1. Download our Official Android App: Forums for Android!

Thread Status:
Not open for further replies.

Important Notice - Security Breach

Discussion in 'Site Updates & Announcements' started by Phases, Jul 10, 2012.

  1. Phases

    Phases Community Manager
    Administrator Thread Starter
    Rank:
     #14
    Points:
    1,503
    Posts:
    9,015
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,015
    20,354
    1,503
    Male
    IT, Vbulletin and Xenforo Administrator
    Nashville, TN
    Before reading this - please take a moment to change your password on androidforums.com. This can be done while logged in through your UserCP, or using the "forgot your password?" page if logged out.


    I have some unfortunate news to pass along. Yesterday I was informed by our sever/developer team that the server hosting androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical).

    The trust of our users is extremely important and several staff members worked through the afternoon, evening, night, and morning to ensure we're doing everything possible to regain complete security.

    Here are the facts:

    - The exploit used has been identified and resolved. The server has been further hardened and extra "just in case" actions have been taken.. and will continue to be taken.

    - All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads.

    - No other sites in our network appear to have been accessed (we're triple checking).

    - The user table of AndroidForum's database was (at a minimum) accessed. While we can't prove or disprove whether or not the data was downloaded (due to the way the data was transferred), it's completely possible.. and we've taken action assuming this is the case.

    - Information in the user database includes: Unique ids, usernames, emails, hashed (encoded) and salted passwords, registration IP addresses, usergroup memberships, infraction levels, last time online, last post date, post count... as well as far less critical things like number of PMs, visitor messages, last online dates, and some vbulletin options set in your UserCP.

    - Immediately following the incident, all ~100 staff were notified of a pending password change - and all passwords to were changed to random strings. Almost all are back in with new passwords. Because gaining access to a staff member account could pose the biggest threat, we first moved to secure these accounts.

    What Probably Happened

    This was, in our current opinion, most likely an e-mail harvesting attempt. A spammer could theoretically attempt to bulk e-mail all AF users with the user database. Luckily, GMail and similar e-mail services offer a "spam" button that helps it to collectively identify and automatically filter potential spam.

    It's also absolutely possible that nothing of consequence happened. There is some chance they did not get enough of the database to matter, did this for fun to see if they could, or will not move forward with any plans after finding out we're actively investigating. This is a serious offense and you can best bet we are doing just that.

    What Could Happen?

    We take matters like these incredibly seriously and want to make sure you're warned of ALL the possibilities, regardless of how slim the chances. You can never be too safe, so we're asking you to consider the possibilities and protect accordingly.

    - This could be someone who is upset with us who hopes to use the information against staff

    - With username, email, and IP information, a skilled hacker could pretend to be other users.

    - They could blackmail us and threaten to publish the information publicly.

    - Knowing your IP one can get a general idea of where you are located in the world, though most your IPs are dynamic and will change before too long anyway.

    - With a username and hashed password one could open a session with accounts on other sites that use the same credentials - if they gain file level access to that site first. These were salted passwords which adds to the complexity, but nonetheless we recommend playing it safe.

    What should you do?

    Although we're confident the threat is neutralized it is still highly recommended that you change your password here and on other sites where you use the same username/password. This can be done while logged in through your UserCP, or using the "forgot your password?" page if logged out. You can also contact me via PM or Contact Form and we will help you if you need.

    No website wants to make an announcement like this. I assure you we, as the Neverstill Team, could not apologize profusely enough. Websites come under attack all time time - and sometimes the bad guys make it in. Unfortunately for us, yesterday was our time. We have been attacked before but never breached, and please know we are going to continue to do everything in our power to ensure it doesn't happen again.

    If you have any questions please let us know - we will do our best to answer them. I will leave this thread open for discussion as long as it remains productive.

    -Phases, Rob, and the Neverstill Team

    UPDATE: I forgot to mention. If you are using an Android Application to access the forums (Tapatalk, Phandroid App) - they will not register the password change and may flood your email with "someone has tried to access your account" emails. Unfortunately the only advice I have for that is to uninstall/re-install the app, if you cannot change your password from within.

    UPDATE 2: If you are requesting account deletions, please email me at phases@phandroid.com with the email account you registered with. Thanks for understanding.

    UPDATE 3:Rob's weighs in on why no mass email was sent - here.

     

    Advertisement

  2. DonB

    DonB ♡ Truth, Justice and the American Way !! ♡ ™
    Moderator
    Rank:
     #17
    Points:
    1,423
    Posts:
    19,383
    Joined:
    Nov 30, 2009

    Nov 30, 2009
    19,383
    8,113
    1,423
    Male
    18th Hole Of the Golf Course
    All I can say is WOW, in the diligence and efficient fast work in neutralizing this matter, you guys Rock and I am sure every member here knows that you have there best security and interest in mind. Thanks for all you do and we all appreciate the hard work that you all do to keep us protected and this site running, Well Done :congrats:
     
    Mkulima, Russ71, inferno9209 and 10 others like this.
  3. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,706
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,706
    34,101
    4,238
    Male
    Douglas, MA
    Let me one to thank Phases, the developers, moderators, and anyone else that helped. I'm sure it was/is a struggle.
     
