Go Back   English Forum Switzerland > Support > Support > Forum support  
Reply
 
Thread Tools Display Modes
  #181  
Old 24.01.2019, 10:03
Banned
 
Join Date: Jan 2019
Location: close to the frontier
Posts: 1,018
Groaned at 141 Times in 86 Posts
Thanked 597 Times in 379 Posts
Clocker has become a little unpopular
Re: Englishforum security breach?

Quote:
View Post
What is wrong with that?
I understood it to mean that if you haven8217;t already changed you password (after January 13 2019) you need to do so otherwise your account will be locked.

People who have already changed their password (after 13.01.2019) received the message that as their password had already been changed no other action was required.
I understood the opposite, hence me saying the date must be incorrect. I thought I had received the message because I hadn't changed my password by the 13th. As mentioned, I received the email yesterday and changed it immediately.

Last edited by Clocker; 24.01.2019 at 10:51.
Reply With Quote
  #182  
Old 24.01.2019, 10:13
Belgianmum's Avatar
Forum Legend
 
Join Date: Jan 2010
Location: Neuch‚tel
Posts: 11,636
Groaned at 181 Times in 163 Posts
Thanked 18,213 Times in 7,679 Posts
Belgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
I understood the opposite, hence me saying the date must be incorrect. I thought I had recweived the message because I hadn't changed my password by the 13th. As mentioned, I received the email yesterday and changed it immediately.
You did receive that email because you hadn’t changed your password after the 13th. Due to the fact that you hadn’t changed your password after that date they wrote to you offering you the possibility to change it now or your account would be locked. What the email didn’t specify was how much time would be given for the change to be made before they lock accounts.

The other option given was to make a request to have your account deleted.

Last edited by Belgianmum; 26.01.2019 at 09:23. Reason: Replaced by with after for clarity.
Reply With Quote
The following 2 users would like to thank Belgianmum for this useful post:
  #183  
Old 24.01.2019, 16:45
Guest
 
Posts: n/a
Re: Englishforum security breach?

Quote:
View Post
What is wrong with that?
I understood it to mean that if you have not already changed you password (after January 13 2019) you need to do so otherwise your account will be locked.
What the email did not specify was how much time they were giving users to change their passwords before locking the accounts.

People who have already changed their password (after 13.01.2019) received the message that as their password had already been changed no other action was required.
It reads (to me) that if you haven't changed your password by 13/1 your account would be locked. I didn't get the email until yesteray the 23rd. It seemed to contradict itself. But if read the way you outline, it makes more sense I suppose.


I hadn't received an email before then.
Reply With Quote
This user would like to thank for this useful post:
  #184  
Old 24.01.2019, 17:15
Guest
 
Posts: n/a
Re: Englishforum security breach?

Quote:
View Post
You did receive that email because you hadnít changed your password by the 13th. Due to the fact that you hadnít changed your password by that date they wrote to you offering you the possibility to change it now or your account would be locked. What the email didnít specify was how much time would be given for the change to be made before they lock accounts.
They got me so curious that if they don't specify a date (which would be weird) that I can tell you what date it was the moment they unlock me.
Reply With Quote
  #185  
Old 25.01.2019, 22:01
3Wishes's Avatar
Moderately Amused
 
Join Date: Jul 2010
Location: Bern area
Posts: 10,609
Groaned at 77 Times in 74 Posts
Thanked 17,469 Times in 7,861 Posts
3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
No, apparently only 2 users reported having received the email. That's quite different.
Fair enough, but given how many active users we have, and how much people like to complain about any little thing I am surprised we only heard from two users.
Reply With Quote
This user groans at 3Wishes for this post:
  #186  
Old 25.01.2019, 23:36
Forum Legend
 
Join Date: Apr 2010
Location: Geneva
Posts: 4,020
Groaned at 37 Times in 31 Posts
Thanked 5,612 Times in 2,012 Posts
McTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond repute
Do we all have to change our passwords?

Have just received this security alert message from EF asking us to change our password. Just wanted to double check it was genuine before clicking on the link to do it:




DETAILS





On 13th and 15th January 2019 two members of English Forum reported receiving extortionist emails. These emails revealed their forum passwords written in clear text. The emails went on to threaten these users with blackmail and demanded payment via cryptocurrency.





