Go Back   English Forum Switzerland > Support > Support > Forum support  
Reply
 
Thread Tools Display Modes
  #161  
Old 23.01.2019, 17:47
Treverus's Avatar
Forum Legend
 
Join Date: Dec 2007
Location: Work in ZH, live in SZ
Posts: 12,352
Groaned at 363 Times in 293 Posts
Thanked 23,675 Times in 8,568 Posts
Treverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond reputeTreverus has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
Someone got summerained??
Reply With Quote
The following 2 users would like to thank Treverus for this useful post:
  #162  
Old 23.01.2019, 17:48
Belgianmum's Avatar
Roastbeef & Yorkshire mod
 
Join Date: Jan 2010
Location: Neuchâtel
Posts: 13,832
Groaned at 267 Times in 226 Posts
Thanked 23,514 Times in 9,605 Posts
Belgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
How did you work out it was Meister?
I had seen the post before they changed to being a guest and remembered the name.

Quote:
View Post
When you say "the email we all received" did only people active before a certain date get an email? I saw a post on this thread but no email....
I have no idea who received it, I just assumed that it had been sent to everyone.
Reply With Quote
The following 3 users would like to thank Belgianmum for this useful post:
  #163  
Old 23.01.2019, 17:50
Belgianmum's Avatar
Roastbeef & Yorkshire mod
 
Join Date: Jan 2010
Location: Neuchâtel
Posts: 13,832
Groaned at 267 Times in 226 Posts
Thanked 23,514 Times in 9,605 Posts
Belgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
Someone got summerained??
That was hilarious at the time.
Reply With Quote
This user would like to thank Belgianmum for this useful post:
  #164  
Old 23.01.2019, 18:04
Guest
 
Posts: n/a
Re: Englishforum security breach?

Quote:
View Post
I had seen the post before they changed to being a guest and remembered the name.



I have no idea who received it, I just assumed that it had been sent to everyone.
I got it.
Reply With Quote
The following 2 users would like to thank for this useful post:
  #165  
Old 23.01.2019, 18:20
Tom1234's Avatar
Forum Legend
 
Join Date: Jan 2007
Location: Kanton Luzern
Posts: 17,051
Groaned at 649 Times in 502 Posts
Thanked 25,843 Times in 10,415 Posts
Tom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond repute
Re: Englishforum security breach?

I got the one just telling me to delete my account.
Reply With Quote
  #166  
Old 23.01.2019, 18:22
st2lemans's Avatar
Forum Legend
 
Join Date: Dec 2010
Location: Lugano
Posts: 32,504
Groaned at 2,578 Times in 1,840 Posts
Thanked 39,646 Times in 18,685 Posts
st2lemans has a reputation beyond reputest2lemans has a reputation beyond reputest2lemans has a reputation beyond reputest2lemans has a reputation beyond reputest2lemans has a reputation beyond reputest2lemans has a reputation beyond repute
Re: Englishforum security breach?

Quote:
I got it.
Likewise, and changed my pw.

Tom
Reply With Quote
This user would like to thank st2lemans for this useful post:
  #167  
Old 23.01.2019, 18:28
Tom1234's Avatar
Forum Legend
 
Join Date: Jan 2007
Location: Kanton Luzern
Posts: 17,051
Groaned at 649 Times in 502 Posts
Thanked 25,843 Times in 10,415 Posts
Tom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond reputeTom1234 has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
Likewise, and changed my pw.
You know you can delete your account too? That is, if you want to.

This is only a gentle reminder.
Reply With Quote
The following 8 users would like to thank Tom1234 for this useful post:
  #168  
Old 23.01.2019, 18:33
me.anon's Avatar
Forum Veteran
 
Join Date: Jan 2012
Location: thun
Posts: 2,221
Groaned at 51 Times in 35 Posts
Thanked 2,962 Times in 1,434 Posts
me.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
Likewise, and changed my pw.

Tom
Me too, got the message in the designated email account, changed the password, and tested it, and it appears to work. Is that the end of the matter for me ?
Reply With Quote
The following 2 users would like to thank me.anon for this useful post:
  #169  
Old 23.01.2019, 18:43
robBob's Avatar
Forum Legend
 
Join Date: Mar 2012
Location: Zurich
Posts: 3,247
Groaned at 66 Times in 51 Posts
Thanked 3,222 Times in 1,715 Posts
robBob has a reputation beyond reputerobBob has a reputation beyond reputerobBob has a reputation beyond reputerobBob has a reputation beyond reputerobBob has a reputation beyond reputerobBob has a reputation beyond repute
Re: Englishforum security breach?

Still waiting for my email!
Reply With Quote
The following 2 users would like to thank robBob for this useful post:
  #170  
Old 23.01.2019, 20:20
curley's Avatar
Forum Legend
 
Join Date: Oct 2006
Location: canton ZH
Posts: 13,131
Groaned at 218 Times in 182 Posts
Thanked 15,264 Times in 7,847 Posts
curley has a reputation beyond reputecurley has a reputation beyond reputecurley has a reputation beyond reputecurley has a reputation beyond reputecurley has a reputation beyond reputecurley has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
It's already happened in some cases. A post from this afternoon
I didn't get the email.
I changed my password about a week or so ago .... which means I'm now prompted everytime that I entered the wrong password. Habits die hard.

