! |
|
 MLOK5My Reality Check BouncedPremium,MVM
join:2000-08-17
Allen, TX | reply to justin
Thanks for the quick response and notification. I really appreciate it  |
|
 CylonRedPremium,MVM
join:2000-07-06
Bloom County | reply to Weirdal
And you arrived at 8% how? |
|
| reply to justin
Unfortunately I am part of the lottery group  Appreciate the quick notification last night and changed my PW. Thankfully it wasn't a PW I use on sensitive websites. |
|
tcmits
join:2000-06-12
Greenbelt, MD | reply to justin
I do not find DSLreports response to this problem to be adequate. Will you be offering identity protection/insurance coverage for those whose personal information was hacked and released/stolen?
I believe you should and that you should do so immediately. From my reading and understanding in the e-mail received, there appears to have been some type of error on your end that permitted this. If I am incorrect in what I read, please explain my misunderstanding to me.
Otherwise, I believe you owe it to all impacted to offer such coverage and reimbursement in full. |
|
WeirdalPremium
join:2003-06-28
Grand Island, NE
kudos:20 | reply to CylonRed
said by CylonRed:And you arrived at 8% how?
The email said it, and I assumed it was mentioned in this thread but apparently not.
--
»[Info] The DSLR Orangeface extension 2.0! |
|
tcmits
join:2000-06-12
Greenbelt, MD | reply to Hall
I would hope he is busy setting up a complete credit and insurance protection policy, after the fact...for anyone who has had their account hacked and been put in, what I believe to be, significant and severe danger of identity theft.
This is a very serious breach and one that some type of user insurance protection, after the fact, against identity theft, should be immediately offered, in my opinion. |
|
 AlcoholPremium
join:2003-05-26
Climax, MI
kudos:3
 ·Comcast
| reply to tcmits
said by tcmits:I do not find DSLreports response to this problem to be adequate. Will you be offering identity protection/insurance coverage for those whose personal information was hacked and released/stolen?
What sensitive information do you have on dslr that will require identify protection?
--
I found the key to success but somebody changed the lock. |
|
 SteimesI make internetsPremium
join:2002-01-08
Belle Vernon, PA
kudos:1 | reply to tcmits
said by tcmits:I would hope he is busy setting up a complete credit and insurance protection policy, after the fact...for anyone who has had their account hacked and been put in, what I believe to be, significant and severe danger of identity theft.
This is a very serious breach and one that some type of user insurance protection, after the fact, against identity theft, should be immediately offered, in my opinion.
The onus is on you to use best practices when creating online accounts. Never assume that a site is secure, or the owner of the site has best intentions (or whoever my come to be the owner of the site).
Do not reuse passwords.
-or-
Stop trolling.
--
Making procrastination an art form since Pluto was still a planet. |
|
 antiseriousThe Future ain't what it used to bePremium
join:2001-12-12
Scranton, PA | reply to justin
I find it interesting to read the posts jumping all over Justin. I had no idea there were so many people that had never fxxxxd up anything before!
With a tech site that has been targeted by attacks before, it's surprising to me that more damage has not been done in the past. Personally, I'm for cutting a little slack here. I hope this will generate a review of all site security and procedures in the near future, to find and correct any other potential vulnerabilities before they can be exploited.
Since I wasn't dumb enough to use this username/password for anything really important, the inconvenience to me is minimal at best. If you're panicked about what damage might be done to you, maybe spare a little of that vitriol for yourself, and review your security protocols in between those stones you're casting. Just a thought, fwiw.
Justin, thanks for all you do, and will do for us, and thanks to everyone else helping to clean up this mess. Most of us really appreciate it, as you can see.
--
"My goal in life is to become the kind of problem that people throw money at".
|
|
 fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14 | reply to JRBlood
Sent. It may take 20-30 minutes to get there based on what some other folks are saying.
--
ain't gonna pee pee the bed tonight |
|
tcmits
join:2000-06-12
Greenbelt, MD | reply to Alcohol
Sensitive personal data, user names and passwords were compromised. If the hackers use them anywhere that causes identity theft, IMHO, it is the financial responsibility of DSLreports to reimburse anyone who may be victimized by this breaking into their system.
I believe they owe to everyone who was hacked, some type of credit and financial/insurance protection as a result of the site's being hacked.
I do not consider this a joke. When I pay, any amount, to a site for its business, I expect that all reasonable protections as to my personal information will be provided.
