1. Download our Official Android App: Forums for Android!

Thread Status:
Not open for further replies.

Important Notice - Security Breach

Discussion in 'Site Updates & Announcements' started by Phases, Jul 10, 2012.

  1. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    966
    213
    Beat me too it. It took me several hours and many, many emails from AF as I tried to figure out who was trying to hack my account from MY IP address.

    Just curious. Are the passwords stored just hashed or salted as well?
     

    Advertisement

  2. Phases

    Phases Community Manager
    Administrator Thread Starter
    Rank:
     #14
    Points:
    1,503
    Posts:
    9,015
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,015
    20,354
    1,503
    Male
    IT, Vbulletin and Xenforo Administrator
    Nashville, TN
  3. Intruder

    Intruder Android Enthusiast
    Rank:
    None
    Points:
    58
    Posts:
    345
    Joined:
    May 26, 2010

    May 26, 2010
    345
    16
    58
    Bradford UK
    Why not read what I posted you reply is meaningless I said " It's the FIRST time it's happened to ME since the BBS days!"
    I am fully aware this happens on other websites and forums, but none of the forums I use because security is priority number 1 As I see it not poxy banners and crap most of us will block anyway, it's either admin or the hosting company to blame, if it's the later why trust em again??
    I mean come on Vbull is as good as it gets......
    Also deleting my account via the DB would work if this was to happen again, as when we you leave a forum the account still lays there not deleted from the tables....
    Int
     
  4. The Absolute

    The Absolute Well-Known Member
    Rank:
     #815
    Points:
    36
    Posts:
    157
    Joined:
    Apr 9, 2010

    Apr 9, 2010
    157
    9
    36
    Male
    Sr. Windows Systems Administrator
    Cibolo, TX
    Great work!!!
     
  5. karendar

    karendar Android Enthusiast
    Rank:
    None
    Points:
    78
    Posts:
    513
    Joined:
    Jun 22, 2010

    Jun 22, 2010
    513
    60
    78
    IT coordinator
    Montreal, QC
    Yay... I feel safe now. :|
     
  6. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    966
    213
    Thanks. I feel much better now about not changing my password on every single site.
     
  7. Intruder

    Intruder Android Enthusiast
    Rank:
    None
    Points:
    58
    Posts:
    345
    Joined:
    May 26, 2010

    May 26, 2010
    345
    16
    58
    Bradford UK
    Glad someone does and what your basing that on god only knows.....


    Int
     
  8. Phases

    Phases Community Manager
    Administrator Thread Starter
    Rank:
     #14
    Points:
    1,503
    Posts:
    9,015
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,015
    20,354
    1,503
    Male
    IT, Vbulletin and Xenforo Administrator
    Nashville, TN
    I know what you wrote - I am implying that of all the forums you apparently frequent over all these years, I'm more than willing to bet more than one of them has had a breach whether or not you or they know.

    I understand how databases work and when people leave.

    I also understand you're upset. Our guys found the holes, and patched them. It wasn't through vBulletin. This was unfortunately, but it happened. I think it's more common than you think. That's not to minimize the situation at all - just being realistic.

    We could have done like some and NOT detected it at all, or turned the other cheek and chose not to let anyone know on the chance that nothing will come of it from here. Or waited till trouble arouse and "then" found the evidence.

    We've done the best we could. I'm sorry you're unforgiving. I will be happy to remove your account if you wish. But please don't litter the thread with rash or nonconstructive replies, especially to other users who aren't addressing you at all.

    Thanks for understanding.
     
  9. Intruder

    Intruder Android Enthusiast
    Rank:
    None
    Points:
    58
    Posts:
    345
    Joined:
    May 26, 2010

    May 26, 2010
    345
    16
    58
    Bradford UK
    I am not "unforgiving" as you put it, just after a little reassurance that plans are inplace to minimize this happening again...
    btw 3 of the said forums I am / was either or a mod or admin so fairly sure I would have known...
     
  10. Cythes

    Cythes Newbie
    Rank:
    None
    Points:
    35
    Posts:
    12
    Joined:
    Jul 7, 2012

    Jul 7, 2012
    12
    0
    35
    Whats that?
    Some where in time / space.
    I just changed my password on here Nothing in GMAIL yet but I will be changing it on there as well just for safe measure. Thanks for the heads up!
     
  11. TheRealKTFO

    TheRealKTFO Well-Known Member
    Rank:
    None
    Points:
    58
    Posts:
    101
    Joined:
    Aug 18, 2011

    Aug 18, 2011
    101
    11
    58
    is everything!
    I appreciate the heads up and the honesty from the staff about the breach.

    I must ask...

    Did the sever/developer team happen to get any information about the hackers, such as their IP address(s)? :mad:

    Hey, you never know. Maybe they were stupid enough not to spoof their IP and "someone" could give 'em a little payback...:ridinghorse:
     
  12. WPWoodJr

    WPWoodJr Member
    Rank:
    None
    Points:
    16
    Posts:
    65
    Joined:
    Nov 7, 2009

    Nov 7, 2009
    65
    7
    16
    With a good password dictionary they should be able to break the password in seconds, like happened on LinkedIn. Any site where you used the same username/password is at risk. I was surprised that this wasn't mentioned in the OP's post. If the password is broken, they would not need "file level access" to access your stuff on another site.
     
