Go Back   Android Forums > Community Info & Talk > Site Updates & Announcements

Get excited for the Samsung Galaxy S5! Find everything you need and discuss it in our Galaxy S5 Forum!

Like Tree101Likes

test: Reply
 
LinkBack Thread Tools
Old July 10th, 2012, 01:30 PM   #1 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,016
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 644
Thanked 15,610 Times in 3,009 Posts
phases78@gmail.com
Default Important Notice - Security Breach

Before reading this - please take a moment to change your password on androidforums.com. This can be done while logged in through your UserCP, or using the "forgot your password?" page if logged out.


I have some unfortunate news to pass along. Yesterday I was informed by our sever/developer team that the server hosting androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical).

The trust of our users is extremely important and several staff members worked through the afternoon, evening, night, and morning to ensure we're doing everything possible to regain complete security.

Here are the facts:

- The exploit used has been identified and resolved. The server has been further hardened and extra "just in case" actions have been taken.. and will continue to be taken.

- All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads.

- No other sites in our network appear to have been accessed (we're triple checking).

- The user table of AndroidForum's database was (at a minimum) accessed. While we can't prove or disprove whether or not the data was downloaded (due to the way the data was transferred), it's completely possible.. and we've taken action assuming this is the case.

- Information in the user database includes: Unique ids, usernames, emails, hashed (encoded) and salted passwords, registration IP addresses, usergroup memberships, infraction levels, last time online, last post date, post count... as well as far less critical things like number of PMs, visitor messages, last online dates, and some vbulletin options set in your UserCP.

- Immediately following the incident, all ~100 staff were notified of a pending password change - and all passwords to were changed to random strings. Almost all are back in with new passwords. Because gaining access to a staff member account could pose the biggest threat, we first moved to secure these accounts.

What Probably Happened

This was, in our current opinion, most likely an e-mail harvesting attempt. A spammer could theoretically attempt to bulk e-mail all AF users with the user database. Luckily, GMail and similar e-mail services offer a "spam" button that helps it to collectively identify and automatically filter potential spam.

It's also absolutely possible that nothing of consequence happened. There is some chance they did not get enough of the database to matter, did this for fun to see if they could, or will not move forward with any plans after finding out we're actively investigating. This is a serious offense and you can best bet we are doing just that.

What Could Happen?

We take matters like these incredibly seriously and want to make sure you're warned of ALL the possibilities, regardless of how slim the chances. You can never be too safe, so we're asking you to consider the possibilities and protect accordingly.

- This could be someone who is upset with us who hopes to use the information against staff

- With username, email, and IP information, a skilled hacker could pretend to be other users.

- They could blackmail us and threaten to publish the information publicly.

- Knowing your IP one can get a general idea of where you are located in the world, though most your IPs are dynamic and will change before too long anyway.

- With a username and hashed password one could open a session with accounts on other sites that use the same credentials - if they gain file level access to that site first. These were salted passwords which adds to the complexity, but nonetheless we recommend playing it safe.

What should you do?

Although we're confident the threat is neutralized it is still highly recommended that you change your password here and on other sites where you use the same username/password. This can be done while logged in through your UserCP, or using the "forgot your password?" page if logged out. You can also contact me via PM or Contact Form and we will help you if you need.

No website wants to make an announcement like this. I assure you we, as the Neverstill Team, could not apologize profusely enough. Websites come under attack all time time - and sometimes the bad guys make it in. Unfortunately for us, yesterday was our time. We have been attacked before but never breached, and please know we are going to continue to do everything in our power to ensure it doesn't happen again.

If you have any questions please let us know - we will do our best to answer them. I will leave this thread open for discussion as long as it remains productive.

-Phases, Rob, and the Neverstill Team

UPDATE: I forgot to mention. If you are using an Android Application to access the forums (Tapatalk, Phandroid App) - they will not register the password change and may flood your email with "someone has tried to access your account" emails. Unfortunately the only advice I have for that is to uninstall/re-install the app, if you cannot change your password from within.

UPDATE 2: If you are requesting account deletions, please email me at phases@phandroid.com with the email account you registered with. Thanks for understanding.

UPDATE 3:Rob's weighs in on why no mass email was sent - here.