While yes, EF has to sort this out, I don't see the panic. Every sales site has more info on me than EF does. The real info on EF is public anyway.

I got extortionist emails too. Only one mentioned a password and it was not my EF one. I don't know if hostpoint blocks them now or if these people simply gave up on me but I haven't had any for about a week now.

Addition: LOL, 7 minutes after this post I got an email from EF. Not the one Ace1 posted. Amongst other stuff it said <<As you already changed your password in recent days, no further action is necessary.>>
__________________
It's all a matter or perspective.
So move your butt and look at it from the other side

Last edited by curley; 23.01.2019 at 20:35.
Reply With Quote
This user would like to thank curley for this useful post:
  #171  
Old 23.01.2019, 20:24
3Wishes's Avatar
Moderately Amused
 
Join Date: Jul 2010
Location: Bern area
Posts: 11,470
Groaned at 92 Times in 87 Posts
Thanked 19,984 Times in 8,842 Posts
3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
Still waiting for my email!
It's possible that some people think they're using one email for EF when they're actually using another. Sometimes people sign up with temporary email addresses, in which case they'll never get a notice.

If anyone has not received the email yet, you're welcome to check your profile to verify the email address is correct, and while you're there you can change your password.
  • Go to Control Panel at the top of the screen.
  • On the left side menu tree, click Edit Email and Password
  • You'll see which email you're using for EF.
  • Update fields as necessary
  • Save changes

I didn't get the email either, but I changed my password right away out of caution. Perhaps the email only went out to users that had not yet changed?

Honestly, I'm trying to figure out what all the fuss is about and why people are freaking out so much. As best I can tell, there were only 2 users out of tens of thousands that received the scam email, and the passwords shown in the message were old/outdated - meaning there's no recent breach.

In addition, I'll quote what EPMike shared in post #58, which is a quote from the owner of haveibeenpwned: "As with any website, if you're concerned about the intent or security, don't use it."

Anyone who finds their email address on haveibeenpwned may think it came from EF, but that's not necessarily the case. My current EF email is not on that site, and I've had this email for quite a while. My old EF email does appear in a search, but it says the breach was related to Disqus. Disqus announced the breach in 2017, but said it dated to July of 2012.

Also in case you missed it, EditorBob edited his earlier posts to give the link to this page, which contains the same info as was/is in the email sent out: https://www.englishforum.ch/security/
Reply With Quote
This user would like to thank 3Wishes for this useful post:
  #172  
Old 23.01.2019, 20:56
Guest
 
Posts: n/a
Re: Englishforum security breach?

Quote:
View Post
Strange! I didn't receive the above!
I did today. But the cut off date for freezing non- changed-password accounts is cited as 13/01/19.
Reply With Quote
The following 2 users would like to thank for this useful post:
  #173  
Old 24.01.2019, 05:52
Forum Legend
 
Join Date: Mar 2009
Location: Zurich
Posts: 13,871
Groaned at 1,320 Times in 886 Posts
Thanked 20,733 Times in 7,947 Posts
Chuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond reputeChuff has a reputation beyond repute
Re: 2019 Englishforum.ch User Database Security Breach

Quote:
View Post
Q. When were you made aware about a potential breach?
A. Yesterday afternoon.

Q. Why was there so far no information?
A. It wasn't clear that there had been a breach. It still isn't, although it looks more possible today than it did yesterday.

Q. When did this breach happen?
A. If there is a breach, don't know. First I heard was when SwissMorgs reported something yesterday.

Q. What amount of data was stolen copied and how many users are affected?
A. Don't know.

Q. Has the attack vector been identified and fixed?
A. No.

Q. Why are the passwords stored in plain text or in an other non secure format?
A. Passwords are not stored in plain text. The passwords for this version of vBulletin are stored in the database as md5(md5($password) + $salt). Browser-side cookies are saved as md5(md5(md5($password) + $salt) + COOKIE_SALT) where COOKIE_SALT is the license ID of the software.

Q. Was the breach through the server software/forum code or through advertiser injected code changes?
A. If there is a breach, don't know.

Q. Rumor has a rogue Mod once copied user data in the past (several years ago). Is this related?
A. I don't know about this.

EDIT: Click for the full update: englishforum.ch/security
The latest version of vbulletin has 2 factor authentication enabled. This is pretty much essential.

If you are not regularly updating to newer and more stable major versions of vbulletin with modern security features then you are not being security conscious. Version 3.8.4 was released in 2009, 10 years ago. https://www.vbulletin.com/forum/foru...3-8-4-released

Some would say you have possibly been a little negligent in that regard.

