Go Back   Android Forums > Community Info & Talk > Site Updates & Announcements

Get excited for the Samsung Galaxy S5! Find everything you need and discuss it in our Galaxy S5 Forum!

Like Tree101Likes

test: Reply
 
LinkBack Thread Tools
Old July 17th, 2012, 01:05 PM   #251 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,016
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 644
Thanked 15,609 Times in 3,009 Posts
phases78@gmail.com
Default

Quote:
Originally Posted by bris1112 View Post
The email account associated with my androidforums account was compromised on 7/11/12. I started to receive failed delivery status emails for those spam attempts from my account to dead email addresses.

I was notified of the spam by a person in my address book. Embarrassing.

I had not logged into the forum in some time and did so today at random. I agree with some of the previous posters that an email from this site informing me of the breach would have helped.
Thank you for the report - passing it up to Rob.

Unless that password is what you use for your gmail account - they wouldn't (shouldn't?) be related. If it is.. it is my understanding the way the passwords are salted it would be really hard or not possible to crack that password, but I'm not 100% on that. Need to hear from the server/developer team.

__________________
Every forum should have a Phases.
Phases is offline  
Last edited by Phases; July 17th, 2012 at 02:09 PM.
Reply With Quote
sponsored links
Old July 18th, 2012, 08:58 PM   #252 (permalink)
New Member
 
Join Date: Apr 2012
Posts: 6
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

How do I change my password? I cant find a settings link under my profile.
GmasterFJ is offline  
Reply With Quote
Old July 18th, 2012, 09:00 PM   #253 (permalink)
Done by choice
 
Kelmar's Avatar
 
Join Date: Nov 2009
Posts: 11,819
 
Device(s):
Carrier: Not Provided

Thanks: 1,132
Thanked 4,783 Times in 2,658 Posts
Default

http://androidforums.com/androidforums.com/profile.php?do=editpassword
Kelmar is offline  
Reply With Quote
Old July 26th, 2012, 10:22 AM   #254 (permalink)
New Member
 
Join Date: Mar 2010
Posts: 7
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 3 Times in 3 Posts
Default

As somebody that just found out about this breach, I will add my voice to those that say an email should have been sent.

Because the notice is no longer on the front page, had I not stumbled into the part of the forum, I still would not know about this problem.

For those that say, but it is a million plus email messages, then set some arbitrary date. Notify those with activity after that date, and lock those accounts with no activity prior to that date to force a password change.

Time to go chage a few passwords...
kbimler is offline  
Reply With Quote
The Following User Says Thank You to kbimler For This Useful Post:
EarlyMon (July 26th, 2012)
Old July 26th, 2012, 10:31 AM   #255 (permalink)
Senior Member
 
Pitamakan's Avatar
 
Join Date: Jan 2010
Location: Bozeman, Montana
Posts: 586
 
Device(s): HTC Droid Eris (retired)
Carrier: Not Provided

Thanks: 10
Thanked 82 Times in 58 Posts
Default

You know, in the age of the 21st-century Internet, that many e-mails really isn't that big a deal. The staff just didn't want to have to deal with the increased volume of questions that would inevitably ensue ... it was much easier to let the non-current forum users go through life unaware that their passwords had been compromised.

Bottom line, the message is this: this place cares a little bit about the people who are currently providing content for their forums, but not at all for the people who used to do that.
Pitamakan is offline  
Reply With Quote
Old July 26th, 2012, 11:10 AM   #256 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,031
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,693
Thanked 54,828 Times in 21,864 Posts
Default

Please don't say what the staff wanted when you're not on staff.

You've made it clear in your repeated posts that you don't believe us and you don't want to believe us.

We've done our level best to explain the situation and our handling of it, in a forthright and open manner, in this thread.

At this point, you're really just throwing rocks and repeating that we're guilty of thinking and doing things that are only true according to what you have chosen to believe.

There's really nothing more that we can say to help you understand, we've said it, yet your mind is made up.

PS - a great number of our members have opted out of receiving admin email from us. We could not have reached the entire membership in any case.
__________________
|

Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.

Links: Site Rules / Guidelines -and- Zero Tolerance Policy (All Members Read)


For right-on help, the Thanks button is on the right of the post.
For anything out in left field, the /!\ report button is to the left.

Remember, it's our forums and we're all in this together - so let's keep it cool!

