1. Download our Official Android App: Forums for Android!

Thread Status:
Not open for further replies.

Important Notice - Security Breach

Discussion in 'Site Updates & Announcements' started by Phases, Jul 10, 2012.

  1. Phases

    Phases NO LONGER ADMIN MSG ROB
    Thread Starter
    Rank:
    None
    Points:
    1,503
    Posts:
    9,087
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,087
    20,630
    1,503
    Male
    IT
    Nashville, TN
    Thank you for the report - passing it up to Rob.

    Unless that password is what you use for your gmail account - they wouldn't (shouldn't?) be related. If it is.. it is my understanding the way the passwords are salted it would be really hard or not possible to crack that password, but I'm not 100% on that. Need to hear from the server/developer team.
     

    Advertisement

  2. GmasterFJ

    GmasterFJ Lurker
    Rank:
    None
    Points:
    5
    Posts:
    6
    Joined:
    Apr 10, 2012

    Apr 10, 2012
    6
    0
    5
    How do I change my password? I cant find a settings link under my profile.
     
  3. Kelmar

    Kelmar Done by choice
    Rank:
    None
    Points:
    823
    Posts:
    11,819
    Joined:
    Nov 28, 2009

    Nov 28, 2009
    11,819
    4,745
    823
  4. kbimler

    kbimler Lurker
    Rank:
    None
    Points:
    6
    Posts:
    7
    Joined:
    Mar 15, 2010

    Mar 15, 2010
    7
    3
    6
    As somebody that just found out about this breach, I will add my voice to those that say an email should have been sent.

    Because the notice is no longer on the front page, had I not stumbled into the part of the forum, I still would not know about this problem.

    For those that say, but it is a million plus email messages, then set some arbitrary date. Notify those with activity after that date, and lock those accounts with no activity prior to that date to force a password change.

    Time to go chage a few passwords...
     
    EarlyMon likes this.
  5. Pitamakan

    Pitamakan Android Enthusiast
    Rank:
    None
    Points:
    78
    Posts:
    586
    Joined:
    Jan 15, 2010

    Jan 15, 2010
    586
    80
    78
    Bozeman, Montana
    You know, in the age of the 21st-century Internet, that many e-mails really isn't that big a deal. The staff just didn't want to have to deal with the increased volume of questions that would inevitably ensue ... it was much easier to let the non-current forum users go through life unaware that their passwords had been compromised.

    Bottom line, the message is this: this place cares a little bit about the people who are currently providing content for their forums, but not at all for the people who used to do that.
     
  6. EarlyMon

    EarlyMon The PearlyMon
    VIP Member
    Rank:
    None
    Points:
    5,218
    Posts:
    57,631
    Joined:
    Jun 10, 2010

    Jun 10, 2010
    57,631
    70,445
    5,218
    New Mexico, USA
    Please don't say what the staff wanted when you're not on staff.

    You've made it clear in your repeated posts that you don't believe us and you don't want to believe us.

    We've done our level best to explain the situation and our handling of it, in a forthright and open manner, in this thread.

    At this point, you're really just throwing rocks and repeating that we're guilty of thinking and doing things that are only true according to what you have chosen to believe.

    There's really nothing more that we can say to help you understand, we've said it, yet your mind is made up.

    PS - a great number of our members have opted out of receiving admin email from us. We could not have reached the entire membership in any case.
     
  7. EarlyMon

    EarlyMon The PearlyMon
    VIP Member
    Rank:
    None
    Points:
    5,218
    Posts:
    57,631
    Joined:
    Jun 10, 2010

    Jun 10, 2010
    57,631
    70,445
    5,218
    New Mexico, USA
    We're really sorry about the inconvenience and regret the situation as much as you do.

    Please let us know if we can be of service in this. :)
     
    Unforgiven likes this.
  8. Phases

    Phases NO LONGER ADMIN MSG ROB
    Thread Starter
    Rank:
    None
    Points:
    1,503
    Posts:
    9,087
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,087
    20,630
    1,503
    Male
    IT
    Nashville, TN
    I've asked Rob to come weigh in, give him a couple minutes..
     
