1. Are you ready for the Galaxy S20? Here is everything we know so far!
Thread Status:
Not open for further replies.

Important Notice - Security Breach

Discussion in 'Site Updates & Announcements' started by Phases, Jul 10, 2012.

  1. Phases

    Thread Starter

    Thank you for the report - passing it up to Rob.

    Unless that password is what you use for your gmail account - they wouldn't (shouldn't?) be related. If it is.. it is my understanding the way the passwords are salted it would be really hard or not possible to crack that password, but I'm not 100% on that. Need to hear from the server/developer team.

  2. GmasterFJ

    GmasterFJ Lurker

    How do I change my password? I cant find a settings link under my profile.
  3. kbimler

    kbimler Lurker

    As somebody that just found out about this breach, I will add my voice to those that say an email should have been sent.

    Because the notice is no longer on the front page, had I not stumbled into the part of the forum, I still would not know about this problem.

    For those that say, but it is a million plus email messages, then set some arbitrary date. Notify those with activity after that date, and lock those accounts with no activity prior to that date to force a password change.

    Time to go chage a few passwords...
    EarlyMon likes this.
  4. Pitamakan

    Pitamakan Android Enthusiast

    You know, in the age of the 21st-century Internet, that many e-mails really isn't that big a deal. The staff just didn't want to have to deal with the increased volume of questions that would inevitably ensue ... it was much easier to let the non-current forum users go through life unaware that their passwords had been compromised.

    Bottom line, the message is this: this place cares a little bit about the people who are currently providing content for their forums, but not at all for the people who used to do that.
  5. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    Please don't say what the staff wanted when you're not on staff.

    You've made it clear in your repeated posts that you don't believe us and you don't want to believe us.

    We've done our level best to explain the situation and our handling of it, in a forthright and open manner, in this thread.

    At this point, you're really just throwing rocks and repeating that we're guilty of thinking and doing things that are only true according to what you have chosen to believe.

    There's really nothing more that we can say to help you understand, we've said it, yet your mind is made up.

    PS - a great number of our members have opted out of receiving admin email from us. We could not have reached the entire membership in any case.
  6. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    We're really sorry about the inconvenience and regret the situation as much as you do.

    Please let us know if we can be of service in this. :)
    Unforgiven likes this.
  7. Phases

    Thread Starter

    I've asked Rob to come weigh in, give him a couple minutes..
  8. Rob

    Rob Galaxy S20 Ultra

    Not sending a mass e-mail to the 1,000,000+ members was my decision. Contrary to many of the assumptions made in this thread, the decision was NOT made because we don't care about our members and don't want to create more support related questions/work. The entire decision was based on technical challenges.

    Android Forums previously leveraged E-Mail in many ways, including registration verification and instant e-mail notifications. As the site grew exponentially, AF was sending out thousands and thousands of E-Mails every hour, and mail servers began to assume our site was sending out spam. After 6 months of dealing with mail serving blacklists that created humongous problems, we de-prioritized E-Mail so the site could function more smoothly.

    A one-off E-Mail to 1,000,000+ users could have an incredibly negative impact on the site, instantly sucking us back into a hole that took quite awhile to climb out of. We've been researching solutions for our E-Mail woes but I can assure you, it's much easier said than done. It's much more complicated than writing an E-Mail, uploading the E-Mail addresses, and pushing a button. The potential consequences are numerous and far reaching.

    Again, I want to reiterate that this was my personal decision. Please don't point the fingers at our staff of Admins, Mods, and Guides- they've brought these matters to my attention swiftly and have the interest of AF members at the absolute top of their priority list. In fact, they deserve a huge round of a applause at the amazing job they've done and continue to do.

    If you'd prefer to boo, then those boos should be directed at me, but hopefully I've alleviated at least some of your concerns as to the reason we can't currently fulfill your requests. We'll continue to look for opportunities to improve AF and this E-Mail deficiency is certainly a sore spot for us. As always, you're criticisms and suggestions are welcomed and appreciated- they help us improve which is our everlasting goal.

    Thanks to everyone for sticking with us through thick and thin!
    9to5cynic, davoid, treb1797 and 11 others like this.
  9. kbimler

    kbimler Lurker


    Thanks for taking the time to let us know what went into your decision to not send out email messages. I understand the ramifications of sending out a million email messages could have caused. It would have just been helpful to have know about this security issue less than 16 days after it happened, and then only because I happened to scroll all the way to the bottom of the page (something I rarely ever do).
    EarlyMon likes this.
  10. Unforgiven

    Unforgiven ...eschew obfuscation...

    For two weeks there was a red banner at the top of every page alerting users to this issue. I didn't realize it was gone.

    And thanks Rob, that makes sense about the email blast.
    EarlyMon likes this.
  11. kbimler

    kbimler Lurker

    Reading through the thread I got the impression that there was a much larger notification initially. I just probably had not been on the forums here for at least a month, probably even longer.

    I'm not too concerned about it. The worst thing that was going to get hacked by this security issue was a number of other forums that I visit that may have had the same password (don't even know for sure if they did).
    EarlyMon likes this.
  12. Unforgiven

    Unforgiven ...eschew obfuscation...

    It was mainly the banner and a few of us that linked to it in our signature.
  13. AntimonyER


    Thanks for the update Rob. :)

    Phases/Mods - can we get a link to Rob's post in the OP?
    NightAngel79 and EarlyMon like this.
  14. Phases

    Thread Starter

    Good idea.
    AntimonyER and EarlyMon like this.

Share This Page