Security and Privacy Issue : May-2014

[kenjiharima]

Hey guys this is the second time that my password here and my password at my email has been changed. You need to tighten more your security here.

[blaze0041]

I'm getting more concerned about websites that have been compromised, if this is anything to go by...
Australian Apple iDevices hijacked, held to ransom

Whilst it could be mere speculation, it's highly likely that "compromised login credentials from recent data breaches [were used] to access accounts and lock users out."
It's a newspaper article, but it drives home the point that you really shouldn't be using the same password on different websites, and to activate two-factor authentication whenever possible.

Since we're pretty much in the midst of an "Information Age", I don't think the value of information has ever been higher... it's the opportunity to make some quick cash off of identity fraud (or similar acts, like holding a computer to ransom) that, I daresay, fuels alot of these events.

[DragoZERO]

Thanks for being upfront and resetting the passwords. I hope you guys do what's logical and increase security here. Updating the forum software would be the logical first step, I think.

[Flower]

Quote:

Originally Posted by DragoZERO

Thanks for being upfront and resetting the passwords. I hope you guys do what's logical and increase security here. Updating the forum software would be the logical first step, I think.

We have been - slowly and surely. ^^

[xland44]

Is this due to the heartbleed thing that attacked a bunch of sites on the internet?

[Flower]

Quote:

Originally Posted by xland44

Is this due to the heartbleed thing that attacked a bunch of sites on the internet?

Nope - different kettle of fish.

[Majic]

On The Bright Side...

I will confess that in the past I had been using the same cheesy password for accounts on various forums on the assumption that "hey, it's just a forum account, it's not like I do my banking on discussion boards." And so I used a very weak password on multiple accounts (though never any that involved money) and things stayed that way for many years.

Thanks to the urging of the AnimeSuki staff, I gave more thought to the matter and realized that even if money isn't involved, I still don't want any of my accounts compromised, so I bit the bullet, ran the LastPass Security Challenge on my vault (I use LastPass), and gave every account I have the strongest unique password I could.

I went from an average password strength of about 37% (heavily penalized by all those dodgy forum passwords) to 92.8%, and the only reason it isn't 100% now is due to some rather archaic password length limits (as low as 8 characters!) on some of the sites I use. Thankfully, AnimeSuki is not one of them, and my new password here is very long and looks encrypted even when it's not, scoring 100% on the strength test.

Now, in the event of a compromise on any site I visit, it won't impact the security of any other site (unless my LastPass client or its encryption scheme is somehow compromised, in which case Katy bar the door).

So while I can certainly appreciate the staff would rather this never happened, it has led to some positive outcomes, and I'm grateful that it inspired me to finally tighten up my own security.

[noctis_lucis]

It's a real shame

[endarion88]

was this leak related to that hearbleed thing i've been reading around?

[Flower]

Quote:

Originally Posted by endarion88

was this leak related to that heartbleed thing I've been reading around?

Nope - different thing altogether.

[Enternal]

Quote:

Originally Posted by NightWish

That happens (too frequently) when a spam message gets deleted. The software fails to keep track of how many unread messages there are. It removes the message but fails to update the count, when really they should both happen atomically (at the same time); i.e. either they both happen or neither happens. Unlikely to be related to the events in this thread, but it could be an inconsistency stored in the backup that has appeared since we restored. That is to say, the point in time the backup was taken split the time between deleting the message and updating the count (again it really shouldn't happen but that's how they wrote the software).

If you notice any problems like that let us know and will add it to the list of things to check.

So I have the same problem as this but reading the replies, I'm assuming it can't really be fixed anymore? I do remember it not being a spam message though but an actual reply to a question that I asked another user but have not read it due to the breach and restoration of the forum backup. It's a bit annoying seeing a "1" there when there really is nothing there haha.

@ Flower
Updating the forum software? From what I read vBulletin v4 and v5 (plus all the bad things that Internet Brand did) are quite horrid. If anything, you might need to move to an entire different forum software. On the other hand, if you do, I think I would miss this theme a lot (AnimeSuki Default) since it's the same theme that's been around since I first registered in 2005. Simple, flat, but unique in a way.

[Scorpiopt]

Someone from south Korea tried to acess some old accounts using the old password that i had on this site

[snakebite969]

I'm not here often, but obviously annoyed about TOTALLY NOT OBVIOUS PHISHING EMAILS IN MY JUNK FOLDER (I mean, I don't even have a paypal, etc.), I searched my entire (mainly unread) inbox (not junk) for the word "register" and found out that this website was hacked

This is troublesome...

That is, assuming that all the emails was because of this hacking. It could have been any other forum or website im part tof, for all I know.

[SPARTAN 119]

I noticed the site was down earlier today, and when I got back on, I noticed that "you may have to change your password" box was back up and I was logged out. Was the hacker back AGAIN?!

[relentlessflame]

Quote:

Originally Posted by SPARTAN 119

I noticed the site was down earlier today, and when I got back on, I noticed that "you may have to change your password" box was back up and I was logged out. Was the hacker back AGAIN?!

No, nothing happened on our end (and I don't remember any downtime, but not sure). What you're describing, though, just sounds as though the cookies in your browser expired or were deleted, so as if you hit the Log Out button.

[MikoxMiko]

So this is why I have no access to my email account to even reset my password?

I've had to make a new account here which I know isn't technically allowed, but it's okay because of the situation?

[Alf_2014]

Same here. Have to make a new account because old account email isn't accessible....

[Touma Kamijou]

if i can be of assistance here ill do my best
as im currently studying in the field of network systems administration
i also have knowledge in php javascript html css and various programming languages
also i do mysql and am currently learning about relational databases
still learning of course but ill do my best to help keep this forum safe from further attacks if you'll let me

[RayOfLoveAndJustice]

Man i thought i had been kicked from here .
the new password is hard to remember so i`ll change it again

[hikaru2895]

and discovered i'd been hacked...
they got my email, fortunately i used another email account for unimportant stuff like banking etc. so they got the most important one, my anime
looks like they got my address list,
got spammed by myself lol
and a thousand messages "Could not deliver, could not find sender" etc
because a lot of the addresses where old.

but now i'm thinking that nobody will take my mail anymore because of the spoofing, they will think i'm a spammer and not trustworthy.

so i think i will have to delete that account and start another one, i've had this one for years...

i'm thinking they are spoofing my email address, they might not be logging into the email account, i've changed the password, so i'll see what happens.

luckily, i was using a "secondary account" so they couldn't get in and change passwords etc.