La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL |
to justin
Re: site user password intrusion infoI didn't get the email and my pw was not altered here. Does that mean my info is safe? |
|
PhilRojo Sol Premium Member join:2001-06-11 Downers Grove, IL |
Phil
Premium Member
2011-Apr-28 5:24 pm
I didn't get the email either, but changed it anyways. Fortunately, the password I use here is only used here. |
|
tsigo join:2001-10-11 Mclean, VA |
to justin
It's good you could cut it off before they got the entire database, but man, plaintext passwords? What are you doing? |
|
tmpchaosRequiescat in pace Numquam oblitus join:2000-04-28 Hoboken, NJ |
to zeusage
said by zeusage:Justin,
Will you please answer the question that several people have now asked.
Have the usernames also been compromised? From what Justin posted, it was the email address and the associated site password. |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL |
to Phil
said by Phil:I didn't get the email either, but changed it anyways. Fortunately, the password I use here is only used here. Yep, I was advised to change my pw and did so, just to be sure. |
|
PhilRojo Sol Premium Member join:2001-06-11 Downers Grove, IL |
to tmpchaos
said by tmpchaos:said by zeusage:Justin,
Will you please answer the question that several people have now asked.
Have the usernames also been compromised? From what Justin posted, it was the email address and the associated site password. In Justin's original post he says, "original site password". Is it the original or the current one? I'd have to imagine it's the current password, but just want to get clarification. said by justin:If your email/password was revealed (you received the alert email, or have discovered your login password has been changed by us already), all you need to do is think of what OTHER sites you use allow logins using your registered email address here, and your original site password. |
|
Weirdal Premium Member join:2003-06-28 Grand Island, NE |
Weirdal
Premium Member
2011-Apr-28 5:32 pm
said by Phil:said by tmpchaos:said by zeusage:Justin,
Will you please answer the question that several people have now asked.
Have the usernames also been compromised? From what Justin posted, it was the email address and the associated site password. In Justin's original post he says, "original site password". Is it the original or the current one? I'd have to imagine it's the current password, but just want to get clarification. said by justin:If your email/password was revealed (you received the alert email, or have discovered your login password has been changed by us already), all you need to do is think of what OTHER sites you use allow logins using your registered email address here, and your original site password. I'm fairly sure he said that because those whose passwords were compromised had them automatically changed. The "original" password means your password as of yesterday. |
|
PhilRojo Sol Premium Member join:2001-06-11 Downers Grove, IL |
Phil
Premium Member
2011-Apr-28 5:33 pm
said by Weirdal:I'm fairly sure he said that because those whose passwords were compromised had them automatically changed. The "original" password means your password as of yesterday. You're probably right. |
|
rexxh join:2002-03-16 Davis, CA |
to justin
thank you for alerting me to this. fortunately, the password they got is no longer a password i use but it is good to know that you guys are on top of it |
|
fatnesssubtle
join:2000-11-17 fishing |
to zeusage
said by zeusage:Justin,
Will you please answer the question that several people have now asked.
Have the usernames also been compromised? "email / password pairs" That is what was stolen, not usernames. But change your password if your account was affected since it's possible to log in by email address. |
|
tmpchaosRequiescat in pace Numquam oblitus join:2000-04-28 Hoboken, NJ
1 recommendation |
to Phil
said by Phil:said by tmpchaos:said by zeusage:Justin,
Will you please answer the question that several people have now asked.
Have the usernames also been compromised? From what Justin posted, it was the email address and the associated site password. In Justin's original post he says, "original site password". Is it the original or the current one? I'd have to imagine it's the current password, but just want to get clarification. said by justin:If your email/password was revealed (you received the alert email, or have discovered your login password has been changed by us already), all you need to do is think of what OTHER sites you use allow logins using your registered email address here, and your original site password. It would be the password existing just before the system reset of the password- unless you happened to change it between about 3 and 9 pm yesterday. |
|
SRF26 join:2000-04-03 Jamaica, NY |
to Phil
Justin, I received your e-mail regarding the intrusion, but the system didn't change my password. I was able to access this site this morning and manually change my password. I've been a member since 20000 and my user name and password are unique to this site so there is limited exposure. As a precaution, I did change passwords on several otjer sites.
Regards...JL |
|
zeusage join:2002-06-04 Los Angeles, CA |
to fatness
Thanks for the quick replies, and I appreciate your input; but I (and I imagine others) would like to here it from the horses mouth.