    Mkulima, Russ71, Sisteract and 5 others like this.
  4. dawnierae

    dawnierae Android Expert
    Rank:
     #120
    Points:
    233
    Posts:
    1,261
    Joined:
    May 1, 2010

    May 1, 2010
    1,261
    875
    233
    Insurance for fancy ass resorts
    VA
    Absolutely fantastic, informative post. Thank you and the entire staff for your diligence in not only responding to the breach, but keeping us so well informed. KUDOS to all of you!:D
     
  5. aboatright

    aboatright Android Expert
    Rank:
     #132
    Points:
    213
    Posts:
    1,117
    Joined:
    Aug 24, 2011

    Aug 24, 2011
    1,117
    563
    213
    Male
    Degenerate Droid Development, M.G.D LLC.
    Orlando,FL
    Thank you so very much for continuing the awesome protection you guys give every member. I applaud your work as does everyone else I'm sure. Thanks again for the announcement.
     
    droidsix likes this.
  6. D-U-R-X

    D-U-R-X turbo drinker
    Rank:
    None
    Points:
    1,343
    Posts:
    16,881
    Joined:
    Apr 20, 2011

    Apr 20, 2011
    16,881
    7,193
    1,343
    Work to live, not the other way round!!
    Sheffield, South Yorkshire
    Nobody wants to see this sort of thing happen, but it's good to know that you and the team have our backs!

    Thanks again!!
     
    droidsix likes this.
  7. Ramzes13

    Ramzes13 Android Enthusiast
    Rank:
    None
    Points:
    63
    Posts:
    269
    Joined:
    Jan 29, 2010

    Jan 29, 2010
    269
    49
    63
    Electonics Geek
    NJ
    could not have said it better myself.
     
    droidsix likes this.
  8. wetbiker7

    wetbiker7 Android Expert
    Rank:
    None
    Points:
    333
    Posts:
    7,475
    Joined:
    Jun 27, 2011

    Jun 27, 2011
    7,475
    3,426
    333
    Male
    USN Vet. / Certified Drug and Alcohol Abuse Counse
    So-Cal
    After changing my password, I just received this email:


    Dear wetbiker7,

    Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

    The person trying to log into your account had the following IP address: [Redacted]

    ________________________________________________________________

    Whoever hacked AF got my password and tried to access my account. That sux man!

    Thanks for the heads up. Glad I changed my password. I don't know if this IP will help you guys but if it does.... bust their ass will ya.
     
    Russ71 likes this.
  9. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,706
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,706
    34,101
    4,238
    Male
    Douglas, MA
    You will need to change your password in any forum app that you use (e.g. AF forum app, tapatalk, forum runner, etc.) or they will continue to try and log in under your old credentials.
     
    Lks Lks, wetbiker7 and Steven58 like this.
  10. trophynuts

    trophynuts Android Expert
    Rank:
    None
    Points:
    313
    Posts:
    5,630
    Joined:
    Jul 6, 2010

    Jul 6, 2010
    5,630
    1,792
    313
    I work in a Tech related field. Have been in a tec
    SouthEastern US
    like you said Things like this always have a possibility of happening. It seems as though it was handled accordingly. So thanks for that.
     
    Unforgiven likes this.
  11. VoidedSaint

    VoidedSaint Resident Ninja
    Rank:
    None
    Points:
    323
    Posts:
    8,201
    Joined:
    Feb 10, 2010

    Feb 10, 2010
    8,201
    2,090
    323
    Male
    Virginia
    i am also very surprised at how quick a solution was offered to everyone, it didnt take any time, and the matter got resolved very quickly. I am also glad to know that this community will gladly inform people of situations that arise, and want you to protect yourself in every way possible.

    I say thank you to everyone involved, you guys/gals are what makes this place the best place to come to.
     
    Steven58 likes this.
  12. wetbiker7

    wetbiker7 Android Expert
    Rank:
    None
    Points:
    333
    Posts:
    7,475
    Joined:
    Jun 27, 2011

    Jun 27, 2011
    7,475
    3,426
    333
    Male
    USN Vet. / Certified Drug and Alcohol Abuse Counse
    So-Cal
    I agree. The MODs jumped on this 1 and got the word out pretty quickly. Nice job people. :)
     
    Russ71 and VoidedSaint like this.
  13. Daino92

    Daino92 Well-Known Member
    Rank:
    None
    Points:
    18
    Posts:
    91
    Joined:
    Sep 20, 2010

    Sep 20, 2010
    91
    11
    18
    Colorado Springs, CO
    Thanks for the info, and great job keeping all of us safe and acting so swiftly. :)
     
  14. Marcha

    Marcha Well-Known Member
    Rank:
    None
    Points:
    63
    Posts:
    249
    Joined:
    Dec 29, 2011

    Dec 29, 2011
    249
    48
    63
    Netherlands
    Thanx!!! "You're simply the best!"
     