In both cases the revealed passwords were old. This leads us to believe that a years-old copy of the membership database is circulating in the wild. Although passwords are stored in encrypted format (salted double-MD5 hash) it is possible that some weaker passwords from that leaked version of the database have recently been deciphered.





If you receive such an extortion email, DO NOT pay the ransom.





Instead, change your password. And if you used the same password on any other site, change it there too. It is best practice to use a unique password for each site.





All members are being emailed this security alert and urged to change their passwords. Accounts with unchanged passwords will be locked. Furthermore, all dormant accounts are being permanently deleted. A dormant account is defined as one which has not logged in for over a year and has never made a public post to the forum.





We have also submitted a "cross-border data breach notification" to the relevant GDPR authority, which in our case is "Datainspektion" in Sweden. We are currently working on upgrading our vBulletin forum software to the latest version. Although we do not know of any security hole in our server, the upgraded vBulletin version should close any unknown holes.





If you prefer to delete your account, please send a brief request by replying to this email. Your account and all personal data will be permanently deleted. Public posts of deleted accounts will remain online, but labelled as authored by "Guest". For other enquiries relating to data privacy and security on English Forum Switzerland, feel free to reply.





The timing of this incident suggests it might be related to the "breach of breaches" that was recently in the news. The headline from Wired was: "An astonishing 773 million records exposed in monster breach". From that article: "The breach claims to aggregate over 2,000 leaked databases that contain passwords whose protective hashing has been cracked. It looks like a completely random collection of sites purely to maximize the number of credentials available to hackers. There are no obvious patterns, just maximum exposure."





To our knowledge no other websites belonging to The Local have been affected.





For further information and commentary see the discussion forum: https://www.englishforum.ch/forum-support/289200-englishforum-security-breach.html

Reply With Quote
  #187  
Old 26.01.2019, 01:12
Ace1's Avatar
A modal singularity
 
Join Date: Sep 2011
Location: Morgins, VS (and Alsace)
Posts: 8,417
Groaned at 328 Times in 215 Posts
Thanked 14,007 Times in 6,155 Posts
Ace1 has a reputation beyond reputeAce1 has a reputation beyond reputeAce1 has a reputation beyond reputeAce1 has a reputation beyond reputeAce1 has a reputation beyond reputeAce1 has a reputation beyond repute
Re: Do we all have to change our passwords?

Where have you been for the last week or so? Read the linked thread - in fact I'll merge this with it now.
Reply With Quote
This user would like to thank Ace1 for this useful post:
  #188  
Old 26.01.2019, 08:32
Carlos R's Avatar
Forum Legend
 
Join Date: Dec 2009
Location: Roundn'about Basel
Posts: 7,237
Groaned at 105 Times in 95 Posts
Thanked 9,933 Times in 4,177 Posts
Carlos R has a reputation beyond reputeCarlos R has a reputation beyond reputeCarlos R has a reputation beyond reputeCarlos R has a reputation beyond reputeCarlos R has a reputation beyond reputeCarlos R has a reputation beyond repute
Re: Do we all have to change our passwords?

Quote:
View Post
Where have you been for the last week or so? Read the linked thread - in fact I'll merge this with it now.
Working, living life, doing orher stuff. Now that we’ve got that over, why do I need to change my password?!

Just got the email from EF. I don’t get why there‘s the need for an obligatory password change. Surely it‘s on me whether I change my EF password or not?!

What’s the worst that can happen if someone hacks my EF account and posts something obnoxious? A few red blobs?! Seems like overkill knee jerk reaction to me.

Edited to add: regarding haveibeenpwned - I am dubious about their service. I checked myself there and it came up with 3 potential breaches. 2 for sites I don’t have an account on and... drumroll... a generic Facebook one. Those folks who raised this concern may wish to look at their own computer security systems rather than point the finger at EF. Oh & stay away from those porn sites.
__________________
Never let right or wrong get in the way of a good opinion

Last edited by Carlos R; 26.01.2019 at 08:43.
Reply With Quote
The following 2 users would like to thank Carlos R for this useful post:
  #189  
Old 26.01.2019, 08:35
Banned
 
Join Date: Jan 2019
Location: close to the frontier
Posts: 1,018
Groaned at 141 Times in 86 Posts
Thanked 597 Times in 379 Posts
Clocker has become a little unpopular
Re: Englishforum security breach?

