1. Download our Official Android App: Forums for Android!

Thread Status:
Not open for further replies.

Important Notice - Security Breach

Discussion in 'Site Updates & Announcements' started by Phases, Jul 10, 2012.

  1. Crashumbc

    Crashumbc Android Expert
    Rank:
    None
    Points:
    223
    Posts:
    1,810
    Joined:
    Apr 7, 2010

    Apr 7, 2010
    1,810
    550
    223
    IT god
    B'more
    most definitely, banks, online retailers have much MORE at stake and should MORE forthcoming and faster to notify their users because the risk is greater...


    if a vBulletin site can start notifying user within a couple hours, a bank should be doing it with an hour of confirming their systems were compromised and information lost.
     

    Advertisement

  2. 2momo123

    2momo123 Lurker
    Rank:
    None
    Points:
    5
    Posts:
    1
    Joined:
    Jun 8, 2011

    Jun 8, 2011
    1
    0
    5
    Thanks for the info, may I ask if the passwords are hashed and/or salted?
     
  3. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,701
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,701
    34,087
    4,238
    Male
    Douglas, MA
    both, the admin posted about it earlier in the thread somewhere.
     
  4. dstuttgen

    dstuttgen Lurker
    Rank:
    None
    Points:
    25
    Posts:
    9
    Joined:
    Mar 10, 2012

    Mar 10, 2012
    9
    0
    25
    Laboratory Technician
    Oconto, WI, USA
    I changed my password yesterday. This morning I had 37 failed attempts at log-on and it says it is coming from my IP. What give?

    Cheers, Dan
     
  5. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,701
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,701
    34,087
    4,238
    Male
    Douglas, MA
    You need to reset the password on any apps that access the forums (Tapatalk, Forum Runner, official Phandroid app) as they will continue pinging the site to check for any push notifictions. The same thing happened to me.
     
  6. dstuttgen

    dstuttgen Lurker
    Rank:
    None
    Points:
    25
    Posts:
    9
    Joined:
    Mar 10, 2012

    Mar 10, 2012
    9
    0
    25
    Laboratory Technician
    Oconto, WI, USA
    Yup, figured that out after I posted. I needed to re-log in on my galaxy S. All better now. Thanks for the shout-back!

    Cheers, Dan
     
  7. 76ford90lx

    76ford90lx Guest
    Rank:
    None
    Points:
    78
    Posts:
    532
    Joined:
    Sep 10, 2011

    Sep 10, 2011
    532
    96
    78
    Q.A. Supervisor
    Riverside, CA
    I do think a mass email would have been a good idea. Sometimes I dont have the time to log on for days or even a week or more.

    Besides that great job on cleaning up the mess guys :)
     
    colchiro likes this.
  8. Lks Lks

    Lks Lks Well-Known Member
    Rank:
     #650
    Points:
    43
    Posts:
    135
    Joined:
    Nov 16, 2011

    Nov 16, 2011
    135
    42
    43
    Male
    Mumbai
    I also have some issue before.for a couple of a minute I logout my profile,l found some one already login with a name don't remember the name.then I logout his profile.its seems very strange.

    but my profile is always secure because of good great amazing security and great people hard work to secure Android forum thanks a lot..:)
     
  9. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,701
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,701
    34,087
    4,238
    Male
    Douglas, MA
    This is a known issue i believe. I don't think you are logged in as someone else, just their name is displayed.
     
  10. Lks Lks

    Lks Lks Well-Known Member
    Rank:
     #650
    Points:
    43
    Posts:
    135
    Joined:
    Nov 16, 2011

    Nov 16, 2011
    135
    42
    43
    Male
    Mumbai
    ya may be just their name displayed.
     
  11. JosephHopkins

    JosephHopkins Lurker
    Rank:
    None
    Points:
    5
    Posts:
    1
    Joined:
    Apr 4, 2012

    Apr 4, 2012
    1
    0
    5
    IT
    Canada
    Good job guys.. fast work!!
     
  12. joey3002

    joey3002 Guest
    Rank:
    None
    Posts:
    0
    Joined:

    How can I delete my account?
    thanks
     
  13. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,701
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,701
    34,087
    4,238
    Male
    Douglas, MA
    PM Phases, but can I ask why?
     
