Important Notice - Security Breach


Last Updated:

  1. jerofld

    jerofld Fixing stuff is not easy VIP Member

    Yeah, everyone knows that you use an iPod touch and wouldn't be caught dead using an iPod color (or whatever it is).

    Advertisement
  2. Unicorn512

    Unicorn512 Well-Known Member

    I also received the following msg (twice) after I canged passwords.

    Dear Unicorn512, Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes. The person trying to log into your account had the following IP address: 174.253.187.214 All the best, Android Forums

    I checked and it's the VZN supplied address on my DROID3. Then it occurred to me that the Phandroid app on my phone must be the cause, so I uninstalled it.
  3. dautley

    dautley VIP Member VIP Member

    Isn't accusing someone of using a Fruity product on a Android forum against some kind of TOS?:D
    jmar likes this.
  4. testify585

    testify585 Member

  5. Cam

    Cam Well-Known Member

    Phases,

    I changed my password earlier today as soon as I saw your notice, and this evening between 5:02 and 6:18PM Central Time there were four failed login attempts on my account. I was out eating dinner with my wife at the time, so I know for a fact that it wasn't me.

    It seems to me that there is a high probability that whomever compromised your database is in fact trying to use that information to gain access to user accounts.

    FYI...
  6. Unforgiven

    Unforgiven -.. --- - / -.. .- ... .... Moderator

    If you have any apps on your phone that connect to AF you need to resetu your password on them. They will continue to try and connect to AF using your old credentials and cause those messages. Accross 3 PCs and 2 phones I had to update passwords 28 times.
  7. Cam

    Cam Well-Known Member

    I'll do that, but those apps (Tapatalk) were not running on my phone or tablet, even in the background. Don't they have to be running for that to happen?
  8. Xyro

    Xyro 4 8 15 16 23 42 Moderator

    Do you have subscription or pm notifications on in tapatalk?
    Cam and Unforgiven like this.
  9. Unforgiven

    Unforgiven -.. --- - / -.. .- ... .... Moderator

    ^^^ that's the key, they check in for any push notifications. I had Forum Runner and Tapatalk both trying to check for PM's.
    Cam likes this.
  10. Cam

    Cam Well-Known Member

    No and no. I just checked again to be sure. However, I certainly acknowledge that Tapatalk could have been the culprit, since I didn't change my password in that app until until just now. Like I said, Tapatalk wasn't running at all as far as I know, but who knows? That does seem more plausible than some hacker trying to use my account out of the thousands and thousands of accounts on AF...

    Edit: Nevermind, I did have those settings turned on in Tapatalk. That must have been it.
    Xyro and Unforgiven like this.
  11. mamawm

    mamawm Well-Known Member

    i changed my password on my computer bright and early this morning and soon after received 3 notices that someone was attempting to log into my account with an incorrect password. i do have the phandroid app loaded on both my phone and tablet. i ran the network info app and realized that the ip address trying to access my account was the external ip for my isp. so i just opened the phandroid app on both phone and tablet and signed out, then waited the 15 minutes and resigned in. no more notices. all is good.
  12. Leemann

    Leemann Well-Known Member

    The Doctor is coming...........

    Thanks for the quick response.
    Lee
  13. EarlyMon

    EarlyMon The PearlyMon Moderator

    Yep, recall it clearly and the response given was coordinated with admin with the best information at the time - but definitely, your query was escalated. ;)
  14. laptopquestion

    laptopquestion Well-Known Member

    I changed my password....

    Do I win something :) ?
  15. Sharondippity

    Sharondippity Dismember VIP Member

    I made you a cupcake but I ated it :)
  16. trialnerror

    trialnerror Well-Known Member

    Thank You ;

    To all involved in finding and fixing some evil persons attempt . :)
    I for one am very appreciative of this.. and thanks again.
  17. chaz_uk

    chaz_uk Well-Known Member

    qwertyuiop

    No one will guess mine! :D

    (Thanks for the warning)
  18. Crashumbc

    Crashumbc Well-Known Member

    agreed, THIS IS HOW A BREACH SHOULD BE HANDLED !!!!


    It's really sad a "hobby/user forum" (no offense) can get it "right", but banks,online retailers, etc. fail so miserably.

    Thank you.
  19. Crashumbc

    Crashumbc Well-Known Member


    Then the "security" fault lies with YOU, not AF...

    using the same password everywhere is beyond bad.

    I could see using the same password across forums, but e-mail? NEVER...

    Please review your security practices before complaining about others... (glass houses and all that stuff)
  20. Crashumbc

    Crashumbc Well-Known Member

  21. trparky

    trparky Well-Known Member

    I changed my password for this site, no issues at all. Luckily, this was one of the many sites that I've already converted the password over to a completely randomly generated password. The old password was 12 characters long, the new password is 16 characters long.

    It has been said before by some people that you shouldn't use the same password for every site that you use. I personally use a randomly generated password for about 75% of all web sites that I have accounts on and save these passwords in my Roboform data.
  22. thornev

    thornev Well-Known Member

    Yeah, my band's web site hosted by 1&1 was attacked yesterday. Somehow they got into my main web page and altered it to call an install of a virus. Took me 2 hours to clean off my computer and remove the virus call.
  23. Crashumbc

    Crashumbc Well-Known Member


    One Ring to rule them all, One Ring to find them, One Ring to bring them all, And in the darkness bind them

    :p
  24. Loota

    Loota Well-Known Member

    Thanks for being so forthcoming!
  25. I'm glad the exploit was secured.

    FYI.. There is a GIANT difference between a vbulletin forum and the framework a bank or most online retailers run :rolleyes:

Share This Page