__________________
Every forum should have a Phases.
Phases is offline  
Last edited by Phases; July 26th, 2012 at 02:57 PM.
Reply With Quote
The Following 516 Users Say Thank You to Phases For This Useful Post:
1lmfl1 (July 17th, 2012), 2BH (July 11th, 2012), 2k2cse (July 16th, 2012), 2momo123 (July 12th, 2012), 2old4this (July 10th, 2012), 3finger (July 10th, 2012), 7zero (July 10th, 2012), 91Firebirder (July 11th, 2012), 987456321 (July 11th, 2012), 9to5cynic (July 10th, 2012), aaanadie (July 10th, 2012), aboatright (July 10th, 2012), Adauth (July 12th, 2012), agentc13 (July 15th, 2012), ajay.acharyakv (July 11th, 2012), alanbcohen (July 11th, 2012), algadeed (July 10th, 2012), AlissaLL3 (July 12th, 2012), alsaces daddy (July 13th, 2012), amenamen (July 17th, 2012), amiratafari (September 6th, 2012), amk2795 (July 11th, 2012), amswink (July 10th, 2012), AMTrombley0924 (July 11th, 2012), An UrgeTo Dance (July 10th, 2012), Andima (July 12th, 2012), AndroidGuy139 (July 17th, 2012), Androman (July 12th, 2012), andruoid (July 11th, 2012), AndyOpie150 (July 11th, 2012), AntimonyER (July 10th, 2012), Aquababe (July 11th, 2012), Archangel1280 (July 11th, 2012), argedion (July 10th, 2012), ArielAguayo (July 13th, 2012), ArmageddonX (July 10th, 2012), Arthur2142 (July 10th, 2012), Ash128 (July 18th, 2012), Ashanmaril (July 12th, 2012), asheehanjr (July 11th, 2012), Atma (July 10th, 2012), avinashmeena (July 13th, 2012), avushkaa (July 10th, 2012), awesomeofsauce (July 10th, 2012), ayush29k (July 11th, 2012), B2L (July 10th, 2012), BabyBlues (July 10th, 2012), badblue1 (July 11th, 2012), Bageland2000 (July 16th, 2012), baldmosher (July 11th, 2012), Ballymoss (July 10th, 2012), Bandaid (July 10th, 2012), bart2201 (July 11th, 2012), bbuck002 (July 12th, 2012), BeatNavy (July 11th, 2012), bellefsen (July 10th, 2012), BenChase7 (July 10th, 2012), bennyben (July 16th, 2012), benslgdroid (July 11th, 2012), bestrooted (July 10th, 2012), Big Oil (July 14th, 2012), bigmike661 (July 11th, 2012), biker57 (July 10th, 2012), bjmads (July 11th, 2012), BKiv (July 11th, 2012), blackimp (July 13th, 2012), blmbmj (July 13th, 2012), BlueBiker (July 12th, 2012), BlueDynamo (July 12th, 2012), Bob Cat (July 10th, 2012), bradhoschar (July 11th, 2012), brandonhutch (July 16th, 2012), brooklynsour (July 11th, 2012), BruceC (July 11th, 2012), brzimmer (July 11th, 2012), bulldog69 (July 11th, 2012), CafeKampuchia (July 10th, 2012), Capn069 (July 10th, 2012), Captain Mike (July 10th, 2012), Captainblack (July 15th, 2012), carney (July 13th, 2012), carschina (July 13th, 2012), CDPlant (July 11th, 2012), cell0ne (July 10th, 2012), chamba (July 15th, 2012), changky (July 11th, 2012), chaz_uk (July 12th, 2012), Cheetah1971 (July 12th, 2012), chrisluger2012 (July 17th, 2012), chrisstone (July 12th, 2012), chrlswltrs (July 10th, 2012), CJ0206 (July 15th, 2012), cliffgamerz (July 12th, 2012), CO Diver (July 13th, 2012), Colinr1234 (July 12th, 2012), Coraskant (July 11th, 2012), corbinator (July 11th, 2012), Covart (July 10th, 2012), CR1050 (July 16th, 2012), CrackBaby (July 12th, 2012), Crashumbc (July 12th, 2012), CriticalCritic (July 10th, 2012), Cuda13 (July 10th, 2012), cujo9999 (July 11th, 2012), cvic (July 13th, 2012), cwgraf71 (July 10th, 2012), cwhatever (July 10th, 2012), Cythes (July 11th, 2012), D-U-R-X (July 10th, 2012), daenas (July 13th, 2012), dAk_AyTaM (July 19th, 2012), damewolf13 (July 10th, 2012), danaj (July 12th, 2012), DanDroide (July 11th, 2012), DarcMasta (July 12th, 2012), darkcyber (July 10th, 2012), dautley (July 10th, 2012), davlob (July 14th, 2012), dawnierae (July 10th, 2012), dazxpat (July 13th, 2012), Deadlyimpact (July 14th, 2012), deedashstef (July 11th, 2012), dentist29 (July 18th, 2012), det1726 (July 14th, 2012), dgrobe2112 (July 11th, 2012), disciplexone (July 10th, 2012), DMajor239 (July 16th, 2012), Dmeeks90 (July 10th, 2012), DocTee (July 13th, 2012), dogdayz (July 10th, 2012), DonB (July 10th, 2012), doxcyguy617 (July 17th, 2012), dragonfinder1 (September 4th, 2012), DragonSlayer95 (July 11th, 2012), DrexelDragon (July 11th, 2012), Driftfog (July 12th, 2012), droblyer (July 15th, 2012), DroidoverApple (July 14th, 2012), droidsix (July 12th, 2012), DroidUser1 (July 15th, 2012), Droidxxxxx (July 13th, 2012), dstuttgen (July 12th, 2012), dually656 (July 19th, 2012), Duckster (July 12th, 2012), dunjamon (July 11th, 2012), durak (July 11th, 2012), dustwun77 (July 11th, 2012), EarlyMon (July 10th, 2012), eddietse91 (July 14th, 2012), egill (July 12th, 2012), egustero (July 12th, 2012), El Presidente (July 10th, 2012), Elphie28 (July 10th, 2012), ElTurt (July 13th, 2012), Encerspay (July 13th, 2012), Essjay22 (July 10th, 2012), exomatrix (July 12th, 2012), Familyguy1 (July 11th, 2012), farren (August 3rd, 2012), fasteddie345 (July 17th, 2012), FirebirdStud (July 16th, 2012), fmalcolmr (July 12th, 2012), Forestinjersey (July 10th, 2012), fp99 (July 10th, 2012), fratermus (July 11th, 2012), freesoul27 (July 12th, 2012), frenchy714 (July 11th, 2012), frg (July 13th, 2012), Fuzzy13 (July 10th, 2012), GalaxyNexus (July 10th, 2012), gbiggie (July 10th, 2012), General_Crespin (July 12th, 2012), gexnefx (July 12th, 2012), GiftedPlacebo (July 11th, 2012), gkak (July 11th, 2012), Glad2BMe (July 17th, 2012), Glas67 (July 11th, 2012), godsdragon (July 13th, 2012), goldz28 (July 11th, 2012), gorillabait (July 11th, 2012), gradymcd (July 15th, 2012), Granite1 (July 10th, 2012), GregM_AZ (July 11th, 2012), Grenge (July 11th, 2012), GTurn (July 11th, 2012), Hadron (July 10th, 2012), Hal_Chase (July 13th, 2012), HanSolo (July 10th, 2012), Harry D (July 11th, 2012), HarshReality (July 11th, 2012), hdapeiris (July 18th, 2012), Hdjc28 (July 10th, 2012), Helloneumann (July 11th, 2012), Herman1941 (July 10th, 2012), hillbilly352 (July 10th, 2012), hmvs (July 14th, 2012), hvrc (July 10th, 2012), ihackedmypc (July 13th, 2012), in2uition (July 12th, 2012), InGearX (July 12th, 2012), iowabowtech (July 10th, 2012), ironass (July 10th, 2012), isaemm (July 10th, 2012), isdaako (July 13th, 2012), iSlackerz (July 13th, 2012), J.Rawand (July 12th, 2012), J03 (July 12th, 2012), J6Remy (July 11th, 2012), JaeWeb (July 17th, 2012), jasonzech (July 16th, 2012), javasirc (July 11th, 2012), JB in AZ (July 10th, 2012), Jb07 (July 11th, 2012), jbdan (July 10th, 2012), Jcutter (July 10th, 2012), jehowe (July 16th, 2012), jenkinhill (July 11th, 2012), Jenn L. (July 10th, 2012), jennafiree (July 12th, 2012), jerrstan (July 12th, 2012), jerryeight (July 14th, 2012), Jgnome (July 12th, 2012), jgreetham (July 11th, 2012), jimbo1mcm (July 11th, 2012), jimmur_2000 (July 11th, 2012), jmar (July 10th, 2012), John - Rhoslan (July 10th, 2012), jonathanwills (July 12th, 2012), jonbonazza (July 10th, 2012), jondroot (July 13th, 2012), JooSki (July 14th, 2012), JRbong2k (July 18th, 2012), jroc (July 11th, 2012), jtw1216 (July 11th, 2012), JubbaTheHutt (July 10th, 2012), JusAnt (July 11th, 2012), karendar (July 18th, 2012), Kaylesh (July 10th, 2012), kelela92 (July 11th, 2012), Kie (July 16th, 2012), kiloromeo (July 16th, 2012), KiwiD13 (July 12th, 2012), kjss (July 10th, 2012), Kn1nJa (July 12th, 2012), kowatl (July 17th, 2012), kristopher5823 (July 11th, 2012), Lars (July 11th, 2012), LaTuFu (July 17th, 2012), lccpor123 (July 15th, 2012), Leemann (July 11th, 2012), lifeblows10 (July 10th, 2012), Lilmo (July 18th, 2012), linuxrich (July 12th, 2012), Loco4LosChe (July 11th, 2012), Logan47 (July 10th, 2012), Looking4beach (July 12th, 2012), Loota (July 12th, 2012), Lordvincent 90 (July 10th, 2012), lortay78 (July 17th, 2012), lotsip81 (July 11th, 2012), LoveMyPhone (July 10th, 2012), Lucky Armpit (July 12th, 2012), Luniz2k1 (July 12th, 2012), Lynniepops (July 12th, 2012), mach1man (July 10th, 2012), macjay420 (July 14th, 2012), mAcRoS (July 14th, 2012), Malpat (July 10th, 2012), mamawm (July 11th, 2012), ManlyParasite (July 11th, 2012), Marcha (July 10th, 2012), marctronixx (July 10th, 2012), mariadroid (July 10th, 2012), marky1124 (July 15th, 2012), Martimus (July 11th, 2012), martingroso (July 11th, 2012), mavrikmeercat (July 10th, 2012), maximusx8 (July 12th, 2012), McGilli (July 11th, 2012), MCL777 (July 12th, 2012), MegaVortex (July 11th, 2012), menonro (July 11th, 2012), metal571 (July 10th, 2012), Metroid Prime (July 10th, 2012), Mexjoker (July 10th, 2012), mfzero (July 13th, 2012), mh53eplt (July 11th, 2012), MightyFurcules (July 12th, 2012), mikedt (July 10th, 2012), Mikestony (July 10th, 2012), Miralcos (July 14th, 2012), Mobstergunz (July 10th, 2012), MRCMidnight (July 10th, 2012), MrPeter1985 (July 16th, 2012), mrpnut (July 11th, 2012), Mulan (July 10th, 2012), mutanti (July 13th, 2012), mydian (July 10th, 2012), myshkin (July 10th, 2012), naees123 (July 17th, 2012), namoroman (July 12th, 2012), nano404 (July 11th, 2012), nawwaf (July 11th, 2012), NeoGrandizer (July 12th, 2012), NetNoggin (July 11th, 2012), NightAngel79 (July 28th, 2012), NightHawk877 (July 11th, 2012), NIGHTWATCH01 (July 16th, 2012), nitroRCs (July 11th, 2012), notdel (July 15th, 2012), novox77 (July 10th, 2012), nowhere1 (July 14th, 2012), nu2andy (July 17th, 2012), ocnbrze (July 11th, 2012), OfTheDamned (July 10th, 2012), OhBe1 (July 11th, 2012), olbriar (July 10th, 2012), olijf (October 15th, 2012), OptiC-ShotS (July 12th, 2012), OptimusLove (July 13th, 2012), Otterboyy (July 12th, 2012), oulmanpe (July 13th, 2012), Outatime (July 10th, 2012), Outlaw.99 (July 11th, 2012), OutOfPhase (July 10th, 2012), Outsane (July 13th, 2012), OverByter (July 12th, 2012), p-bOt (July 11th, 2012), paleodust (July 12th, 2012), palmtree5 (July 10th, 2012), PavementPilot (July 16th, 2012), pedz (July 13th, 2012), Percival (July 10th, 2012), pete_2x4b (July 13th, 2012), Petrah (July 10th, 2012), PGP_Protector (July 13th, 2012), phbair (July 11th, 2012), phojo (July 11th, 2012), Podivin (July 11th, 2012), porkyhontas (July 18th, 2012), pressy4pie (July 10th, 2012), Puppa (July 16th, 2012), QuasiNerd (July 12th, 2012), Quinny898 (July 10th, 2012), r3do (August 5th, 2012), Rachel A (July 10th, 2012), rafier (July 10th, 2012), Ramzes13 (July 10th, 2012), Random24 (July 11th, 2012), RangersK (July 12th, 2012), Rarewolf (July 10th, 2012), Raven2010 (July 14th, 2012), RavenFox (July 11th, 2012), RDTatel (July 11th, 2012), Red Hare (July 10th, 2012), RedMurkal (July 12th, 2012), RedSun (July 10th, 2012), rehsa (July 12th, 2012), Relax196 (July 11th, 2012), Rev. Po-Jay (July 11th, 2012), richboi (July 11th, 2012), RichSz (July 10th, 2012), RigelX (July 11th, 2012), ritzg (August 2nd, 2012), Rob (July 10th, 2012), robert93436 (July 10th, 2012), RobertB-DC (July 16th, 2012), Romulous (July 11th, 2012), ROOTed_PREVAIL (July 11th, 2012), Rootmepls (July 12th, 2012), rparra14 (July 11th, 2012), Rudedawg (July 11th, 2012), Rush (July 10th, 2012), Rxpert83 (July 10th, 2012), ryancmatchett (July 13th, 2012), S3VOL (July 11th, 2012), Sabswifey (July 12th, 2012), Saint2710 (July 18th, 2012), salvy512 (July 11th, 2012), sambowomble (July 11th, 2012), SammyGS2 (July 12th, 2012), sammyz (July 10th, 2012), samrox144 (July 10th, 2012), SamsungAdmire (July 10th, 2012), SamuraiBigEd (July 10th, 2012), samwapp (July 10th, 2012), sandman1555 (July 14th, 2012), sandpipershore (July 18th, 2012), Sandroidfan (July 11th, 2012), sandyrokr (July 14th, 2012), saptech (July 12th, 2012), Sarge1721 (July 31st, 2012), Saxön (July 12th, 2012), ScandaLeX (December 4th, 2012), scanman (July 10th, 2012), scary alien (July 10th, 2012), scooter1942 (July 10th, 2012), ScorpionX (July 10th, 2012), ScottE (July 12th, 2012), scotth501 (July 10th, 2012), scotty85 (July 13th, 2012), Seabee74 (July 11th, 2012), seadog76 (July 12th, 2012), Seadogs (July 11th, 2012), SerialSarpins (July 11th, 2012), sflannery07 (July 10th, 2012), SgtJohn (July 11th, 2012), Shazbat (July 11th, 2012), Shikki1985 (July 11th, 2012), shinru2004 (July 10th, 2012), ShinySide (July 10th, 2012), Shotgun84 (July 11th, 2012), Showme (July 18th, 2012), Sideman (July 12th, 2012), silverfang77 (July 11th, 2012), simrick (July 11th, 2012), singbluesilver (July 15th, 2012), sjs3059 (July 15th, 2012), slimchance (July 10th, 2012), Smokey Joe (July 19th, 2012), smokinjoe1979 (July 10th, 2012), Snake X (July 12th, 2012), snapcase (July 10th, 2012), Sojourn (July 11th, 2012), soopersonic (August 22nd, 2012), SoxFanNH (July 15th, 2012), soyyo150 (July 11th, 2012), SparksGuy (July 13th, 2012), srish2 (July 11th, 2012), Stephmartin71 (July 13th, 2012), Steven58 (July 10th, 2012), stevevercs (July 14th, 2012), Stigy (July 10th, 2012), stlcoptony (July 14th, 2012), Stuntman (July 11th, 2012), sturvey (July 13th, 2012), sugarfree (July 16th, 2012), suntopper (July 14th, 2012), supercampeon22 (July 10th, 2012), SuppliedRelic (October 11th, 2012), SUSS (July 11th, 2012), swr2000 (July 11th, 2012), sysadmn (July 12th, 2012), s_special (July 10th, 2012), Tab88 (July 17th, 2012), taghag (July 11th, 2012), teamstevo (July 13th, 2012), TehGaberz91 (July 10th, 2012), Teklogikal (July 12th, 2012), Thats (July 10th, 2012), The Absolute (July 11th, 2012), thefletch (July 16th, 2012), theonewho (July 14th, 2012), TheRealKTFO (July 11th, 2012), TheRiot (July 10th, 2012), thezman007 (July 18th, 2012), The~Skater~187 (July 10th, 2012), thrylosthyra7 (July 11th, 2012), tiede (July 10th, 2012), Timmay0106 (July 11th, 2012), Tman450 (July 12th, 2012), tnatnatna1 (July 11th, 2012), tony99 (July 16th, 2012), TourGuide (July 11th, 2012), Trek950 (July 10th, 2012), trialnerror (July 11th, 2012), tripdoc79 (July 11th, 2012), Trooper (July 12th, 2012), trophynuts (July 10th, 2012), Tsquared (July 13th, 2012), Tumeg (July 10th, 2012), TVictory (July 10th, 2012), TwinBing (July 12th, 2012), Unforgiven (July 10th, 2012), unquello (July 18th, 2012), varun.chitre15 (July 10th, 2012), vfxraven19 (July 16th, 2012), victrolacola (July 13th, 2012), vijay4b7 (July 11th, 2012), VoidedSaint (July 10th, 2012), Volkrik (July 12th, 2012), vosg (July 11th, 2012), VydorScope (July 12th, 2012), wetbiker7 (July 10th, 2012), whiteturbo (July 11th, 2012), Willie Nelson (July 12th, 2012), wimpiecoetzer (July 13th, 2012), Winddale (July 12th, 2012), Wirefly (July 18th, 2012), Wobblin31 (July 11th, 2012), Wushih (July 12th, 2012), wutwutman (July 12th, 2012), xanderful (July 12th, 2012), xfuchsiax (July 14th, 2012), xhepera (July 14th, 2012), xiteg79 (July 11th, 2012), xwheelsx (July 16th, 2012), xxbazhxx (July 12th, 2012), xxkid123 (July 14th, 2012), Xyro (July 10th, 2012), YankeeDudeL (July 17th, 2012), Zenstrive (July 11th, 2012), zimlokks (July 11th, 2012), ZirDan (July 11th, 2012), Zoandroid (July 10th, 2012), zr0hero (July 11th, 2012)
sponsored links
Old July 10th, 2012, 02:06 PM   #2 (permalink)
♡ Spidey Sense !! ♡ ™
 