Shoot the breeze at the best new gun forum!
EarlyMon is online now  
Last edited by EarlyMon; July 26th, 2012 at 11:16 AM.
Reply With Quote
The Following 4 Users Say Thank You to EarlyMon For This Useful Post:
9to5cynic (August 11th, 2012), agentc13 (July 26th, 2012), El Presidente (July 26th, 2012), Xyro (July 26th, 2012)
Old July 26th, 2012, 12:36 PM   #257 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,031
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,693
Thanked 54,828 Times in 21,864 Posts
Default

Quote:
Originally Posted by kbimler View Post
As somebody that just found out about this breach, I will add my voice to those that say an email should have been sent.

Because the notice is no longer on the front page, had I not stumbled into the part of the forum, I still would not know about this problem.

For those that say, but it is a million plus email messages, then set some arbitrary date. Notify those with activity after that date, and lock those accounts with no activity prior to that date to force a password change.

Time to go chage a few passwords...
We're really sorry about the inconvenience and regret the situation as much as you do.

Please let us know if we can be of service in this.
EarlyMon is online now  
Reply With Quote
The Following User Says Thank You to EarlyMon For This Useful Post:
Unforgiven (July 26th, 2012)
Old July 26th, 2012, 01:07 PM   #258 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,016
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 644
Thanked 15,609 Times in 3,009 Posts
phases78@gmail.com
Default

I've asked Rob to come weigh in, give him a couple minutes..
Phases is offline  
Reply With Quote
The Following 4 Users Say Thank You to Phases For This Useful Post:
EarlyMon (July 26th, 2012), NightAngel79 (July 28th, 2012), Unforgiven (July 26th, 2012), Xyro (July 26th, 2012)
Old July 26th, 2012, 01:20 PM   #259 (permalink)
Rob
I'm tellin' mommy on you!
 
Rob's Avatar
 
Join Date: Mar 2008
Posts: 1,133
 
Device(s):
Carrier: Not Provided

Thanks: 30
Thanked 2,128 Times in 262 Posts
Send a message via AIM to Rob
Default

Not sending a mass e-mail to the 1,000,000+ members was my decision. Contrary to many of the assumptions made in this thread, the decision was NOT made because we don't care about our members and don't want to create more support related questions/work. The entire decision was based on technical challenges.

Android Forums previously leveraged E-Mail in many ways, including registration verification and instant e-mail notifications. As the site grew exponentially, AF was sending out thousands and thousands of E-Mails every hour, and mail servers began to assume our site was sending out spam. After 6 months of dealing with mail serving blacklists that created humongous problems, we de-prioritized E-Mail so the site could function more smoothly.

A one-off E-Mail to 1,000,000+ users could have an incredibly negative impact on the site, instantly sucking us back into a hole that took quite awhile to climb out of. We've been researching solutions for our E-Mail woes but I can assure you, it's much easier said than done. It's much more complicated than writing an E-Mail, uploading the E-Mail addresses, and pushing a button. The potential consequences are numerous and far reaching.

Again, I want to reiterate that this was my personal decision. Please don't point the fingers at our staff of Admins, Mods, and Guides- they've brought these matters to my attention swiftly and have the interest of AF members at the absolute top of their priority list. In fact, they deserve a huge round of a applause at the amazing job they've done and continue to do.

If you'd prefer to boo, then those boos should be directed at me, but hopefully I've alleviated at least some of your concerns as to the reason we can't currently fulfill your requests. We'll continue to look for opportunities to improve AF and this E-Mail deficiency is certainly a sore spot for us. As always, you're criticisms and suggestions are welcomed and appreciated- they help us improve which is our everlasting goal.

Thanks to everyone for sticking with us through thick and thin!
Rob is offline  
Reply With Quote
The Following 14 Users Say Thank You to Rob For This Useful Post:
9to5cynic (August 11th, 2012), agentc13 (July 26th, 2012), AntimonyER (July 26th, 2012), dautley (July 26th, 2012), davoid (August 8th, 2012), EarlyMon (July 26th, 2012), El Presidente (July 26th, 2012), kbimler (July 26th, 2012), NightAngel79 (July 28th, 2012), Phases (July 26th, 2012), Rachel A (July 26th, 2012), treb1797 (July 28th, 2012), Unforgiven (July 26th, 2012), Xyro (July 26th, 2012)
Old July 26th, 2012, 01:49 PM   #260 (permalink)
New Member
 
