1. Download our Official Android App: Forums for Android!

Thread Status:
Not open for further replies.

Important Notice - Security Breach

Discussion in 'Site Updates & Announcements' started by Phases, Jul 10, 2012.

  1. jerofld

    jerofld Fixing stuff is not easy
    Rank:
    None
    Points:
    313
    Posts:
    7,687
    Joined:
    May 10, 2011

    May 10, 2011
    7,687
    4,269
    313
    Male
    I fix stuff
    Over there <points>
    Yeah, everyone knows that you use an iPod touch and wouldn't be caught dead using an iPod color (or whatever it is).
     

    Advertisement

  2. Unicorn512

    Unicorn512 Well-Known Member
    Rank:
    None
    Points:
    38
    Posts:
    141
    Joined:
    Jan 21, 2010

    Jan 21, 2010
    141
    11
    38
    Male
    Idaho
    I also received the following msg (twice) after I canged passwords.

    Dear Unicorn512, Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes. The person trying to log into your account had the following IP address: 174.253.187.214 All the best, Android Forums

    I checked and it's the VZN supplied address on my DROID3. Then it occurred to me that the Phandroid app on my phone must be the cause, so I uninstalled it.
     
  3. dautley

    dautley Android Expert
    Rank:
    None
    Points:
    253
    Posts:
    1,823
    Joined:
    Jul 23, 2010

    Jul 23, 2010
    1,823
    502
    253
    Dickson, TN.
    Isn't accusing someone of using a Fruity product on a Android forum against some kind of TOS?:D
     
    jmar likes this.
  4. testify585

    testify585 Newbie
    Rank:
    None
    Points:
    15
    Posts:
    18
    Joined:
    Jul 27, 2010

    Jul 27, 2010
    18
    0
    15
  5. Cam

    Cam Android Enthusiast
    Rank:
    None
    Points:
    138
    Posts:
    448
    Joined:
    Aug 24, 2011

    Aug 24, 2011
    448
    527
    138
    USAF
    Shreveport, LA
    Phases,

    I changed my password earlier today as soon as I saw your notice, and this evening between 5:02 and 6:18PM Central Time there were four failed login attempts on my account. I was out eating dinner with my wife at the time, so I know for a fact that it wasn't me.

    It seems to me that there is a high probability that whomever compromised your database is in fact trying to use that information to gain access to user accounts.

    FYI...
     
  6. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,684
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,684
    34,040
    4,238
    Male
    Douglas, MA
    If you have any apps on your phone that connect to AF you need to resetu your password on them. They will continue to try and connect to AF using your old credentials and cause those messages. Accross 3 PCs and 2 phones I had to update passwords 28 times.
     
  7. Cam

    Cam Android Enthusiast
    Rank:
    None
    Points:
    138
    Posts:
    448
    Joined:
    Aug 24, 2011

    Aug 24, 2011
    448
    527
    138
    USAF
    Shreveport, LA
    I'll do that, but those apps (Tapatalk) were not running on my phone or tablet, even in the background. Don't they have to be running for that to happen?
     
  8. Xyro

    Xyro 4 8 15 16 23 42
    Moderator
    Rank:
     #18
    Points:
    1,413
    Posts:
    12,878
    Joined:
    Dec 1, 2009

    Dec 1, 2009
    12,878
    9,199
    1,413
    UK
    Do you have subscription or pm notifications on in tapatalk?
     
    Cam and Unforgiven like this.
  9. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,684
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,684
    34,040
    4,238
    Male
    Douglas, MA
    ^^^ that's the key, they check in for any push notifications. I had Forum Runner and Tapatalk both trying to check for PM's.
     
    Cam likes this.
  10. Cam

    Cam Android Enthusiast
    Rank:
    None
    Points:
    138
    Posts:
    448
    Joined:
    Aug 24, 2011

    Aug 24, 2011
    448
    527
    138
    USAF
    Shreveport, LA
    No and no. I just checked again to be sure. However, I certainly acknowledge that Tapatalk could have been the culprit, since I didn't change my password in that app until until just now. Like I said, Tapatalk wasn't running at all as far as I know, but who knows? That does seem more plausible than some hacker trying to use my account out of the thousands and thousands of accounts on AF...

    Edit: Nevermind, I did have those settings turned on in Tapatalk. That must have been it.
     
    Xyro and Unforgiven like this.
  11. mamawm

    mamawm Well-Known Member
    Rank:
    None
    Points:
    63
    Posts:
    205
    Joined:
    Jul 22, 2011

    Jul 22, 2011
    205
    48
    63
    i changed my password on my computer bright and early this morning and soon after received 3 notices that someone was attempting to log into my account with an incorrect password. i do have the phandroid app loaded on both my phone and tablet. i ran the network info app and realized that the ip address trying to access my account was the external ip for my isp. so i just opened the phandroid app on both phone and tablet and signed out, then waited the 15 minutes and resigned in. no more notices. all is good.
     