DonB's Avatar
 
Join Date: Nov 2009
Location: 18th Hole Of the Golf Course
Gender: Male
Posts: 18,102
 
Device(s): Moto X 16 GB ®/ Stock all the way on AIO Wireless
Carrier: Aio Wireless

Thanks: 6,235
Thanked 6,729 Times in 3,975 Posts
Default

All I can say is WOW, in the diligence and efficient fast work in neutralizing this matter, you guys Rock and I am sure every member here knows that you have there best security and interest in mind. Thanks for all you do and we all appreciate the hard work that you all do to keep us protected and this site running, Well Done
__________________


Sticky: Lost/Stolen or Locked out of Device. Read Here!


Site Rules/Guidelines
If something needs attention, Report it .
If someone helped you, hit to show it.


DonB is online now  
Reply With Quote
The Following 13 Users Say Thank You to DonB For This Useful Post:
Androman (July 12th, 2012), dautley (July 10th, 2012), DMajor239 (July 16th, 2012), droidsix (July 12th, 2012), Duckster (July 12th, 2012), GailK (July 14th, 2012), inferno9209 (July 19th, 2012), Lily1906 (July 11th, 2012), mahesh kumar m (July 11th, 2012), Mkulima (July 26th, 2013), Russ71 (September 14th, 2012), salvy512 (July 11th, 2012), TVictory (July 10th, 2012)
Old July 10th, 2012, 02:12 PM   #3 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 21,691
 
Device(s): Note II, S3, Moto X Developer Edition, Nexus 7 (2012 & 2013)
Carrier: Not Provided

Thanks: 13,120
Thanked 14,244 Times in 7,812 Posts
Default

Let me one to thank Phases, the developers, moderators, and anyone else that helped. I'm sure it was/is a struggle.
Percival and aboatright like this.
__________________

Join the fun and make some friends, register for free here.
If someone helped, hit Thanks, if you see rude or abusive posts, spam, or threads that need staff attention, hit Report.
Site Rules / Android Forums FAQ
*** Do you want to talk guns? ***

Unforgiven is online now  
Reply With Quote
The Following 8 Users Say Thank You to Unforgiven For This Useful Post:
blmbmj (July 13th, 2012), droidsix (July 12th, 2012), hillbilly352 (July 10th, 2012), jerryeight (July 14th, 2012), Lily1906 (July 11th, 2012), Mkulima (July 26th, 2013), Russ71 (September 14th, 2012), Sisteract (July 18th, 2012)
Old July 10th, 2012, 02:33 PM   #4 (permalink)
Senior Member
 
dawnierae's Avatar
 
Join Date: May 2010
Location: VA
Posts: 1,244
 
Device(s): Galaxy S3; Galaxy Nexus ; Droid X ; Droid Incredible; Galaxy Tab 10.1
Carrier: Not Provided

Thanks: 1,580
Thanked 1,179 Times in 558 Posts
Default

Absolutely fantastic, informative post. Thank you and the entire staff for your diligence in not only responding to the breach, but keeping us so well informed. KUDOS to all of you!
kevindroid and aboatright like this.
__________________
I don't suffer from insanity. I rather enjoy it.
dawnierae is offline  
Reply With Quote
The Following 4 Users Say Thank You to dawnierae For This Useful Post:
blmbmj (July 13th, 2012), dautley (July 10th, 2012), droidsix (July 12th, 2012), TVictory (July 10th, 2012)
Old July 10th, 2012, 02:44 PM   #5 (permalink)
Premium Member
 
aboatright's Avatar
 
Join Date: Aug 2011
Location: Orlando,FL
Gender: Male
Posts: 1,061
 
Device(s): Lg Spirit Lg Motion Samsung Admire Lg Esteem HTC EVO 4g Samsung Galaxy S2
Carrier: MetroPCS

Thanks: 240
Thanked 540 Times in 258 Posts
aboatright3605
Default

Thank you so very much for continuing the awesome protection you guys give every member. I applaud your work as does everyone else I'm sure. Thanks again for the announcement.
aboatright is offline  
Reply With Quote
The Following User Says Thank You to aboatright For This Useful Post:
droidsix (July 12th, 2012)
Old July 10th, 2012, 03:00 PM   #6 (permalink)
turbo drinker
 
D-U-R-X's Avatar
 
Join Date: Apr 2011
Location: Sheffield, South Yorkshire
Posts: 16,407
 
Device(s): Nexus 4 (Stock, rooted, 4.4.2), Nexus 7 1st Gen (Stock, rooted, 4.4.2)
Carrier: Orange

Thanks: 10,314
Thanked 6,673 Times in 4,122 Posts
Default

Nobody wants to see this sort of thing happen, but it's good to know that you and the team have our backs!

Thanks again!!
__________________
See something that needs Mod attention? Hit and let us know
Free online storage @ Dropbox - use my link & we both get 500MB extra (when you install Dropbox)
D-U-R-X is online now  
Reply With Quote
The Following User Says Thank You to D-U-R-X For This Useful Post:
droidsix (July 12th, 2012)
Old July 10th, 2012, 03:00 PM   #7 (permalink)
Member
 
Ramzes13's Avatar
 
Join Date: Jan 2010
Location: NJ
Posts: 269
 
Device(s): Samsung Galaxy S3 - Samsung Galaxy Note 10.1
Carrier: Not Provided

Thanks: 86
Thanked 50 Times in 36 Posts
Default

Quote:
Originally Posted by DonB View Post
All I can say is WOW, in the diligence and efficient fast work in neutralizing this matter, you guys Rock and I am sure every member here knows that you have there best security and interest in mind. Thanks for all you do and we all appreciate the hard work that you all do to keep us protected and this site running, Well Done
could not have said it better myself.
__________________
My Little green Robot eats paned glass for dinner and Apples for desert...

Team AndroWook Member
Ramzes13 is offline  
Reply With Quote
The Following User Says Thank You to Ramzes13 For This Useful Post:
droidsix (July 12th, 2012)
Old July 10th, 2012, 03:01 PM   #8 (permalink)
AF Contributor
 
wetbiker7's Avatar
 
Join Date: Jun 2011
Location: Southern California
Gender: Male
Posts: 6,665
 
Device(s): SamsungGalaxy S3, LG Marquee, Asus TF300T 32GB w/ dock, SamsungGalaxy Prevail
Carrier: Boost

Thanks: 1,670
Thanked 2,702 Times in 1,823 Posts
Default

After changing my password, I just received this email:


Dear wetbiker7,

Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: [Redacted]

__________________________________________________ ______________

Whoever hacked AF got my password and tried to access my account. That sux man!

Thanks for the heads up. Glad I changed my password. I don't know if this IP will help you guys but if it does.... bust their ass will ya.
Aswin Wilson likes this.
__________________
Is there a reason you're not rooted yet??
Do the right thing and hit THANKS!
wetbiker7 is online now  
Last edited by Xyro; July 10th, 2012 at 04:16 PM. Reason: It is your own dynamic IP
Reply With Quote
The Following 2 Users Say Thank You to wetbiker7 For This Useful Post:
Russ71 (September 14th, 2012)
Old July 10th, 2012, 03:03 PM   #9 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 21,691
 
Device(s): Note II, S3, Moto X Developer Edition, Nexus 7 (2012 & 2013)
Carrier: Not Provided

Thanks: 13,120
Thanked 14,244 Times in 7,812 Posts
Default

Quote:
Originally Posted by wetbiker7 View Post
After changing my password, I just received this email:


Dear wetbiker7,

Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: [Redacted]

__________________________________________________ ______________

Whoever hacked AF got my password and tried to access my account. That sux man!