  15. EarlyMon

    EarlyMon The PearlyMon
    Rank:
     #1
    Points:
    5,218
    Posts:
    57,632
    Joined:
    Jun 10, 2010

    Jun 10, 2010
    57,632
    70,421
    5,218
    New Mexico, USA
    Sometimes that's an error generated by our app trying to log in or other web confusion.

    To see if it's that or something worse, please google: my ip

    And compare to that found in that sort of email.

    To Phases and the Neverstill Team - thanks for being never still on our protection!
     
  16. chrlswltrs

    chrlswltrs Android Expert
    Rank:
    None
    Points:
    333
    Posts:
    6,728
    Joined:
    Nov 12, 2009

    Nov 12, 2009
    6,728
    1,791
    333
    Male
    Private Security
    Seattle
    Thank you to all the staff that noticed the breech and acted so quickly!

    And Phases, thank you for all the information about what exactly went down. :thumbup:
     
    Russ71 likes this.
  17. TVictory

    TVictory Well-Known Member
    Rank:
    None
    Points:
    88
    Posts:
    160
    Joined:
    Aug 18, 2010

    Aug 18, 2010
    160
    256
    88

    The sysadmin Android Forums - View Profile: mAcRoS has set up a pretty snazzy intrusion detection system which gives us fast alerts if something seeming to gone bad. He normally pings me about it and then i do the coding bit of it. While he tends to feed me info from logs etc..

    really its a simple mater of "no sleep" + "magic" == "fast turnarounds"




     
    blmbmj, Lks Lks, VoidedSaint and 11 others like this.
  18. TVictory

    TVictory Well-Known Member
    Rank:
    None
    Points:
    88
    Posts:
    160
    Joined:
    Aug 18, 2010

    Aug 18, 2010
    160
    256
    88
    Now i don't want to point fingers, but if anyone happens to see this guy, i would really like to bring him in for questioning:

    [​IMG]
     
    Russ71, Rxpert83, scary alien and 6 others like this.
  19. Red Hare

    Red Hare Newbie
    Rank:
    None
    Points:
    35
    Posts:
    21
    Joined:
    May 14, 2012

    May 14, 2012
    21
    0
    35
    New England
    I am going to try and reset my password, but I cannot remember it? Can I still change it whan I am loged in, like now?

    Also, well done, please keep us updated!
     
  20. TVictory

    TVictory Well-Known Member
    Rank:
    None
    Points:
    88
    Posts:
    160
    Joined:
    Aug 18, 2010

    Aug 18, 2010
    160
    256
    88
    Logout then click the reset password button, thanks!
     
  21. Xyro

    Xyro 4 8 15 16 23 42
    Moderator
    Rank:
     #18
    Points:
    1,413
    Posts:
    12,878
    Joined:
    Dec 1, 2009

    Dec 1, 2009
    12,878
    9,199
    1,413
    UK
    Further to EM's post, keep in mind that you will have a separate IP when connecting over your mobile data connection, so make sure to check that one too.

    So far we have not seen any of the login error emails that cannot be explained by our own devices logging in witht he wrong password. We're more than happy to help people check their IP, however.

    Wetbiker, I've edited out that IP from your post. It would appear that you are on a dyanmic IP and the one you posted is from the range of IPs your internet provider usually provides you. So nothing to worry about there.
     
    Russ71, Rxpert83 and wetbiker7 like this.
  22. Red Hare

    Red Hare Newbie
    Rank:
    None
    Points:
    35
    Posts:
    21
    Joined:
    May 14, 2012

    May 14, 2012
    21
    0
    35
    New England
    Thanks, but I am scared, what if I cannot get back in?

    OH, scratch that, I found my password. Wish me luck, and thanks to all!
     
  23. Phases

    Phases Community Manager
    Administrator Thread Starter
    Rank:
     #14
    Points:
    1,503
    Posts:
    9,015
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,015
    20,354
    1,503
    Male
    IT, Vbulletin and Xenforo Administrator
    Nashville, TN
    Red Hare, don't worry. If you have trouble just submit a contact form and let us know, I'll get ya right back in. :)
     
  24. dautley

    dautley Android Expert
    Rank:
    None
    Points:
    253
    Posts:
    1,823
    Joined:
    Jul 23, 2010

    Jul 23, 2010
    1,823
    502
    253
    Dickson, TN.
    I tried posting a few times here and got security token invalid. Looks like its working now. Just thought I'd give you a heads up in case this might have been something caused by what happened.
    *Edit* I just noticed the original message I tried to post in the attached photo appeared when I tried to "thank" Phases Op. I just went back and noticed my name wasn't in the thanks box after I hit the thanks button but as I said, its all working now.

    http://i.imgur.com/qUWto.jpg[​IMG]
     
  25. Red Hare

    Red Hare Newbie
    Rank:
    None
    Points:
    35
    Posts:
    21
    Joined:
    May 14, 2012

    May 14, 2012
    21
    0
    35
    New England
    OK, there was a brief glitch, I did find my password, and I have changed it, when I returned to click thabnks, i got error message. Sio i exeted android foru, and now baclk on was able to click thanks, thansk, and good luck :)
     

Share This Page

Loading...