Last edited by Chuff; 26.01.2019 at 07:51.
Reply With Quote
  #174  
Old 24.01.2019, 06:32
Banned
 
Join Date: Jan 2019
Location: close to the frontier
Posts: 1,018
Groaned at 140 Times in 85 Posts
Thanked 597 Times in 379 Posts
Clocker has become a little unpopular
Re: Englishforum security breach?

Quote:
View Post
there were only 2 users out of tens of thousands that received the scam email
No, apparently only 2 users reported having received the email. That's quite different.
Reply With Quote
This user would like to thank Clocker for this useful post:
  #175  
Old 24.01.2019, 07:46
nigelr's Avatar
Forum Veteran
 
Join Date: Apr 2009
Location: Aargau
Posts: 1,712
Groaned at 118 Times in 59 Posts
Thanked 2,140 Times in 942 Posts
nigelr has a reputation beyond reputenigelr has a reputation beyond reputenigelr has a reputation beyond reputenigelr has a reputation beyond reputenigelr has a reputation beyond repute
Re: Englishforum security breach?

Still a bit confused that some people who joined EF after me got an email and I didn't, but I'm sure it makes sense to someone.

And I'm not confused over which email address I used (it's the one outside the house on the letter box and hasn't changed for years).
Reply With Quote
The following 2 users would like to thank nigelr for this useful post:
  #176  
Old 24.01.2019, 07:53
Guest
 
Posts: n/a
Re: Englishforum security breach?

GMX doesn't deliver our emails for some reason. You probably don't receive notifications about thread subscriptions and personal messages either.

By the way, GMX is one of the very few major email providers that still doesn't offer 2FA. So while it's fine for throw-away addresses used to register on forums etc., it probably shouldn't be used for anything important such as banking or currency exchange accounts.
Reply With Quote
The following 5 users would like to thank for this useful post:
  #177  
Old 24.01.2019, 08:10
JagWaugh's Avatar
RIP
 
Join Date: Apr 2009
Location: Eglisau
Posts: 7,248
Groaned at 46 Times in 45 Posts
Thanked 14,131 Times in 5,506 Posts
JagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond reputeJagWaugh has a reputation beyond repute
Re: Englishforum security breach?

Quote:
View Post
GMX doesn't deliver our emails for some reason. You probably don't receive notifications about thread subscriptions and personal messages either.

By the way, GMX is one of the very few major email providers that still doesn't offer 2FA. So while it's fine for throw-away addresses used to register on forums etc., it probably shouldn't be used for anything important such as banking or currency exchange accounts.
If you did a mass mailing, and didn't throttle the send rate, then gmx may have blacklisted EF.

You normally get a bounce message when this happens. You just mail them and ask them to take EF off their blacklist (and promise not to do it again).
Reply With Quote
This user would like to thank JagWaugh for this useful post:
  #178  
Old 24.01.2019, 08:13
Guest
 
Posts: n/a
Re: Englishforum security breach?

Emails are thoroughly throttled. That's why some received when others hadn't.

This isn't a new thing, they've been blocking for years. Same on the Toytown Germany forum. And they've ignored whitelist requests.

It's a silent block, no bounce.
Reply With Quote
  #179  
Old 24.01.2019, 08:53
Banned
 
Join Date: Jan 2019
Location: close to the frontier
Posts: 1,018
Groaned at 140 Times in 85 Posts
Thanked 597 Times in 379 Posts
Clocker has become a little unpopular
Re: Englishforum security breach?

Quote:
the cut off date for freezing non- changed-password accounts is cited as 13/01/19.
The date is incorrect. I changed mîne yesterday, so 10 days after.
Reply With Quote
  #180  
Old 24.01.2019, 09:01
Belgianmum's Avatar
Roastbeef & Yorkshire mod
 
Join Date: Jan 2010
Location: Neuchâtel
Posts: 13,832
Groaned at 267 Times in 226 Posts
Thanked 23,514 Times in 9,605 Posts
Belgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond reputeBelgianmum has a reputation beyond repute
Re: Englishforum security breach?

Quote:
I did today. But the cut off date for freezing non- changed-password accounts is cited as 13/01/19.
What is wrong with that?
I understood it to mean that if you have not already changed you password (after January 13 2019) you need to do so otherwise your account will be locked.
What the email did not specify was how much time they were giving users to change their passwords before locking the accounts.

People who have already changed their password (after 13.01.2019) received the message that as their password had already been changed no other action was required.
Reply With Quote
Reply

Tags
englishforum hack, password stolen, security breach, security password hack




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security breach: avoid buying online and using ATMs [Heartbleed Vulnerability] olygirl TV/internet/telephone 27 07.06.2014 15:10
A security breach happened at [fill in the blank aSwissInTheUS Daily life 1 21.05.2014 18:44
Major security breach at LinkedIn Castro TV/internet/telephone 13 07.06.2012 17:17
US issued card holders take note ( security breach issue ) jrspet International affairs/politics 1 31.03.2012 14:54
Guardian Jobs in UK - Security Breach transition International affairs/politics 0 26.10.2009 13:51


All times are GMT +2. The time now is 07:52.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0