Thanks for the heads up. Glad I changed my password.
You will need to change your password in any forum app that you use (e.g. AF forum app, tapatalk, forum runner, etc.) or they will continue to try and log in under your old credentials.
Aswin Wilson likes this.
Unforgiven is online now  
Last edited by Xyro; July 10th, 2012 at 04:16 PM.
Reply With Quote
The Following 3 Users Say Thank You to Unforgiven For This Useful Post:
Androman (July 12th, 2012), Steven58 (July 10th, 2012), wetbiker7 (July 10th, 2012)
Old July 10th, 2012, 03:09 PM   #10 (permalink)
Senior Member
 
trophynuts's Avatar
 
Join Date: Jul 2010
Location: SouthEastern US
Posts: 5,497
 
Device(s): Iphone 5
Carrier: Verizon

Thanks: 1,823
Thanked 1,849 Times in 1,183 Posts
Default

like you said Things like this always have a possibility of happening. It seems as though it was handled accordingly. So thanks for that.
wetbiker7 likes this.
trophynuts is offline  
Reply With Quote
The Following User Says Thank You to trophynuts For This Useful Post:
Unforgiven (July 10th, 2012)
sponsored links
Old July 10th, 2012, 03:09 PM   #11 (permalink)
Resident Ninja
 
VoidedSaint's Avatar
 
Join Date: Feb 2010
Posts: 8,153
 
Device(s): Moto X
Carrier: Verizon

Thanks: 1,280
Thanked 2,146 Times in 1,369 Posts
nick.keatts@gmail.com
Default

i am also very surprised at how quick a solution was offered to everyone, it didnt take any time, and the matter got resolved very quickly. I am also glad to know that this community will gladly inform people of situations that arise, and want you to protect yourself in every way possible.

I say thank you to everyone involved, you guys/gals are what makes this place the best place to come to.
wetbiker7 likes this.
VoidedSaint is offline  
Reply With Quote
The Following User Says Thank You to VoidedSaint For This Useful Post:
Steven58 (July 10th, 2012)
Old July 10th, 2012, 03:13 PM   #12 (permalink)
AF Contributor
 
wetbiker7's Avatar
 
Join Date: Jun 2011
Location: Southern California
Gender: Male
Posts: 6,665
 
Device(s): SamsungGalaxy S3, LG Marquee, Asus TF300T 32GB w/ dock, SamsungGalaxy Prevail
Carrier: Boost

Thanks: 1,670
Thanked 2,702 Times in 1,823 Posts
Default

Quote:
Originally Posted by trophynuts View Post
like you said Things like this always have a possibility of happening. It seems as though it was handled accordingly. So thanks for that.
Quote:
Originally Posted by VoidedSaint View Post
i am also very surprised at how quick a solution was offered to everyone, it didnt take any time, and the matter got resolved very quickly. I am also glad to know that this community will gladly inform people of situations that arise, and want you to protect yourself in every way possible.

I say thank you to everyone involved, you guys/gals are what makes this place the best place to come to.
I agree. The MODs jumped on this 1 and got the word out pretty quickly. Nice job people.
wetbiker7 is online now  
Reply With Quote
The Following 2 Users Say Thank You to wetbiker7 For This Useful Post:
Russ71 (September 14th, 2012), VoidedSaint (July 10th, 2012)
Old July 10th, 2012, 03:15 PM   #13 (permalink)
Junior Member
 
Daino92's Avatar
 
Join Date: Sep 2010
Location: Colorado Springs, CO
Posts: 91
 
Device(s): Droid RAZR/Droid 2
Carrier: Not Provided

Thanks: 11
Thanked 11 Times in 11 Posts
Default

Thanks for the info, and great job keeping all of us safe and acting so swiftly.
Daino92 is offline  
Reply With Quote
Old July 10th, 2012, 03:23 PM   #14 (permalink)
Member
 
Join Date: Dec 2011
Location: Netherlands
Posts: 249
 
Device(s): Samsung Galaxy Ace GT-S5830
Carrier: Not Provided

Thanks: 16
Thanked 47 Times in 39 Posts
Default

Thanx!!! "You're simply the best!"
Marcha is offline  
Reply With Quote
Old July 10th, 2012, 03:36 PM   #15 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,035
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,696
Thanked 54,830 Times in 21,866 Posts
Default

Quote:
Originally Posted by wetbiker7 View Post
After changing my password, I just received this email:


Dear wetbiker7,

Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: [Redacted]
__________________________________________________ ______________

Whoever hacked AF got my password and tried to access my account. That sux man!

Thanks for the heads up. Glad I changed my password. I don't know if this IP will help you guys but if it does.... bust their ass will ya.
Sometimes that's an error generated by our app trying to log in or other web confusion.

To see if it's that or something worse, please google: my ip

And compare to that found in that sort of email.

To Phases and the Neverstill Team - thanks for being never still on our protection!
__________________
|

Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.

Links: Site Rules / Guidelines -and- Zero Tolerance Policy (All Members Read)


For right-on help, the Thanks button is on the right of the post.
For anything out in left field, the /!\ report button is to the left.

Remember, it's our forums and we're all in this together - so let's keep it cool!

Shoot the breeze at the best new gun forum!
EarlyMon is online now  
Last edited by Xyro; July 10th, 2012 at 04:16 PM.
Reply With Quote
The Following 4 Users Say Thank You to EarlyMon For This Useful Post:
Androman (July 12th, 2012), Granite1 (July 10th, 2012), marctronixx (July 10th, 2012), wetbiker7 (July 11th, 2012)
Old July 10th, 2012, 03:52 PM   #16 (permalink)
Senior Member
 
chrlswltrs's Avatar
 
Join Date: Nov 2009
Location: Seattle
Gender: Male
Posts: 6,741
 
Device(s): Nexus 4 w/ LTE
Carrier: T-Mobile

Thanks: 1,174
Thanked 1,785 Times in 1,163 Posts
Default

Thank you to all the staff that noticed the breech and acted so quickly!

And Phases, thank you for all the information about what exactly went down.
__________________
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God! I know not what course others may take; but as for me, give me liberty or give me death!"

-Patrick Henry, March 23, 1775
chrlswltrs is offline  
Reply With Quote
The Following User Says Thank You to chrlswltrs For This Useful Post:
Russ71 (September 14th, 2012)
Old July 10th, 2012, 04:02 PM   #17 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by VoidedSaint View Post
i am also very surprised at how quick a solution was offered to everyone, it didnt take any time, and the matter got resolved very quickly. I am also glad to know that this community will gladly inform people of situations that arise, and want you to protect yourself in every way possible.

I say thank you to everyone involved, you guys/gals are what makes this place the best place to come to.

The sysadmin Android Forums - View Profile: mAcRoS has set up a pretty snazzy intrusion detection system which gives us fast alerts if something seeming to gone bad. He normally pings me about it and then i do the coding bit of it. While he tends to feed me info from logs etc..

really its a simple mater of "no sleep" + "magic" == "fast turnarounds"




TVictory is offline  
Reply With Quote
The Following 14 Users Say Thank You to TVictory For This Useful Post:
9to5cynic (July 10th, 2012), Androman (July 12th, 2012), Atma (July 10th, 2012), blmbmj (July 13th, 2012), D-U-R-X (July 10th, 2012), DonB (July 10th, 2012), El Presidente (July 10th, 2012), GalaxyNexus (July 10th, 2012), Granite1 (July 10th, 2012), Hadron (July 10th, 2012), OfTheDamned (July 10th, 2012), scary alien (July 10th, 2012), sdrawkcab25 (July 10th, 2012), VoidedSaint (July 10th, 2012)
Old July 10th, 2012, 04:15 PM   #18 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Now i don't want to point fingers, but if anyone happens to see this guy, i would really like to bring him in for questioning:

DonB, Petrah, agentc13 and 5 others like this.
TVictory is offline  
Last edited by TVictory; July 10th, 2012 at 04:38 PM.
Reply With Quote
The Following 9 Users Say Thank You to TVictory For This Useful Post:
AntimonyER (July 10th, 2012), GalaxyNexus (July 10th, 2012), Granite1 (July 10th, 2012), Russ71 (September 14th, 2012), Rxpert83 (July 11th, 2012), scary alien (July 10th, 2012), shinru2004 (July 10th, 2012), Steven58 (July 10th, 2012), Xyro (July 10th, 2012)
Old July 10th, 2012, 04:15 PM   #19 (permalink)
Member
 
Red Hare's Avatar
 
Join Date: May 2012
Location: New England
Posts: 223
 
Device(s): Samsung Galaxy SII
Carrier: Not Provided

Thanks: 66
Thanked 8 Times in 8 Posts
Default

I am going to try and reset my password, but I cannot remember it? Can I still change it whan I am loged in, like now?