  14. joey3002

    joey3002 Guest
    Rank:
    None
    Posts:
    0
    Joined:

    1. I dont use the site..
    2. One less site to worry about..

    I think its time I start cleaning up the sites I am a member of. Nothing against the site here.. Just if I do not use a site, why continue to be a member.
     
  15. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,701
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,701
    34,087
    4,238
    Male
    Douglas, MA
    Fair enough. While I left my account nearly dormant for 18 months, when I did have a need it was nice to have it still around. I wish you luck in the future and would hate to see you go.
     
  16. dautley

    dautley Android Expert
    Rank:
    None
    Points:
    253
    Posts:
    1,823
    Joined:
    Jul 23, 2010

    Jul 23, 2010
    1,823
    502
    253
    Dickson, TN.
    To the Rob, Phases, and staff of Phandroid (Android Forums),
    Good job in being so forthcoming with information as soon as it was discovered the site had been attacked, allowing your members to change their passwords and minimize any potential damage to ourselves both here and any other site where we might use the same user name/password combination.
    With that in mind I would just like to remind others users who may be upset that their info MAY have been accessed that many attacks on Government, Military, Financial, and Privet sites (that we may never hear about) take place every day. Examples of this are China was able to access DoD servers @ Los Alamos and steal advanced nuclear warhead designs, the cyber-attacks on Iran, and it seems almost monthly we here about some credit card progressing company being hit months after the fact.
    This is the nature of the internet and there is nothing a website or company can do to prevent an attack from happening in the first place.
    What they can do is invest in good firewalls and monitoring software so they know when such attacks occur and notify users so they can take any actions we need to. This is exactly what AndroidForums/Neverstill Media did, so to all the staff involved, Thank You again! :)
     
    trparky and jmar like this.
  17. geeknik

    geeknik Lurker
    Rank:
    None
    Points:
    26
    Posts:
    3
    Joined:
    Dec 24, 2011

    Dec 24, 2011
    3
    2
    26
    System Administrator
    Oklahoma, USA
    Eh, let 'em have my password. Thanks to LastPass, it was a randomly generated password not in use on any other of my accounts. I've updated it with another randomly generated password unique to this account. =)
     
  18. CuBz

    CuBz Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,656
    Joined:
    Sep 21, 2010

    Sep 21, 2010
    1,656
    230
    163
    Website Programmer
    UK
    I had an email saying someone had tried accessing my account, but from my IP. My IP changes every few hours, so it seems very very fishy.
     
  19. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,701
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,701
    34,087
    4,238
    Male
    Douglas, MA
    You need to reset your password in any app on your devices that connects to Android Forums (Tapatalk, Forum Runner, or the AF app itself) as they will try and connect to the site for push notifications.
     
    PyroSporker likes this.
  20. droidsix

    droidsix Lurker
    Rank:
    None
    Points:
    25
    Posts:
    5
    Joined:
    May 22, 2012

    May 22, 2012
    5
    0
    25
    Thanks to All... I am very impressed with your speed and professionalism.

    I have done what I need to, and have no concerns. Thanks Again :) :) :)
     
  21. CuBz

    CuBz Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,656
    Joined:
    Sep 21, 2010

    Sep 21, 2010
    1,656
    230
    163
    Website Programmer
    UK
    Ah yes, the Phandroid app... silly me :stupid:

    P.S. Does this forum support Tapatalk now? :rolleyes:
     
  22. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,701
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,701
    34,087
    4,238
    Male
    Douglas, MA
    No worries, I did the same exact thing.:rolleyes:
     
  23. PyroSporker

    PyroSporker Android Expert
    Rank:
     #90
    Points:
    323
    Posts:
    1,779
    Joined:
    Apr 3, 2010

    Apr 3, 2010
    1,779
    1,285
    323
    This ought to be added to the first post in red so it doesn't have to be re-posted as many times. ;)
     
  24. Unforgiven

    Unforgiven OK Google
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    33,701
    Joined:
    Jun 23, 2010

    Jun 23, 2010
    33,701
    34,087
    4,238
    Male
    Douglas, MA
    I've already asked for that.
     
  25. Kaldek

    Kaldek Lurker
    Rank:
    None
    Points:
    5
    Posts:
    2
    Joined:
    Jul 8, 2010

    Jul 8, 2010
    2
    0
    5
    I'm interested in whether the password hashes were salted. I'll feel better knowing they were salted.
     

Share This Page

Loading...