  12. Leemann

    Leemann Member
    Rank:
    None
    Points:
    36
    Posts:
    53
    Joined:
    Jul 29, 2011

    Jul 29, 2011
    53
    8
    36
    Near here
    The Doctor is coming...........

    Thanks for the quick response.
    Lee
     
  13. EarlyMon

    EarlyMon The PearlyMon
    Rank:
     #1
    Points:
    5,218
    Posts:
    57,632
    Joined:
    Jun 10, 2010

    Jun 10, 2010
    57,632
    70,420
    5,218
    New Mexico, USA
    Yep, recall it clearly and the response given was coordinated with admin with the best information at the time - but definitely, your query was escalated. ;)
     
  14. laptopquestion

    laptopquestion Android Enthusiast
    Rank:
    None
    Points:
    73
    Posts:
    289
    Joined:
    Jun 28, 2012

    Jun 28, 2012
    289
    53
    73
    I changed my password....

    Do I win something :) ?
     
  15. Sharondippity

    Sharondippity Dismember
    Rank:
     #201
    Points:
    113
    Posts:
    999
    Joined:
    Apr 25, 2010

    I made you a cupcake but I ated it :)
     
  16. trialnerror

    trialnerror Member
    Rank:
    None
    Points:
    16
    Posts:
    59
    Joined:
    Sep 8, 2011

    Sep 8, 2011
    59
    9
    16
    permanent vacation
    Lake Geneva, Wisconsin
    Thank You ;

    To all involved in finding and fixing some evil persons attempt . :)
    I for one am very appreciative of this.. and thanks again.
     
  17. chaz_uk

    chaz_uk Android Enthusiast
    Rank:
    None
    Points:
    63
    Posts:
    281
    Joined:
    Sep 10, 2009

    qwertyuiop

    No one will guess mine! :D

    (Thanks for the warning)
     
  18. Crashumbc

    Crashumbc Android Expert
    Rank:
    None
    Points:
    223
    Posts:
    1,810
    Joined:
    Apr 7, 2010

    Apr 7, 2010
    1,810
    550
    223
    IT god
    B'more
    agreed, THIS IS HOW A BREACH SHOULD BE HANDLED !!!!


    It's really sad a "hobby/user forum" (no offense) can get it "right", but banks,online retailers, etc. fail so miserably.

    Thank you.
     
  19. Crashumbc

    Crashumbc Android Expert
    Rank:
    None
    Points:
    223
    Posts:
    1,810
    Joined:
    Apr 7, 2010

    Apr 7, 2010
    1,810
    550
    223
    IT god
    B'more

    Then the "security" fault lies with YOU, not AF...

    using the same password everywhere is beyond bad.

    I could see using the same password across forums, but e-mail? NEVER...

    Please review your security practices before complaining about others... (glass houses and all that stuff)
     
  20. Crashumbc

    Crashumbc Android Expert
    Rank:
    None
    Points:
    223
    Posts:
    1,810
    Joined:
    Apr 7, 2010

    Apr 7, 2010
    1,810
    550
    223
    IT god
    B'more
  21. trparky

    trparky Android Enthusiast
    Rank:
    None
    Points:
    113
    Posts:
    692
    Joined:
    Jun 11, 2011

    I changed my password for this site, no issues at all. Luckily, this was one of the many sites that I've already converted the password over to a completely randomly generated password. The old password was 12 characters long, the new password is 16 characters long.

    It has been said before by some people that you shouldn't use the same password for every site that you use. I personally use a randomly generated password for about 75% of all web sites that I have accounts on and save these passwords in my Roboform data.
     
  22. thornev

    thornev Android Enthusiast
    Rank:
    None
    Points:
    53
    Posts:
    309
    Joined:
    Nov 20, 2011

    Nov 20, 2011
    309
    98
    53
    Hudson Valley, NY
    Yeah, my band's web site hosted by 1&1 was attacked yesterday. Somehow they got into my main web page and altered it to call an install of a virus. Took me 2 hours to clean off my computer and remove the virus call.
     
  23. Crashumbc

    Crashumbc Android Expert
    Rank:
    None
    Points:
    223
    Posts:
    1,810
    Joined:
    Apr 7, 2010

    Apr 7, 2010
    1,810
    550
    223
    IT god
    B'more

    One Ring to rule them all, One Ring to find them, One Ring to bring them all, And in the darkness bind them

    :p
     
  24. Loota

    Loota Android Enthusiast
    Rank:
    None
    Points:
    123
    Posts:
    739
    Joined:
    Feb 3, 2012

    Feb 3, 2012
    739
    487
    123
    Male
    Unemployed Medical Field Service Engineer
    Rockland, NY
    Thanks for being so forthcoming!
     
  25. Brandon Sheley

    Rank:
    None
    Points:
    26
    Posts:
    8
    Joined:
    Jul 5, 2012

    Jul 5, 2012
    8
    1
    26
    App dev
    Kansas
    I'm glad the exploit was secured.

    FYI.. There is a GIANT difference between a vbulletin forum and the framework a bank or most online retailers run :rolleyes:
     

Share This Page

Loading...