Also, well done, please keep us updated!
Red Hare is offline  
Reply With Quote
Old July 10th, 2012, 04:17 PM   #20 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by Red Hare View Post
I am going to try and reset my password, but I cannot remember it? Can I still change it whan I am loged in, like now?

Also, well done, please keep us updated!
Logout then click the reset password button, thanks!
TVictory is offline  
Reply With Quote
The Following 4 Users Say Thank You to TVictory For This Useful Post:
baldmosher (July 11th, 2012), Red Hare (July 10th, 2012), Rxpert83 (July 11th, 2012), Xyro (July 10th, 2012)
sponsored links
Old July 10th, 2012, 04:22 PM   #21 (permalink)
4 8 15 16 23 42
 
Xyro's Avatar
 
Join Date: Dec 2009
Location: UK
Posts: 11,991
 
Device(s): SGS3, Nexus 7, HTC Desire HD, HTC Hero (GSM)
Carrier: Orange

Thanks: 3,186
Thanked 7,189 Times in 3,840 Posts
xyro.af@gmail.com
Default

Further to EM's post, keep in mind that you will have a separate IP when connecting over your mobile data connection, so make sure to check that one too.

So far we have not seen any of the login error emails that cannot be explained by our own devices logging in witht he wrong password. We're more than happy to help people check their IP, however.

Quote:
Originally Posted by wetbiker7 View Post
After changing my password, I just received this email:


Dear wetbiker7,

Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: [Redacted]

__________________________________________________ ______________

Whoever hacked AF got my password and tried to access my account. That sux man!

Thanks for the heads up. Glad I changed my password. I don't know if this IP will help you guys but if it does.... bust their ass will ya.
Wetbiker, I've edited out that IP from your post. It would appear that you are on a dyanmic IP and the one you posted is from the range of IPs your internet provider usually provides you. So nothing to worry about there.
__________________
Site Rules/Guidelines

If you see a post that needs a mod's attention, hit the button.
Xyro is online now  
Reply With Quote
The Following 3 Users Say Thank You to Xyro For This Useful Post:
Russ71 (September 14th, 2012), Rxpert83 (July 11th, 2012), wetbiker7 (July 11th, 2012)
Old July 10th, 2012, 04:40 PM   #22 (permalink)
Member
 
Red Hare's Avatar
 
Join Date: May 2012
Location: New England
Posts: 223
 
Device(s): Samsung Galaxy SII
Carrier: Not Provided

Thanks: 66
Thanked 8 Times in 8 Posts
Default

Quote:
Originally Posted by TVictory View Post
Logout then click the reset password button, thanks!
Thanks, but I am scared, what if I cannot get back in?

OH, scratch that, I found my password. Wish me luck, and thanks to all!
Red Hare is offline  
Last edited by Red Hare; July 10th, 2012 at 04:43 PM.
Reply With Quote
Old July 10th, 2012, 04:43 PM   #23 (permalink)
Community Manager
Thread Author (OP)
 
Phases's Avatar
 
Join Date: Sep 2008
Location: Nashville, TN
Gender: Male
Posts: 7,016
 
Device(s): Galaxy Note 3
Carrier: Verizon

Thanks: 644
Thanked 15,610 Times in 3,009 Posts
phases78@gmail.com
Default

Red Hare, don't worry. If you have trouble just submit a contact form and let us know, I'll get ya right back in.
Phases is offline  
Reply With Quote
The Following 5 Users Say Thank You to Phases For This Useful Post:
droidsix (July 12th, 2012), GalaxyNexus (July 10th, 2012), marctronixx (July 10th, 2012), Red Hare (July 10th, 2012), Rxpert83 (July 11th, 2012)
Old July 10th, 2012, 04:47 PM   #24 (permalink)
Premium Member
 
dautley's Avatar
 
Join Date: Jul 2010
Location: Dickson, TN.
Posts: 1,696
 
Device(s): BIONIC XT875 JB .22/Rooted, Nexus 7 (16GB with CM10), Nexus 7 (32GB stock) Nexus 10 (32GB), LG Ally
Carrier: Not Provided

Thanks: 296
Thanked 445 Times in 291 Posts
Default

I tried posting a few times here and got security token invalid. Looks like its working now. Just thought I'd give you a heads up in case this might have been something caused by what happened.
*Edit* I just noticed the original message I tried to post in the attached photo appeared when I tried to "thank" Phases Op. I just went back and noticed my name wasn't in the thanks box after I hit the thanks button but as I said, its all working now.

http://i.imgur.com/qUWto.jpg
dautley is offline  
Last edited by dautley; July 10th, 2012 at 05:51 PM. Reason: Added info
Reply With Quote
Old July 10th, 2012, 04:54 PM   #25 (permalink)
Member
 
Red Hare's Avatar
 
Join Date: May 2012
Location: New England
Posts: 223
 
Device(s): Samsung Galaxy SII
Carrier: Not Provided

Thanks: 66
Thanked 8 Times in 8 Posts
Default

Quote:
Originally Posted by Phases View Post
Red Hare, don't worry. If you have trouble just submit a contact form and let us know, I'll get ya right back in.
OK, there was a brief glitch, I did find my password, and I have changed it, when I returned to click thabnks, i got error message. Sio i exeted android foru, and now baclk on was able to click thanks, thansk, and good luck
Red Hare is offline  
Last edited by Phases; July 10th, 2012 at 05:21 PM.
Reply With Quote
Old July 10th, 2012, 05:33 PM   #26 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: T-Mobile USA

Thanks: 1,152
Thanked 1,437 Times in 925 Posts
Default

Thank you for the notice!!

Edit: Huh... when did I hit 2k posts lol.
__________________
Forum Rules & Guidelines & Zero Tolerance Policy
Agree with a post? Hit Like! Someone help you? Hit Thanks!
See a naughty post or a thread in the wrong area? Hit Report!
Petrah is offline  
Reply With Quote
Old July 10th, 2012, 05:36 PM   #27 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,035
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,696
Thanked 54,830 Times in 21,866 Posts
Default

Quote:
Originally Posted by TVictory View Post
Now i don't want to point fingers, but if anyone happens to see this guy, i would really like to bring him in for questioning:

That's one of our mods.

Srsly.
TVictory, agentc13, Atma and 1 others like this.
EarlyMon is online now  
Reply With Quote
The Following User Says Thank You to EarlyMon For This Useful Post:
Granite1 (July 10th, 2012)
Old July 10th, 2012, 05:45 PM   #28 (permalink)
Senior Member
 
Atma's Avatar
 
Join Date: Dec 2011
Location: North Carolina
Gender: Male
Posts: 6,070
 
Device(s): Samsung Galaxy S4, Samsung Galaxy S2; Nexus 10
Carrier: T-Mobile

Thanks: 3,427
Thanked 2,901 Times in 1,850 Posts
Default

Thank you for being open, honest and straight forward with all the members. And for watching our backs.

I applaud you all.