Join Date: Mar 2010
Posts: 7
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 3 Times in 3 Posts
Default

Rob,

Thanks for taking the time to let us know what went into your decision to not send out email messages. I understand the ramifications of sending out a million email messages could have caused. It would have just been helpful to have know about this security issue less than 16 days after it happened, and then only because I happened to scroll all the way to the bottom of the page (something I rarely ever do).
kbimler is offline  
Reply With Quote
The Following User Says Thank You to kbimler For This Useful Post:
EarlyMon (July 26th, 2012)
sponsored links
Old July 26th, 2012, 01:56 PM   #261 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 21,683
 
Device(s): Note II, S3, Moto X Developer Edition, Nexus 7 (2012 & 2013)
Carrier: Not Provided

Thanks: 13,119
Thanked 14,239 Times in 7,808 Posts
Default

Quote:
Originally Posted by kbimler View Post
Rob,

Thanks for taking the time to let us know what went into your decision to not send out email messages. I understand the ramifications of sending out a million email messages could have caused. It would have just been helpful to have know about this security issue less than 16 days after it happened, and then only because I happened to scroll all the way to the bottom of the page (something I rarely ever do).
For two weeks there was a red banner at the top of every page alerting users to this issue. I didn't realize it was gone.

And thanks Rob, that makes sense about the email blast.
__________________

Join the fun and make some friends, register for free here.
If someone helped, hit Thanks, if you see rude or abusive posts, spam, or threads that need staff attention, hit Report.
Site Rules / Android Forums FAQ
*** Do you want to talk guns? ***

Unforgiven is online now  
Reply With Quote
The Following User Says Thank You to Unforgiven For This Useful Post:
EarlyMon (July 26th, 2012)
Old July 26th, 2012, 02:16 PM   #262 (permalink)
New Member
 
Join Date: Mar 2010
Posts: 7
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 3 Times in 3 Posts
Default

Reading through the thread I got the impression that there was a much larger notification initially. I just probably had not been on the forums here for at least a month, probably even longer.

I'm not too concerned about it. The worst thing that was going to get hacked by this security issue was a number of other forums that I visit that may have had the same password (don't even know for sure if they did).
kbimler is offline  
Reply With Quote
The Following User Says Thank You to kbimler For This Useful Post:
EarlyMon (July 26th, 2012)
Old July 26th, 2012, 02:20 PM   #263 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 21,683
 
Device(s): Note II, S3, Moto X Developer Edition, Nexus 7 (2012 & 2013)
Carrier: Not Provided

Thanks: 13,119
Thanked 14,239 Times in 7,808 Posts
Default

Quote:
Originally Posted by kbimler View Post
Reading through the thread I got the impression that there was a much larger notification initially. I just probably had not been on the forums here for at least a month, probably even longer.

I'm not too concerned about it. The worst thing that was going to get hacked by this security issue was a number of other forums that I visit that may have had the same password (don't even know for sure if they did).
It was mainly the banner and a few of us that linked to it in our signature.
Unforgiven is online now  
Reply With Quote
Old July 26th, 2012, 02:50 PM   #264 (permalink)
AF Addict
 
AntimonyER's Avatar
 
Join Date: Jun 2010
Location: Statesboro, GA
Posts: 13,546
 
Device(s): Droid DNA, Nexus 7 16GB
Carrier: Verizon

Thanks: 5,016
Thanked 9,309 Times in 4,999 Posts
Default

Thanks for the update Rob.

Phases/Mods - can we get a link to Rob's post in the OP?
__________________
Site Rules & Guidelines
Got some help? Hit Thanks!
See something you like? Hit Like!
See something you hate? Hit Report!
AntimonyER is online now  
Reply With Quote
The Following 2 Users Say Thank You to AntimonyER For This Useful Post:
EarlyMon (July 26th, 2012), NightAngel79 (July 28th, 2012)
Old July 26th, 2012, 02:56 PM   #265 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,016
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 644
Thanked 15,609 Times in 3,009 Posts
phases78@gmail.com
Default

Good idea.
Phases is offline  
Reply With Quote
The Following 2 Users Say Thank You to Phases For This Useful Post:
AntimonyER (July 26th, 2012), EarlyMon (July 26th, 2012)
Reply


Go Back   Android Forums > Community Info & Talk > Site Updates & Announcements
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 09:04 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.