  13. WPWoodJr

    WPWoodJr Member
    Rank:
    None
    Points:
    16
    Posts:
    65
    Joined:
    Nov 7, 2009

    Nov 7, 2009
    65
    7
    16
    Do you salt the password to prevent dictionary attacks?
     
  14. SamsungAdmire

    Rank:
    None
    Points:
    163
    Posts:
    1,254
    Joined:
    Feb 7, 2012

    Feb 7, 2012
    1,254
    123
    163
    Yass at the new borders around the notice, otherwise i would'nt of noticed at all.
     
  15. kelela92

    kelela92 Member
    Rank:
    None
    Points:
    16
    Posts:
    66
    Joined:
    Jun 20, 2010

    Jun 20, 2010
    66
    5
    16
    SoCal
    I wanted to say thanks for updating the banner up top. I saw it yesterday, but honestly thought it was some sort of lame ad for me to be a sucker and click on. Today, knowing that it says all those things, made me actually take it seriously and click on it.
     
  16. LBPHeretic

    LBPHeretic Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    2,368
    Joined:
    May 29, 2010

    May 29, 2010
    2,368
    507
    213
    Senior Software Engineer
    Wilmington, Delaware
    Phases already mentioned above that they were hashed and salted. That is about the best one can do.

    Android Forums has been proactive in warning people and completely transparent about the situation. I get that some people are irked over this, but given the circumstances, things were handled expediently and professionally.
     
  17. TVictory

    TVictory Well-Known Member
    Rank:
    None
    Points:
    88
    Posts:
    160
    Joined:
    Aug 18, 2010

    Aug 18, 2010
    160
    256
    88

    I think thats one vote (the first vote) for TVictory as lead designer!
     
    Xyro likes this.
  18. AMTrombley0924

    AMTrombley0924 Android Enthusiast
    Rank:
    None
    Points:
    53
    Posts:
    478
    Joined:
    Jun 2, 2010

    Jun 2, 2010
    478
    57
    53
    Student, Air Force Cadet
    California
    Just want to make sure that the staff knows that we honestly do appreciate your hard work. I'm sure you can tell by the hundreds of "thank you's" already, but I just wanted to get mine in too.
     
  19. karendar

    karendar Android Enthusiast
    Rank:
    None
    Points:
    78
    Posts:
    513
    Joined:
    Jun 22, 2010

    Jun 22, 2010
    513
    60
    78
    IT coordinator
    Montreal, QC
    It was somewhat of a sarcastic response, as I never feel safe when someone has a possibility of compromising my account information. But at least I can feel good about the fact I secure my password where it matters and do not repeat passwords unless I don't care as much about my access. ;) And a forum access isn't something that I really care deeply about.
     
  20. silverfang77

    silverfang77 Well-Known Member
    Rank:
    None
    Points:
    56
    Posts:
    133
    Joined:
    Nov 6, 2010

    Nov 6, 2010
    133
    8
    56
    Thank you for the headsup. Better safe than sorry.
     
  21. Stinky Stinky

    Stinky Stinky Android Expert
    Rank:
     #40
    Points:
    643
    Posts:
    4,354
    Joined:
    Aug 31, 2010

    Aug 31, 2010
    4,354
    2,252
    643
    Monkey
    In a Dumpster!
    I just wanted to say thanks to Phases and all the gang for being honest about this hey...

    I think that is really noble actually you hear me guys!

    I am proud of all you losers! ;)

    I think you guys are just great and don't stress, I didn't have any important info about me that I will lose sleep over at night.

    Except my secret hidden thread of me with Naked sexy female Roaches!

    I like a the ladies...

    :)

    You Suck! :)
     
  22. Stinky Stinky

    Stinky Stinky Android Expert
    Rank:
     #40
    Points:
    643
    Posts:
    4,354
    Joined:
    Aug 31, 2010

    Aug 31, 2010
    4,354
    2,252
    643
    Monkey
    In a Dumpster!

    NO

    Don't vote for this bum!

    Vote for me and I will promise free guides on:

    "How to Troll Like A Champion!"

    And that I swear on my mothers grave!

    :)
     
  23. !on

    !on Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    824
    Joined:
    Aug 14, 2011

    Aug 14, 2011
    824
    120
    93
    Male
    UK
    Thanks to wikileaks fiasco & other things I took my account off paypal. Removed details from amazon & itunes. I think the internet is not such a safe place to keep money! Banking has extra security fields to fill (memorable info). You're right about the users responsibility. It's best not to keep a two grand mountain bike in a garden shed!

    Also I check old hotmail accounts' junk mail for suspicious behaviour. Old msn contacts have cropped up (been hacked) trying to sell me stuff. Obviously not them, so when you see something like that it means change your passwords.
     
  24. Familyguy1

    Familyguy1 Android Enthusiast
    Rank:
    None
    Points:
    63
    Posts:
    580
    Joined:
    May 9, 2010

    May 9, 2010
    580
    21
    63
    Gallatin, TN
    Thats quite interesting considering about a week ago I contacted you about the same thing...hmm.

    Glad it is resolved though, thanks guys!
     
  25. Glas67

    Glas67 Newbie
    Rank:
    None
    Points:
    15
    Posts:
    10
    Joined:
    Jul 7, 2012

    Jul 7, 2012
    10
    0
    15
    Just for notifying everyone that there is a potential hazard is a lot to be thankful for, as it is a lot more information than some websites would divulge.
     

Share This Page

Loading...