I seldom use this site, maybe once or twice a year for a decade. However, that changes nothing. If my identity or identity theft on any other sites occurs as a result of this, IMHO, I believe DSLreports is responsible. They should be immediately offereing ID Protection, etc. to all those affected, IMHO.
I am not one of those saying the admins may have learned a lesson or that there is little potential harm resulting from this. I believe it is implied in payment for the services of this site that a contract is formed that will use all prudent ways to assure that no personal or private data will be compromised. From what I've read, I am unsure that to be the case. If I'm wrong, I apologize. However, if just because the admins may be "nice guys," any of us have been exposed to serious ID theft and the hassles/time/legalities/monetary costs/ etc. that come with it.....I think it should be on DSLreports to provide a third party identity protection service to everyone who has been a victim of this. That's my personal opinion and YMMV.
Nothing personal against any admin or owner of the site. At some point I paid whatever I did for points, etc. and I assumed all reasonable measures to assure security of my personal information was accomplished and provided.
I cannot help they were hacked. I do feel though, that they now need to provide anyone who had their info hacked with a third party provider to assure all of us that the next day to year won't turn into an identity theft nightmare.
I forgive but I expect to be protected and compensated as necessary to assure that I am not put at further risk as a result. |
|
WeirdalPremium
join:2003-06-28
Grand Island, NE
kudos:20 | reply to antiserious
said by antiserious:Since I wasn't dumb enough to use this username/password for anything really important, the inconvenience to me is minimal at best. If you're panicked about what damage might be done to you, maybe spare a little of that vitriol for yourself, and review your security protocols in between those stones you're casting. Just a thought, fwiw.
Yes, blame the users for this security hole, not our dearest Justin!
I'm not a crazy person who thinks DSLR should offer identity theft protection, but you're blaming the users when DSLR was storing passwords in plain text. Come on...
--
»[Info] The DSLR Orangeface extension 2.0! |
|
tcmits
join:2000-06-12
Greenbelt, MD | reply to Steimes
Sorry Steimes but we are in 360 degree disagreement with each other here.
The onus is on the owners of the site, IMHO, to do all that is reasonable and prudent to protect their users from the potential of identity theft. |
|
 TomPremium
join:2000-09-10
Chicago, IL | said by tcmits:Sorry Steimes but we are in 360 degree disagreement with each other here.
The onus is on the owners of the site, IMHO, to do all that is reasonable and prudent to protect their users from the potential of identity theft.
If you were in 360 degree disagreement, you'd be in perfect agreement.
Just saying.
--
"The power of accurate observation is commonly called cynicism by those who have not got it." - George Bernard Shaw |
|
tcmits
join:2000-06-12
Greenbelt, MD | reply to justin
What steps, have been specifically taken, to assure us that any new usernames/passwords, won't be hacked like has happened? |
|
 chiggerResistance Is Futile.
join:2000-12-22
Oakland Gardens, NY | reply to tcmits
said by tcmits:I would hope he is busy setting up a complete credit and insurance protection policy, after the fact...for anyone who has had their account hacked and been put in, what I believe to be, significant and severe danger of identity theft.
This is a very serious breach and one that some type of user insurance protection, after the fact, against identity theft, should be immediately offered, in my opinion.
I don't usually post much in the forum these days, but this one bugged the heck out of me. Why would Justin need to setup a credit & insurance protection policy? Does his site stores your credit card info and charging you a service/product? [and was that compromised?] If you're worry about identity theft of your other accounts [userid/passwd only], then it's your own fault for using the same password across other sites. If the later, then I'll agree with you at some level.
I, too, am one of the so called "lucky lottery winners" and I'm not quite too thrill or happy about the situation... And mind you this comes right after the Sony PSN intrusion, which I also have to worry about. But one thing I'm glad is that I got informed ASAP from Justin's email which allowed me to act fast vs the whole Sony secrecy that I had to find out from news outlets.
I believe enough people already commented on the corrective measures Justin needs to take-on and not like he, himself, doesn't know already... so I'll leave it as that.
--
Artificial Intelligence is no match for Natural Stupidity |
|
fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:14 Host:
Bright House Netwo..
TekSavvy
Forum Feature Requ..
Need Site Help
Rants, Raves, and ..
| reply to Weirdal
(topic move) site user password intrusion info Moderator Action
The post that was here (and all 1 followups to it), has been moved to a new topic .. »identity protection
It's a separate issue from the purpose of this topic.
said by justin:btw if we can keep responses in this topic to any new questions that are not already answered by my post, it will save time for people viewing the topic who are effected and want an answer on something or other, thanks.
You can beat me up in a different topic.
|
|
