 | | | 
24.01.2019, 10:03
| | Banned | | Join Date: Jan 2019 Location: close to the frontier
Posts: 1,018
Groaned at 141 Times in 86 Posts
Thanked 597 Times in 379 Posts
| | | Re: Englishforum security breach?
| Quote: | |  | | | What is wrong with that?
I understood it to mean that if you haven8217;t already changed you password (after January 13 2019) you need to do so otherwise your account will be locked.
People who have already changed their password (after 13.01.2019) received the message that as their password had already been changed no other action was required. | | | | | I understood the opposite, hence me saying the date must be incorrect. I thought I had received the message because I hadn't changed my password by the 13th. As mentioned, I received the email yesterday and changed it immediately.
Last edited by Clocker; 24.01.2019 at 10:51.
|
24.01.2019, 10:13
|  | Forum Legend | | Join Date: Jan 2010 Location: Neuchâtel
Posts: 11,636
Groaned at 181 Times in 163 Posts
Thanked 18,213 Times in 7,679 Posts
| | | Re: Englishforum security breach?
| Quote: | | | | | I understood the opposite, hence me saying the date must be incorrect. I thought I had recweived the message because I hadn't changed my password by the 13th. As mentioned, I received the email yesterday and changed it immediately. | | | | | You did receive that email because you hadn’t changed your password after the 13th. Due to the fact that you hadn’t changed your password after that date they wrote to you offering you the possibility to change it now or your account would be locked. What the email didn’t specify was how much time would be given for the change to be made before they lock accounts.
The other option given was to make a request to have your account deleted.
Last edited by Belgianmum; 26.01.2019 at 09:23.
Reason: Replaced by with after for clarity.
| | The following 2 users would like to thank Belgianmum for this useful post: | |
24.01.2019, 16:45
| | | | Re: Englishforum security breach?
| Quote: | | | | | What is wrong with that?
I understood it to mean that if you have not already changed you password (after January 13 2019) you need to do so otherwise your account will be locked.
What the email did not specify was how much time they were giving users to change their passwords before locking the accounts.
People who have already changed their password (after 13.01.2019) received the message that as their password had already been changed no other action was required. | | | | | It reads (to me) that if you haven't changed your password by 13/1 your account would be locked. I didn't get the email until yesteray the 23rd. It seemed to contradict itself. But if read the way you outline, it makes more sense I suppose.
I hadn't received an email before then.
| | This user would like to thank for this useful post: | |
24.01.2019, 17:15
| | | | Re: Englishforum security breach?
| Quote: | | | | | You did receive that email because you hadn’t changed your password by the 13th. Due to the fact that you hadn’t changed your password by that date they wrote to you offering you the possibility to change it now or your account would be locked. What the email didn’t specify was how much time would be given for the change to be made before they lock accounts. | | | | | They got me so curious that if they don't specify a date (which would be weird) that I can tell you what date it was the moment they unlock me.
|
25.01.2019, 22:01
|  | Moderately Amused | | Join Date: Jul 2010 Location: Bern area
Posts: 10,609
Groaned at 77 Times in 74 Posts
Thanked 17,469 Times in 7,861 Posts
| | | Re: Englishforum security breach?
| Quote: | | | | | No, apparently only 2 users reported having received the email. That's quite different.  | | | | | Fair enough, but given how many active users we have, and how much people like to complain about any little thing I am surprised we only heard from two users.
| | This user groans at 3Wishes for this post: | |
25.01.2019, 23:36
| | Forum Legend | | Join Date: Apr 2010 Location: Geneva
Posts: 4,020
Groaned at 37 Times in 31 Posts
Thanked 5,612 Times in 2,012 Posts
| | | Do we all have to change our passwords?
Have just received this security alert message from EF asking us to change our password. Just wanted to double check it was genuine before clicking on the link to do it:
DETAILS
On 13th and 15th January 2019 two members of English Forum reported receiving extortionist emails. These emails revealed their forum passwords written in clear text. The emails went on to threaten these users with blackmail and demanded payment via cryptocurrency.
In both cases the revealed passwords were old. This leads us to believe that a years-old copy of the membership database is circulating in the wild. Although passwords are stored in encrypted format (salted double-MD5 hash) it is possible that some weaker passwords from that leaked version of the database have recently been deciphered.
If you receive such an extortion email, DO NOT pay the ransom.
Instead, change your password. And if you used the same password on any other site, change it there too. It is best practice to use a unique password for each site.
All members are being emailed this security alert and urged to change their passwords. Accounts with unchanged passwords will be locked. Furthermore, all dormant accounts are being permanently deleted. A dormant account is defined as one which has not logged in for over a year and has never made a public post to the forum.