Atma is offline  
Reply With Quote
Old July 10th, 2012, 06:11 PM   #29 (permalink)
Member
 
slimchance's Avatar
 
Join Date: May 2011
Location: UK
Gender: Male
Posts: 116
 
Device(s): Samsung S3 Mini i8190N Rooted and running Maclaw's Slim Rom 4.3 with TWRP recovery. Wildfire S (R
Carrier: Not Provided

Thanks: 19
Thanked 25 Times in 22 Posts
Default

Thanks for your prompt action and advice. I changed my password immediately and had no problem in changing my Tapatalk password.
slimchance is offline  
Reply With Quote
Old July 10th, 2012, 06:16 PM   #30 (permalink)
Senior Member
 
colchiro's Avatar
 
Join Date: Jun 2010
Gender: Male
Posts: 8,852
 
Device(s): HP TouchPad, Samsung Galaxy Note II, Dell Venue 11 Pro
Carrier: Verizon

Thanks: 833
Thanked 1,810 Times in 1,403 Posts
Default

Am I the only one upset at having to (again) change all my forum and email passwords? We hear about hacking attempts all the time. The time to harden the servers was when you heard of other servers being compromised.... waaay before last week.

I'm seriously hoping this was a wake-up call and you'll be more pro-active going forward.

Also, this little message at the top of the forum is not enough enough. I was on this forum for 3 hours before noticing the message at the top. I believe the standard is to EMAIL all users. Not everyone checks in daily. Not everyone is active.

Congrats for keeping the server up and checking for malware, but IMO, there's room for improvement.
javaman70 likes this.
colchiro is offline  
Reply With Quote
The Following 3 Users Say Thank You to colchiro For This Useful Post:
baldmosher (July 11th, 2012), Jacob32123 (July 12th, 2012), javaman70 (July 12th, 2012)
sponsored links
Old July 10th, 2012, 06:41 PM   #31 (permalink)
Member
 
dogdayz's Avatar
 
Join Date: May 2012
Location: Ogden Utah
Gender: Male
Posts: 120
 
Device(s): PCD Chaser rooted Google nexus 7
Carrier: virgin mobile

Thanks: 10
Thanked 12 Times in 12 Posts
Estevan.Sepulveda@gmail.c
Default

Thanks for the posted alert and keeping us save awesome team u guys are
dogdayz is offline  
Reply With Quote
Old July 10th, 2012, 07:14 PM   #32 (permalink)
Daleks Über Alles
 
agentc13's Avatar
 
Join Date: Aug 2011
Location: Skaro
Posts: 7,839
 
Device(s): HTC One S, Kindle Fire
Carrier: T-Mobile USA

Thanks: 4,106
Thanked 5,382 Times in 2,789 Posts
Default

Quote:
Originally Posted by TVictory View Post
Now i don't want to point fingers, but if anyone happens to see this guy, i would really like to bring him in for questioning:

Quote:
Originally Posted by EarlyMon View Post
That's one of our mods.

Srsly.
It wasn't me, I swear!
agentc13 is offline  
Reply With Quote
The Following 2 Users Say Thank You to agentc13 For This Useful Post:
Granite1 (July 10th, 2012), Rxpert83 (July 11th, 2012)
Old July 10th, 2012, 07:19 PM   #33 (permalink)
AF Addict
 
AntimonyER's Avatar
 
Join Date: Jun 2010
Location: Statesboro, GA
Posts: 13,546
 
Device(s): Droid DNA, Nexus 7 16GB
Carrier: Verizon

Thanks: 5,016
Thanked 9,309 Times in 4,999 Posts
Default

Thanks to Phases, TVic, and everyone else.
__________________
Site Rules & Guidelines
Got some help? Hit Thanks!
See something you like? Hit Like!
See something you hate? Hit Report!
AntimonyER is online now  
Reply With Quote
Old July 10th, 2012, 07:39 PM   #34 (permalink)
New Member
 
Join Date: Dec 2011
Location: Gladstone,mo
Posts: 2
 
Device(s): LG Thrill 4G (Optimus 3D)
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

i will let my friends over at android.net know about these attacks they use the same software and tell them to be on the look out for these kinds of attacks this is serious stuff
dawn1berlitz is offline  
Reply With Quote
Old July 10th, 2012, 07:49 PM   #35 (permalink)
Senior Member
 
darkcyber's Avatar
 
Join Date: Nov 2009
Location: North Alabama
Gender: Male
Posts: 1,438
 
Device(s): Samsung Note 3
Carrier: Verizon

Thanks: 754
Thanked 141 Times in 103 Posts
Default

Thanks for the hard work guys and gals! I know it's a hard job.
darkcyber is offline  
Reply With Quote
Old July 10th, 2012, 07:56 PM   #36 (permalink)
ROM Developer
 
shinru2004's Avatar
 
Join Date: Nov 2011
Location: Louisville
Posts: 1,725
 
Device(s): Warp Sequent: Awesome Android RC-1
Carrier: Boost Mobile

Thanks: 183
Thanked 1,508 Times in 681 Posts
Default

The team on this site is amazing, they jumped right on it in a split second. Had all staff aware of pending password changes. Its because of the incredible team here that makes me feel happy to be a guide!
__________________
If you have a question please check the All things root Guide before asking something silly.

If you enjoy my work or just wanna say thank you hit thanks in my OP's
shinru2004 is offline  
Reply With Quote
Old July 10th, 2012, 08:17 PM   #37 (permalink)
Member
 
FeedbakBWR's Avatar
 
Join Date: May 2012
Location: Kingston, ON
Posts: 117
 
Device(s): HTC One X
Carrier: Not Provided

Thanks: 31
Thanked 7 Times in 7 Posts
Default

Would the username/passwords not be encrypted in the database?
FeedbakBWR is offline  
Reply With Quote
Old July 10th, 2012, 08:18 PM   #38 (permalink)
Zercron Encrusted Tweezer
 
Granite1's Avatar
 
Join Date: Dec 2010
Location: Pittsburgh, PA
Gender: Male
Posts: 6,479
 
Device(s): EL TEvo, The OG (wife), Hero (retired)
Carrier: Sprint

Thanks: 11,194
Thanked 6,349 Times in 3,385 Posts
Default

Quote:
Originally Posted by TVictory View Post
Now i don't want to point fingers, but if anyone happens to see this guy, i would really like to bring him in for questioning:

AC13 is on double secret probation LOL!!

All kidding aside, thanks for the quick action, and a special thanks to Steven for helping me out yesterday.
agentc13 likes this.
__________________
"Not everything that counts can be counted, and not everything that can be counted counts." Albert Einstein
Granite1 is offline  
Reply With Quote
Old July 10th, 2012, 08:22 PM   #39 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 21,691
 
Device(s): Note II, S3, Moto X Developer Edition, Nexus 7 (2012 & 2013)
Carrier: Not Provided

Thanks: 13,120
Thanked 14,244 Times in 7,812 Posts
Default

Quote:
Originally Posted by FeedbakBWR View Post
Would the username/passwords not be encrypted in the database?
Generally username aren't but the passwords are. I think (if they were able to grab the DB) they may be able to gain access using the encrypted password to other site where you used the same one. It is very tricky as they would need to know your username as well as well as gain file access to that site. They shouldn't be able to decrypt the password either as that is damn near impossible assuming the site software uses a reasonable encryption methodology and the key isn't ridiculously simple.
Unforgiven is online now  
Reply With Quote
Old July 10th, 2012, 08:25 PM   #40 (permalink)
LG Whiz Kid
 
sammyz's Avatar
 
Join Date: Jun 2011
Location: Fort Lauderdale, FL
Gender: Male
Posts: 8,351
 
Device(s): LG Motion 4G---- LG Optimus L9
Carrier: MetroPCS

Thanks: 2,083
Thanked 2,102 Times in 1,403 Posts
Default

I'm wondering if Favorites are gone because of this or not?
__________________
With some reading of threads and asking questions, newbies become experts.
sammyz is offline  
Reply With Quote
sponsored links
Old July 10th, 2012, 08:26 PM   #41 (permalink)
Junior Member
 
Join Date: Jan 2011
Posts: 48
 
Device(s):
Carrier: Not Provided

Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by VoidedSaint View Post
i am also very surprised at how quick a solution was offered to everyone, it didnt take any time, and the matter got resolved very quickly. I am also glad to know that this community will gladly inform people of situations that arise, and want you to protect yourself in every way possible.