Quote:
View Post
You did receive that email because you hadnít changed your password by the 13th.
I would not have changed my password by the 13th though as I had not received any notification telling me that I should do so.
Reply With Quote
This user would like to thank Clocker for this useful post:
  #190  
Old 26.01.2019, 09:10
araqyl's Avatar
Forum Veteran
 
Join Date: Jul 2008
Location: Zurich, West-side
Posts: 1,849
Groaned at 6 Times in 5 Posts
Thanked 954 Times in 534 Posts
araqyl has a reputation beyond reputearaqyl has a reputation beyond reputearaqyl has a reputation beyond reputearaqyl has a reputation beyond reputearaqyl has a reputation beyond repute
Re: Englishforum security breach?

In response to the poster worried about clicking on a link in a password-change email warning, I never click on links in emails like that - I just open my browser, manually type the address of the site itself (which I know since I've been there previously) and then navigate to the point at which I can change my password.
There's no need to click on the link, since it doesn't go anywhere you can't get to on your own.

Quote:
View Post
I would not have changed my password by the 13th though as I had not received any notification telling me that I should do so.
Some security-conscious people change their passwords regularly, at a minimum once each year. I have a couple of friends who are in that category.
Reply With Quote
This user would like to thank araqyl for this useful post:
  #191  
Old 26.01.2019, 09:19
Belgianmum's Avatar
Forum Legend
 
Join Date: Jan 2010
Location: Neuch‚tel
Posts: 11,636
Groaned at 181 Times in 163 Posts
Thanked 18,213 Times in 7,679 Posts
Belgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
I would not have changed my password by the 13th though as I had not received any notification telling me that I should do so.
Even if you had changed it before the 13th it wouldn’t have made a difference since the email was asking people who hadn’t changed their passwords after the 13th to change them.

My original post should have said after the 13th not by the 13th.
Reply With Quote
This user would like to thank Belgianmum for this useful post:
  #192  
Old 26.01.2019, 09:57
Junior Member
 
Join Date: Feb 2014
Location: Pfšffikon, Zurich
Posts: 75
Groaned at 2 Times in 1 Post
Thanked 44 Times in 28 Posts
Savanna3 has become a little unpopularSavanna3 has become a little unpopular
Re: Englishforum security breach?

I recently downloaded a free app called Cryptical. Itís a random password generator. You can set the parameters you need for the specific password, ie uppercase, Symbols, length. Iím never using my old stand by password again.
Reply With Quote
  #193  
Old 26.01.2019, 10:08
Forum Legend
 
Join Date: Apr 2010
Location: Geneva
Posts: 4,020
Groaned at 37 Times in 31 Posts
Thanked 5,612 Times in 2,012 Posts
McTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond repute
Re: Do we all have to change our passwords?

Quote:
View Post
Where have you been for the last week or so? Read the linked thread - in fact I'll merge this with it now.
Busy with work! Thanks, I'll get onto the case now.
Reply With Quote
This user would like to thank McTAVGE for this useful post:
  #194  
Old 26.01.2019, 10:42
Forum Legend
 
Join Date: Apr 2010
Location: Geneva
Posts: 4,020
Groaned at 37 Times in 31 Posts
Thanked 5,612 Times in 2,012 Posts
McTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond reputeMcTAVGE has a reputation beyond repute
Re: Englishforum security breach?

Having read the whole "novel" on this thread, I feel like I have just woken up from a 10 day coma and some world disaster has happened while I was "asleep" away from EF.
Reply With Quote
The following 3 users would like to thank McTAVGE for this useful post:
  #195  
Old 28.01.2019, 12:49
TypeR's Avatar
Newbie 1st class
 
Join Date: May 2016
Location: Basel
Posts: 10
Groaned at 0 Times in 0 Posts
Thanked 9 Times in 7 Posts
TypeR has no particular reputation at present
Re: Englishforum security breach?