  9. Rob

    Rob I'm tellin' mommy on you!
    Administrator
    Rank:
     #43
    Points:
    563
    Posts:
    2,205
    Joined:
    Mar 26, 2008

    Mar 26, 2008
    2,205
    3,789
    563
    Androiding
    Not sending a mass e-mail to the 1,000,000+ members was my decision. Contrary to many of the assumptions made in this thread, the decision was NOT made because we don't care about our members and don't want to create more support related questions/work. The entire decision was based on technical challenges.

    Android Forums previously leveraged E-Mail in many ways, including registration verification and instant e-mail notifications. As the site grew exponentially, AF was sending out thousands and thousands of E-Mails every hour, and mail servers began to assume our site was sending out spam. After 6 months of dealing with mail serving blacklists that created humongous problems, we de-prioritized E-Mail so the site could function more smoothly.

    A one-off E-Mail to 1,000,000+ users could have an incredibly negative impact on the site, instantly sucking us back into a hole that took quite awhile to climb out of. We've been researching solutions for our E-Mail woes but I can assure you, it's much easier said than done. It's much more complicated than writing an E-Mail, uploading the E-Mail addresses, and pushing a button. The potential consequences are numerous and far reaching.

    Again, I want to reiterate that this was my personal decision. Please don't point the fingers at our staff of Admins, Mods, and Guides- they've brought these matters to my attention swiftly and have the interest of AF members at the absolute top of their priority list. In fact, they deserve a huge round of a applause at the amazing job they've done and continue to do.

    If you'd prefer to boo, then those boos should be directed at me, but hopefully I've alleviated at least some of your concerns as to the reason we can't currently fulfill your requests. We'll continue to look for opportunities to improve AF and this E-Mail deficiency is certainly a sore spot for us. As always, you're criticisms and suggestions are welcomed and appreciated- they help us improve which is our everlasting goal.

    Thanks to everyone for sticking with us through thick and thin!
     
    9to5cynic, davoid, treb1797 and 11 others like this.
  10. kbimler

    kbimler Lurker
    Rank:
    None
    Points:
    6
    Posts:
    7
    Joined:
    Mar 15, 2010

    Mar 15, 2010
    7
    3
    6
    Rob,

    Thanks for taking the time to let us know what went into your decision to not send out email messages. I understand the ramifications of sending out a million email messages could have caused. It would have just been helpful to have know about this security issue less than 16 days after it happened, and then only because I happened to scroll all the way to the bottom of the page (something I rarely ever do).
     
    EarlyMon likes this.
  11. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #1
    Points:
    4,238
    Posts:
    36,321
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    36,321
    42,477
    4,238
    Male
    Douglas, MA
    For two weeks there was a red banner at the top of every page alerting users to this issue. I didn't realize it was gone.

    And thanks Rob, that makes sense about the email blast.
     
    EarlyMon likes this.
  12. kbimler

    kbimler Lurker
    Rank:
    None
    Points:
    6
    Posts:
    7
    Joined:
    Mar 15, 2010

    Mar 15, 2010
    7
    3
    6
    Reading through the thread I got the impression that there was a much larger notification initially. I just probably had not been on the forums here for at least a month, probably even longer.

    I'm not too concerned about it. The worst thing that was going to get hacked by this security issue was a number of other forums that I visit that may have had the same password (don't even know for sure if they did).
     
    EarlyMon likes this.
  13. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #1
    Points:
    4,238
    Posts:
    36,321
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    36,321
    42,477
    4,238
    Male
    Douglas, MA
    It was mainly the banner and a few of us that linked to it in our signature.
     
  14. AntimonyER

    AntimonyER AF Addict
    Rank:
    None
    Points:
    1,343
    Posts:
    13,645
    Joined:
    Jun 18, 2010

    Jun 18, 2010
    13,645
    8,004
    1,343
    Statesboro, GA
    Thanks for the update Rob. :)

    Phases/Mods - can we get a link to Rob's post in the OP?
     
    NightAngel79 and EarlyMon like this.
  15. Phases

    Phases NO LONGER ADMIN MSG ROB
    Thread Starter
    Rank:
    None
    Points:
    1,503
    Posts:
    9,087
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,087
    20,630
    1,503
    Male
    IT
    Nashville, TN
    Good idea.
     
    AntimonyER and EarlyMon like this.

Share This Page

Loading...