I say thank you to everyone involved, you guys/gals are what makes this place the best place to come to.
A "solution" shouldn't have been needed. This type of thing should not have happened in the first place.
dervari is offline  
Reply With Quote
Old July 10th, 2012, 08:31 PM   #42 (permalink)
Member
 
isaemm's Avatar
 
Join Date: Jun 2010
Location: NorCal
Gender: Male
Posts: 327
 
Device(s): EVO 4G, EVO 3D, One S, Samsung Galaxy Tab 2, MTK6585
Carrier: Big Magenta

Thanks: 45
Thanked 41 Times in 37 Posts
Default

Quote:
Originally Posted by wetbiker7 View Post
After changing my password, I just received this email:


Dear wetbiker7,

Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: [Redacted]
I have been getting this same message all day since I changed my password and finally realized its my Phandroid that is trying to login with my old password. I updated my password on the app on my phone and it is all fixed now.
__________________
Man who go to bed with itchy butt, wake up with smelly finger.
isaemm is offline  
Last edited by agentc13; July 10th, 2012 at 10:25 PM. Reason: foxed quote tag
Reply With Quote
The Following User Says Thank You to isaemm For This Useful Post:
xfuchsiax (July 14th, 2012)
Old July 10th, 2012, 08:32 PM   #43 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by FeedbakBWR View Post
Would the username/passwords not be encrypted in the database?

They are one way hashed. They are not clear text passwords, like the only way i could see what a users password was is if i got there one way hashed password and then tried every combination of characters i could think of run it through the same hasing algorithm and if the two match then i know your password. Its actually quite secure if you can throttle how fast you can try combinations of characters like we do with only allowing 5 attempts and then waiting 15 minutes, but if they have just the hash they can try many combinations very fast with a program. If you password is very random then it probably won't be found.

For instance lets say you had a password of just lower case letters and it was 8 letters long. that would be 23^8 == 78310985281 different possible passwords, that in the hackers "worse case" have to be tried and hashed, not impossible, but not trivial either. If you had upper case letters as well as lower case then 46^8 == 20047612231936 so even harder. This assumes that your password is just random letters, if you have some word or combination of words you can find in the dictionary, or a birthday, or something else common, then they could try these first and make the attack easier.
TVictory is offline  
Reply With Quote
The Following 6 Users Say Thank You to TVictory For This Useful Post:
El Presidente (July 11th, 2012), FeedbakBWR (July 10th, 2012), Granite1 (July 11th, 2012), scary alien (July 10th, 2012), Trooper (July 12th, 2012), Unforgiven (July 10th, 2012)
Old July 10th, 2012, 08:34 PM   #44 (permalink)
~Play Nice~
 
Unforgiven's Avatar
 
Join Date: Jun 2010
Location: Douglas, MA
Gender: Male
Posts: 21,691
 
Device(s): Note II, S3, Moto X Developer Edition, Nexus 7 (2012 & 2013)
Carrier: Not Provided

Thanks: 13,120
Thanked 14,244 Times in 7,812 Posts
Default

Quote:
Originally Posted by dervari View Post
A "solution" shouldn't have been needed. This type of thing should not have happened in the first place.
As someone who spent 10+ years as a Web Master for a $26 billion a year manufacturing company managing 50+ web domains (with a 40+ person IT team in charge of security), I can say that as admins and staff get smarter so do hackers. The CIA, FBI, credit card companies and processers, etc. get hacked every day.
Unforgiven is online now  
Reply With Quote
The Following 5 Users Say Thank You to Unforgiven For This Useful Post:
Crashumbc (July 12th, 2012), Helloneumann (July 11th, 2012), linuxrich (July 12th, 2012), NightAngel79 (July 10th, 2012), Trooper (July 12th, 2012)
Old July 10th, 2012, 08:39 PM   #45 (permalink)
Senior Member
 
trophynuts's Avatar
 
Join Date: Jul 2010
Location: SouthEastern US
Posts: 5,497
 
Device(s): Iphone 5
Carrier: Verizon

Thanks: 1,823
Thanked 1,849 Times in 1,183 Posts
Default

Quote:
Originally Posted by colchiro View Post
Also, this little message at the top of the forum is not enough enough. I was on this forum for 3 hours before noticing the message at the top.
i actually agree with this as well. It's 4 tiny words in Red. Most users ignore the bold letters that says sticky

It would probably be better to have a bigger banner notification at the top of the forum. It too took me an hour or so before i saw it today once i got logged in.
trophynuts is offline  
Reply With Quote
Old July 10th, 2012, 08:47 PM   #46 (permalink)
Senior Member
 
9to5cynic's Avatar
 
Join Date: Feb 2011
Location: /home/
Posts: 4,858
 
Device(s): Galaxy S3 (Verizon) Evo 4G - retired/rooted
Carrier: Verizon

Thanks: 3,066
Thanked 1,762 Times in 1,189 Posts
Send a message via AIM to 9to5cynic
Default

I'm not saying other sites would not do this, but I'm glad that AF admins chose to disclose this information. I think it was not only the right thing to do, but also responsible and shows that they have our best interests at heart.

And anyone who reuses email/password/username might want to change those other ones as well.... never hurts right
9to5cynic is offline  
Reply With Quote
Old July 10th, 2012, 08:52 PM   #47 (permalink)
Resident Linux Nutcase
 
Prinny's Avatar
 
Join Date: Apr 2012
Location: Greenville, SC
Gender: Male
Posts: 3,479
 
Device(s): Samsung Galaxy Note LTE
Carrier: T-Mobile

Thanks: 653
Thanked 1,037 Times in 721 Posts
Default

Quote:
Originally Posted by 9to5cynic View Post
I'm not saying other sites would not do this, but I'm glad that AF admins chose to disclose this information. I think it was not only the right thing to do, but also responsible and shows that they have our best interests at heart.

And anyone who reuses email/password/username might want to change those other ones as well.... never hurts right
I agree with you entirely on this. I changed my password immediately, and I also changed my email password, though they are different. Could not hurt to be safe anyway.
__________________
Want to brighten my day? Feel free to donate
Prinny is offline  
Reply With Quote
Old July 10th, 2012, 08:53 PM   #48 (permalink)
Senior Member
 
colchiro's Avatar
 
Join Date: Jun 2010
Gender: Male
Posts: 8,852
 
Device(s): HP TouchPad, Samsung Galaxy Note II, Dell Venue 11 Pro
Carrier: Verizon

Thanks: 833
Thanked 1,810 Times in 1,403 Posts
Default

I just spent 2 hours changing forum and email passwords for work and home and still have a tablet left.
colchiro is offline  
Reply With Quote
Old July 10th, 2012, 09:15 PM   #49 (permalink)
Member
 
Join Date: Jan 2011
Posts: 243
 
Device(s): LG Esteem,Galaxy Indulge sch-r910,LG Optimus M MS690
Carrier: Not Provided

Thanks: 82
Thanked 21 Times in 16 Posts
Default

Quote:
Originally Posted by sammyz View Post
I'm wondering if Favorites are gone because of this or not?
+1
__________________
**************************
This is not my first rodeo. Ha-Ha
**************************
BRIAN5337 is online now  
Reply With Quote
Old July 10th, 2012, 10:09 PM   #50 (permalink)
Member
 
TVictory's Avatar
 
Join Date: Aug 2010
Posts: 161
 
Device(s):
Carrier: Not Provided

Thanks: 52
Thanked 256 Times in 71 Posts
Default

Quote:
Originally Posted by BRIAN5337 View Post
+1

They should be back now, let me know.
TVictory is offline  
Reply With Quote
Reply


Go Back   Android Forums > Community Info & Talk > Site Updates & Announcements
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 06:59 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.