We have also submitted a "cross-border data breach notification" to the relevant GDPR authority, which in our case is "Datainspektion" in Sweden. We are currently working on upgrading our vBulletin forum software to the latest version. Although we do not know of any security hole in our server, the upgraded vBulletin version should close any unknown holes.
If you prefer to delete your account, please send a brief request by replying to this email. Your account and all personal data will be permanently deleted. Public posts of deleted accounts will remain online, but labelled as authored by "Guest". For other enquiries relating to data privacy and security on English Forum Switzerland, feel free to reply.
The timing of this incident suggests it might be related to the "breach of breaches" that was recently in the news. The headline from Wired was: "An astonishing 773 million records exposed in monster breach". From that article: "The breach claims to aggregate over 2,000 leaked databases that contain passwords whose protective hashing has been cracked. It looks like a completely random collection of sites purely to maximize the number of credentials available to hackers. There are no obvious patterns, just maximum exposure."
To our knowledge no other websites belonging to The Local have been affected.
For further information and commentary see the discussion forum: https://www.englishforum.ch/forum-support/289200-englishforum-security-breach.html
 |
26.01.2019, 01:12
|  | A modal singularity | | Join Date: Sep 2011 Location: Morgins, VS (and Alsace)
Posts: 8,417
Groaned at 328 Times in 215 Posts
Thanked 14,007 Times in 6,155 Posts
| | | Re: Do we all have to change our passwords?
Where have you been for the last week or so? Read the linked thread - in fact I'll merge this with it now.
| | This user would like to thank Ace1 for this useful post: | |
26.01.2019, 08:32
|  | Forum Legend | | Join Date: Dec 2009 Location: Roundn'about Basel
Posts: 7,237
Groaned at 105 Times in 95 Posts
Thanked 9,933 Times in 4,177 Posts
| | | Re: Do we all have to change our passwords?
| Quote: | | | | | Where have you been for the last week or so? Read the linked thread - in fact I'll merge this with it now. | | | | | Working, living life, doing orher stuff. Now that we’ve got that over, why do I need to change my password?!
Just got the email from EF. I don’t get why there‘s the need for an obligatory password change. Surely it‘s on me whether I change my EF password or not?!
What’s the worst that can happen if someone hacks my EF account and posts something obnoxious? A few red blobs?! Seems like overkill knee jerk reaction to me.
Edited to add: regarding haveibeenpwned - I am dubious about their service. I checked myself there and it came up with 3 potential breaches. 2 for sites I don’t have an account on and... drumroll... a generic Facebook one. Those folks who raised this concern may wish to look at their own computer security systems rather than point the finger at EF. Oh & stay away from those porn sites. 
__________________
Never let right or wrong get in the way of a good opinion
Last edited by Carlos R; 26.01.2019 at 08:43.
| | The following 2 users would like to thank Carlos R for this useful post: | |
26.01.2019, 08:35
| | Banned | | Join Date: Jan 2019 Location: close to the frontier
Posts: 1,018
Groaned at 141 Times in 86 Posts
Thanked 597 Times in 379 Posts
| | | Re: Englishforum security breach?
| Quote: | | | | | You did receive that email because you hadn’t changed your password by the 13th. | | | | | I would not have changed my password by the 13th though as I had not received any notification telling me that I should do so. | | This user would like to thank Clocker for this useful post: | |
26.01.2019, 09:10
|  | Forum Veteran | | Join Date: Jul 2008 Location: Zurich, West-side
Posts: 1,849
Groaned at 6 Times in 5 Posts
Thanked 954 Times in 534 Posts
| | | Re: Englishforum security breach?
In response to the poster worried about clicking on a link in a password-change email warning, I never click on links in emails like that - I just open my browser, manually type the address of the site itself (which I know since I've been there previously) and then navigate to the point at which I can change my password.
There's no need to click on the link, since it doesn't go anywhere you can't get to on your own. | Quote: | | | | | I would not have changed my password by the 13th though as I had not received any notification telling me that I should do so. | | | | | Some security-conscious people change their passwords regularly, at a minimum once each year. I have a couple of friends who are in that category.
| | This user would like to thank araqyl for this useful post: | |
26.01.2019, 09:19
| | Forum Legend | | Join Date: Jan 2010 Location: Neuchâtel
Posts: 11,636
Groaned at 181 Times in 163 Posts
Thanked 18,213 Times in 7,679 Posts
| | | Re: Englishforum security breach?
| Quote: | | | | | I would not have changed my password by the 13th though as I had not received any notification telling me that I should do so. | | | | | Even if you had changed it before the 13th it wouldn’t have made a difference since the email was asking people who hadn’t changed their passwords after the 13th to change them.
My original post should have said after the 13th not by the 13th.
| | This user would like to thank Belgianmum for this useful post: | |
26.01.2019, 09:57
| | Junior Member | | Join Date: Feb 2014 Location: Pfäffikon, Zurich
Posts: 75
Groaned at 2 Times in 1 Post
Thanked 44 Times in 28 Posts
| | | Re: Englishforum security breach?