No usernames? Justin? |
|
fatnesssubtle
join:2000-11-17 fishing |
to La Luna
said by La Luna:I didn't get the email and my pw was not altered here. Does that mean my info is safe? Yes. The accounts that got the email were the affected accounts that had logged in within the last 12 months. But there's certainly no harm in a password change. quote: I identified the newest accounts, those that were obtained and have logged in over the last 12 months, and have alerted those by email. This amounts to some 9000 accounts.
|
|
|
to justin
I never received an email but changed password just in case, thanks for the quick action Justin. |
|
|
to justin
Justin,
Thanks for the quick heads up. Only use this user name here and this password here so limited damage as I see it. Why anyone would use the same name and password combo on different sites is beyond me.
Logan |
|
|
|
to justin
Thanks for the heads up and warning about the email address and password. I had an old password on this site but checked my log-ins through Roboform and found several important sites that still had the same combination of email address and password. Thanks to you I was able to change these and feel much more secure about avoiding problems. As one of the 8% whose information was compromised I appreciate the effort you made to inform us quickly about the problem. I hope you are protected now and good luck in the future with these unmentionables. Thanks for informing us quickly. |
|
Zorack join:2001-12-14 Fayetteville, WV |
to justin
The email I got prompted me to change passwords on several sites much earlier than I had anticipated doing,I procrastinate too much on stuff like this(I changed email addresses as well) |
|
PhilRojo Sol Premium Member join:2001-06-11 Downers Grove, IL |
to Logan Five
said by Logan Five:Why anyone would use the same name and password combo on different sites is beyond me. Simple. It's easy to remember and I would wager the vast majority of Internet users today use the same email/password combo across multiple accounts. |
|
Alcohol Premium Member join:2003-05-26 Climax, MI |
to Logan Five
said by Logan Five:Justin,
Thanks for the quick heads up. Only use this user name here and this password here so limited damage as I see it. Why anyone would use the same name and password combo on different sites is beyond me.
Logan Because most people expect the sites to keep their information safe. Although using the same password for your online banking and internet forums is not a good idea. I don't see the problem with using a common password for your forums/useless accounts. |
|
|
to justin
Sucks to have "won" but I appreciate the openness and quick response to the issue. |
|
|
to justin
said by justin:So your password has actually changed, and you should recover it, and change it to something you want. But it's still being stored as clear text, so we should not expect the new password to be safe. Words can't express the extent of my disappointment about what I thought was one of the more competently-programmed sites. I could see doing this in the beginning, but you had over 11 years to fix this instead of making numerous cosmetic changes. |
|
Actiontec F2250
|
to Alcohol
I agree most people would but nonetheless seems foolish and not very security conscious to use the same name and password for more than one site.
Well to each his own, you don't see a problem with it and I do, but I am not one of the ones worrying about it.
Logan |
|
cbcalhoun Premium Member join:2000-09-04 Newark, OH |
to justin
Changed, Thanks! |
|
|
to justin
did anybody notice any suspect activity after the attack? I mean people trying to access your accounts with the email/pw stolen. Unfortunately my email/pw combo was used on a bunch of other sites so I spent a substantial amount of time changing it. |
|
Gbcue Premium Member join:2001-09-30 Santa Rosa, CA |
Gbcue
Premium Member
2011-Apr-28 6:35 pm
8% = 135,000 members! |
|
justin..needs sleep Mod join:1999-05-28 2031 Billion BiPAC 7800N Apple AirPort Extreme (2011)
1 recommendation |
to zeusage
No usernames. No uids.
they extracted email, password pairs only.
hence the advice to consider mainly and a priority what sites that may unlock that are high value.
Nobody who did this will care that they can now login as you at "horse fanciers socal" or whatever community.
They may want to test their data against facebook and twitter (spam opportunities) or access to yahoo/gmail accounts (again, spam opportunities) or paypal/amazon (fraud opportunities). Those would be the first places to change if necessary. |
|
zeusage join:2002-06-04 Los Angeles, CA |
Thank you. |
|
bky Premium Member join:2002-07-05 Austin, TX
1 recommendation |
to Bobcat79
said by Bobcat79:said by justin:So your password has actually changed, and you should recover it, and change it to something you want. But it's still being stored as clear text, so we should not expect the new password to be safe. Words can't express the extent of my disappointment about what I thought was one of the more competently-programmed sites. I could see doing this in the beginning, but you had over 11 years to fix this instead of making numerous cosmetic changes. This.Until Justin/the site confirms that passwords are now being stored properly (not just hashed, but also per-user salted) I would recommend using a completely different, even weaker, password than used anywhere else. The fact that I even have to point out security policies to a site like this makes me think seriously about how often this occurs. |
|
your moderator at work
hidden :
|