Quote:
View Post
I recently downloaded a free app called Cryptical. Itís a random password generator. You can set the parameters you need for the specific password, ie uppercase, Symbols, length. Iím never using my old stand by password again.
I'm using keepass since few years now. It can not only generate pass, but the biggest advantage is that it works as a vault where you can store all your pass. So you can generate extremely complicated pass and you don't need to remember them. Only the master pass to open the vault.
Last but not least, you can take this app wherever you go in a usb stick.

Cheers
Reply With Quote
This user would like to thank TypeR for this useful post:
  #196  
Old 28.01.2019, 13:16
gbn's Avatar
gbn gbn is offline
Forum Legend
 
Join Date: Dec 2005
Location: Zuri Oberland
Posts: 2,748
Groaned at 109 Times in 74 Posts
Thanked 2,379 Times in 1,119 Posts
gbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond reputegbn has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
I'm using keepass since few years now. It can not only generate pass, but the biggest advantage is that it works as a vault where you can store all your pass. So you can generate extremely complicated pass and you don't need to remember them. Only the master pass to open the vault.
Last but not least, you can take this app wherever you go in a usb stick.

Cheers
I prefer LastPass but does the same job.
Reply With Quote
The following 2 users would like to thank gbn for this useful post:
  #197  
Old 28.01.2019, 16:41
TypeR's Avatar
Newbie 1st class
 
Join Date: May 2016
Location: Basel
Posts: 10
Groaned at 0 Times in 0 Posts
Thanked 9 Times in 7 Posts
TypeR has no particular reputation at present
Re: Englishforum security breach?

Quote:
View Post
I prefer LastPass but does the same job.
Looks like a cloud version of keepass...
Reply With Quote
  #198  
Old 28.01.2019, 17:50
Mica's Avatar
Forum Veteran
 
Join Date: Oct 2007
Location: Zurich
Posts: 823
Groaned at 1 Time in 1 Post
Thanked 1,060 Times in 468 Posts
Mica has a reputation beyond reputeMica has a reputation beyond reputeMica has a reputation beyond reputeMica has a reputation beyond reputeMica has a reputation beyond repute
Re: Englishforum security breach?

+1 for LastPass: with iOS 12 it integrates nicely with your iPhone/iPad device, which allows you to use complex passwords together with TouchID and 2FA.
Reply With Quote
  #199  
Old 29.01.2019, 12:56
Junior Member
 
Join Date: Aug 2017
Location: Rome->London->Basel
Posts: 91
Groaned at 7 Times in 4 Posts
Thanked 108 Times in 41 Posts
MPiolo is considered knowledgeableMPiolo is considered knowledgeableMPiolo is considered knowledgeable
Re: Englishforum security breach?

Email received too (it was in the spam folder), password changed.
Reply With Quote
This user would like to thank MPiolo for this useful post:
  #200  
Old 04.02.2019, 08:54
Forum Legend
 
Join Date: Mar 2009
Location: Zurich
Posts: 12,467
Groaned at 957 Times in 675 Posts
Thanked 17,346 Times in 6,808 Posts
Chuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond repute
Re: 2019 Englishforum.ch User Database Security Breach

Quote:
View Post
The latest version of vbulletin has 2 factor authentication enabled. This is pretty much essential.

If you are not regularly updating to newer and more stable major versions of vbulletin with modern security features then you are not being security conscious. Version 3.8.4 was released in 2009, 10 years ago. https://www.vbulletin.com/forum/foru...3-8-4-released

Some would say you have possibly been a little negligent in that regard.
So when can we expect a forum software upgrade?
Reply With Quote
This user would like to thank Chuff for this useful post:
Reply

Tags
englishforum hack, password stolen, security breach, security password hack




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security breach: avoid buying online and using ATMs [Heartbleed Vulnerability] olygirl TV/internet/telephone 27 07.06.2014 16:10
A security breach happened at [fill in the blank aSwissInTheUS Daily life 1 21.05.2014 19:44
Major security breach at LinkedIn Castro TV/internet/telephone 13 07.06.2012 18:17
US issued card holders take note ( security breach issue ) jrspet International affairs/politics 1 31.03.2012 15:54
Guardian Jobs in UK - Security Breach transition International affairs/politics 0 26.10.2009 14:51


All times are GMT +2. The time now is 09:49.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0