I recently downloaded a free app called Cryptical. It’s a random password generator. You can set the parameters you need for the specific password, ie uppercase, Symbols, length. I’m never using my old stand by password again.
|
26.01.2019, 10:08
| | Forum Legend | | Join Date: Apr 2010 Location: Geneva
Posts: 4,020
Groaned at 37 Times in 31 Posts
Thanked 5,612 Times in 2,012 Posts
| | | Re: Do we all have to change our passwords?
| Quote: | | | | | Where have you been for the last week or so? Read the linked thread - in fact I'll merge this with it now. | | | | | Busy with work! Thanks, I'll get onto the case now.
| | This user would like to thank McTAVGE for this useful post: | |
26.01.2019, 10:42
| | Forum Legend | | Join Date: Apr 2010 Location: Geneva
Posts: 4,020
Groaned at 37 Times in 31 Posts
Thanked 5,612 Times in 2,012 Posts
| | | Re: Englishforum security breach?
Having read the whole "novel" on this thread, I feel like I have just woken up from a 10 day coma and some world disaster has happened while I was "asleep" away from EF.
| | The following 3 users would like to thank McTAVGE for this useful post: | |
28.01.2019, 12:49
|  | Newbie 1st class | | Join Date: May 2016 Location: Basel
Posts: 10
Groaned at 0 Times in 0 Posts
Thanked 9 Times in 7 Posts
| | | Re: Englishforum security breach?
| Quote: | | | | | I recently downloaded a free app called Cryptical. It’s a random password generator. You can set the parameters you need for the specific password, ie uppercase, Symbols, length. I’m never using my old stand by password again. | | | | | I'm using keepass since few years now. It can not only generate pass, but the biggest advantage is that it works as a vault where you can store all your pass. So you can generate extremely complicated pass and you don't need to remember them. Only the master pass to open the vault.
Last but not least, you can take this app wherever you go in a usb stick.
Cheers
| | This user would like to thank TypeR for this useful post: | |
28.01.2019, 13:16
|  | Forum Legend | | Join Date: Dec 2005 Location: Zuri Oberland
Posts: 2,748
Groaned at 109 Times in 74 Posts
Thanked 2,379 Times in 1,119 Posts
| | | Re: Englishforum security breach?
| Quote: | | | | | I'm using keepass since few years now. It can not only generate pass, but the biggest advantage is that it works as a vault where you can store all your pass. So you can generate extremely complicated pass and you don't need to remember them. Only the master pass to open the vault.
Last but not least, you can take this app wherever you go in a usb stick.
Cheers | | | | | I prefer LastPass but does the same job.
| | The following 2 users would like to thank gbn for this useful post: | |
28.01.2019, 16:41
| | Newbie 1st class | | Join Date: May 2016 Location: Basel
Posts: 10
Groaned at 0 Times in 0 Posts
Thanked 9 Times in 7 Posts
| | | Re: Englishforum security breach?
| Quote: | | | | | I prefer LastPass but does the same job. | | | | | Looks like a cloud version of keepass...
|
28.01.2019, 17:50
|  | Forum Veteran | | Join Date: Oct 2007 Location: Zurich
Posts: 823
Groaned at 1 Time in 1 Post
Thanked 1,060 Times in 468 Posts
| | | Re: Englishforum security breach?
+1 for LastPass: with iOS 12 it integrates nicely with your iPhone/iPad device, which allows you to use complex passwords together with TouchID and 2FA.
|
29.01.2019, 12:56
| | Junior Member | | Join Date: Aug 2017 Location: Rome->London->Basel
Posts: 91
Groaned at 7 Times in 4 Posts
Thanked 108 Times in 41 Posts
| | | Re: Englishforum security breach?
Email received too (it was in the spam folder), password changed.
| | This user would like to thank MPiolo for this useful post: | |
04.02.2019, 08:54
| | Forum Legend | | Join Date: Mar 2009 Location: Zurich
Posts: 12,467
Groaned at 957 Times in 675 Posts
Thanked 17,346 Times in 6,808 Posts
| | | Re: 2019 Englishforum.ch User Database Security Breach
| Quote: | | | | | The latest version of vbulletin has 2 factor authentication enabled. This is pretty much essential.
If you are not regularly updating to newer and more stable major versions of vbulletin with modern security features then you are not being security conscious. Version 3.8.4 was released in 2009, 10 years ago. https://www.vbulletin.com/forum/foru...3-8-4-released
Some would say you have possibly been a little negligent in that regard. | | | | | So when can we expect a forum software upgrade? | | This user would like to thank Chuff for this useful post: | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Thread Tools | | | | Display Modes |  Linear Mode | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off
| | | All times are GMT +2. The time now is 09:49. | |
