1. Are you ready for the Galaxy S20? Here is everything we know so far!
Thread Status:
Not open for further replies.

Important Notice - Security Breach

Discussion in 'Site Updates & Announcements' started by Phases, Jul 10, 2012.

  1. jerofld

    jerofld Fixing stuff is not easy

    Yeah, everyone knows that you use an iPod touch and wouldn't be caught dead using an iPod color (or whatever it is).
     


  2. Unicorn512

    Unicorn512 Well-Known Member

    I also received the following msg (twice) after I canged passwords.

    Dear Unicorn512, Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes. The person trying to log into your account had the following IP address: 174.253.187.214 All the best, Android Forums

    I checked and it's the VZN supplied address on my DROID3. Then it occurred to me that the Phandroid app on my phone must be the cause, so I uninstalled it.
     
  3. dautley

    dautley Android Expert

    Isn't accusing someone of using a Fruity product on a Android forum against some kind of TOS?:D
     
    jmar likes this.
  4. Cam

    Cam Android Enthusiast

    Phases,

    I changed my password earlier today as soon as I saw your notice, and this evening between 5:02 and 6:18PM Central Time there were four failed login attempts on my account. I was out eating dinner with my wife at the time, so I know for a fact that it wasn't me.

    It seems to me that there is a high probability that whomever compromised your database is in fact trying to use that information to gain access to user accounts.

    FYI...
     
  5. Unforgiven

    Unforgiven ...eschew obfuscation...
    Moderator

    If you have any apps on your phone that connect to AF you need to resetu your password on them. They will continue to try and connect to AF using your old credentials and cause those messages. Accross 3 PCs and 2 phones I had to update passwords 28 times.
     
  6. Cam

    Cam Android Enthusiast

    I'll do that, but those apps (Tapatalk) were not running on my phone or tablet, even in the background. Don't they have to be running for that to happen?
     
  7. Xyro

    Xyro 4 8 15 16 23 42
    Moderator

    Do you have subscription or pm notifications on in tapatalk?
     
    Cam and Unforgiven like this.
  8. Unforgiven

    Unforgiven ...eschew obfuscation...
    Moderator

    ^^^ that's the key, they check in for any push notifications. I had Forum Runner and Tapatalk both trying to check for PM's.
     
    Cam likes this.
  9. Cam

    Cam Android Enthusiast

    No and no. I just checked again to be sure. However, I certainly acknowledge that Tapatalk could have been the culprit, since I didn't change my password in that app until until just now. Like I said, Tapatalk wasn't running at all as far as I know, but who knows? That does seem more plausible than some hacker trying to use my account out of the thousands and thousands of accounts on AF...

    Edit: Nevermind, I did have those settings turned on in Tapatalk. That must have been it.
     
    Xyro and Unforgiven like this.
  10. mamawm

    mamawm Well-Known Member

    i changed my password on my computer bright and early this morning and soon after received 3 notices that someone was attempting to log into my account with an incorrect password. i do have the phandroid app loaded on both my phone and tablet. i ran the network info app and realized that the ip address trying to access my account was the external ip for my isp. so i just opened the phandroid app on both phone and tablet and signed out, then waited the 15 minutes and resigned in. no more notices. all is good.
     
  11. Leemann

    Leemann Member

    The Doctor is coming...........

    Thanks for the quick response.
    Lee
     
  12. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    Yep, recall it clearly and the response given was coordinated with admin with the best information at the time - but definitely, your query was escalated. ;)
     
  13. laptopquestion

    laptopquestion Android Enthusiast

    I changed my password....

    Do I win something :) ?
     
  14. Sharondippity

    Sharondippity Dismember

    I made you a cupcake but I ated it :)
     
  15. trialnerror

    trialnerror Member

    Thank You ;

    To all involved in finding and fixing some evil persons attempt . :)
    I for one am very appreciative of this.. and thanks again.
     
  16. chaz_uk

    chaz_uk Android Enthusiast

    qwertyuiop

    No one will guess mine! :D

    (Thanks for the warning)
     
  17. Crashumbc

    Crashumbc Android Expert

    agreed, THIS IS HOW A BREACH SHOULD BE HANDLED !!!!


    It's really sad a "hobby/user forum" (no offense) can get it "right", but banks,online retailers, etc. fail so miserably.

    Thank you.
     
  18. Crashumbc

    Crashumbc Android Expert


    Then the "security" fault lies with YOU, not AF...

    using the same password everywhere is beyond bad.

    I could see using the same password across forums, but e-mail? NEVER...

    Please review your security practices before complaining about others... (glass houses and all that stuff)
     
  19. Crashumbc

    Crashumbc Android Expert

  20. trparky

    trparky Android Enthusiast

    I changed my password for this site, no issues at all. Luckily, this was one of the many sites that I've already converted the password over to a completely randomly generated password. The old password was 12 characters long, the new password is 16 characters long.

    It has been said before by some people that you shouldn't use the same password for every site that you use. I personally use a randomly generated password for about 75% of all web sites that I have accounts on and save these passwords in my Roboform data.
     
  21. thornev

    thornev Android Enthusiast

    Yeah, my band's web site hosted by 1&1 was attacked yesterday. Somehow they got into my main web page and altered it to call an install of a virus. Took me 2 hours to clean off my computer and remove the virus call.
     
  22. Crashumbc

    Crashumbc Android Expert


    One Ring to rule them all, One Ring to find them, One Ring to bring them all, And in the darkness bind them

    :p
     
  23. Loota

    Loota Android Enthusiast

    Thanks for being so forthcoming!
     
  24. I'm glad the exploit was secured.

    FYI.. There is a GIANT difference between a vbulletin forum and the framework a bank or most online retailers run :rolleyes:
     
Loading...

Share This Page

Loading...