Jump to content


Photo

Password compromised


  • Please log in to reply
19 replies to this topic

#1 Trevis

    Member

  • Members
  • 3,027 posts
  • Joined: 19-October 07

Posted 26 March 2021 - 05:41 AM

Just a heads up, I got an alert that my password here was found online in a data dump. I hadn't changed it before the site had SSL enabled, so if anyone hasn't changed theirs in a while, it might be time to do so.

"You know, there are some words I've known since I was a schoolboy: 'With the first link, the chain is forged. The first speech censured...the first thought forbidden...the first freedom denied--chains us all irrevocably.' Those words were uttered by Judge Aaron Satie, as wisdom...and warning. The first time any man's freedom is trodden on, we're all damaged..." - Capt. Jean-Luc Picard

 

“But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case it is unfit to exist.”

― Lysander SpoonerNo Treason: The Constitution of No Authority

1AApp.jpg


#2 EdDinIL

    Member

  • Supporting Members Team
  • PipPipPipPipPipPipPipPipPip
  • 461 posts
  • Joined: 08-January 14

Posted 26 March 2021 - 07:07 AM

Was this the only site where you used that compromised password?  Did that alert mention IC by name?  The admins might be interested in more details, considering the implication that the entire site could be compromised.  


Life Member: NRA, ISRA, SAF

 


#3 mrmagloo

    Member

  • Members
  • 2,374 posts
  • Joined: 28-April 11

Posted 26 March 2021 - 08:37 AM

I've got the warning a while ago too.  I changed the password, and things were fine for a while, but now it's doing it again.

 

So Mauser and crew, when you see harsh stuff posted under my account, trust that it was NOT me.  Until the security issue is resolved, we cannot be held responsible for hackers posting over the top stuff from our acct.  Tried to upload screen show that identifies IC directly.  

 

Graciously submitted.


Edited by mrmagloo, 26 March 2021 - 08:37 AM.


#4 Trevis

    Member

  • Members
  • 3,027 posts
  • Joined: 19-October 07

Posted 26 March 2021 - 09:14 AM

Screen shot of the email attached.

Attached Thumbnails

  • Screenshot_20210326-101248_Gmail.jpg

"You know, there are some words I've known since I was a schoolboy: 'With the first link, the chain is forged. The first speech censured...the first thought forbidden...the first freedom denied--chains us all irrevocably.' Those words were uttered by Judge Aaron Satie, as wisdom...and warning. The first time any man's freedom is trodden on, we're all damaged..." - Capt. Jean-Luc Picard

 

“But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case it is unfit to exist.”

― Lysander SpoonerNo Treason: The Constitution of No Authority

1AApp.jpg


#5 Talonap

    Member

  • Members
  • 3,730 posts
  • Joined: 12-July 08

Posted 26 March 2021 - 09:28 AM

Are you sure the message is legit?

 

 

 

 

 

 

 

 

 

/



#6 Quiet Observer

    Member

  • Supporting Members Team
  • 2,105 posts
  • Joined: 20-May 15

Posted 26 March 2021 - 09:41 AM

Are you sure the message is legit?

 

/

 

It is good advice to periodically change passwords, regardless of where the advice comes from. 

 

I would never change it via a link in an email. I always close the email and go directly to the site in question and do the change there.



#7 mauserme

    Eliminating the element of surprise one bill at a time.

  • Admin
  • 23,460 posts
  • Joined: 20-February 09

Posted 26 March 2021 - 10:27 AM

Screen shot of the email attached.


I received a similar email about several passwords I have saved in Chrome last week, mostly some pretty insecure passwords. My IC password wasn't included but that one is pretty complicated.

I took it to be Google scrubbing my saved passwords against a list they developed from the dark web.  Do you use Chrome, and was the password they emailed you about saved in that browser?



#8 gunuser17

    Member

  • Members
  • PipPipPipPip
  • 234 posts
  • Joined: 11-January 17

Posted 26 March 2021 - 10:41 AM

I would first assume that the email alert was a phishing scam looking to obtain information.  Before I would do anything, I would attempt to determine whether the alert notification was legitimate.  I strongly suspect that it was not legitimate.


Edited by gunuser17, 26 March 2021 - 10:42 AM.


#9 mauserme

    Eliminating the element of surprise one bill at a time.

  • Admin
  • 23,460 posts
  • Joined: 20-February 09

Posted 26 March 2021 - 10:49 AM

I would first assume that the email alert was a phishing scam looking to obtain information.  Before I would do anything, I would attempt to determine whether the alert notification was legitimate.  I strongly suspect that it was not legitimate.


Yes, for sure it's worth changing passwords just in case, but do so only through the websites that you would normally log on to.

#10 mikeyk101

    Member

  • Supporting Members Team
  • PipPipPipPipPip
  • 286 posts
  • Joined: 25-February 15

Posted 26 March 2021 - 11:04 AM

You can verify the email against your phone if you have Android. Go to settings, Google, and them Manage Your Google Account. The first choice will be Critical Security Issues. Click on the Take Action button to see the same compromised password information.

#11 mrmagloo

    Member

  • Members
  • 2,374 posts
  • Joined: 28-April 11

Posted 26 March 2021 - 11:05 AM

I would first assume that the email alert was a phishing scam looking to obtain information.  Before I would do anything, I would attempt to determine whether the alert notification was legitimate.  I strongly suspect that it was not legitimate.

 

That is legit.  But I agree to never click links, and go directly to review the report.  My alerts come in the way of popups from Chrome.  It's done a pretty good job.  I do use a pw mgr and each is unique to the site. Again, the unique password here was reported as compromised 3 months ago, and I posted it then.  I changed the password, and it's again coming up as compromised again.

 

That said, because this isn't a transactional site, I'm not as worried about it, but still it's something to look into.  IPS is not noted to be the most secure in the world.  I had them managing my sites, with real time updates, and I still had problems from time to time. However, the hackers were more focused on the web store component, which I eventually was forced to move to Shopify, before finally selling them to VS and IB.

 

I think the biggest risk here are with members who use the same screen name, email, and password for multiple sites. That's flirting with disaster.



#12 InterestedBystander

    Member

  • Supporting Members Team
  • 8,489 posts
  • Joined: 15-March 13

Posted 26 March 2021 - 01:33 PM

Just a heads up, I got an alert that my password here was found online in a data dump. I hadn't changed it before the site had SSL enabled, so if anyone hasn't changed theirs in a while, it might be time to do so.

Whoa...how did I miss the SSL implementation here? When did that happen?
NRA Life Member; ISRA Member
SAF Member; GOA Member
FFL-IL Supporter
🇺🇸

#13 Euler

    Member

  • Members
  • 3,585 posts
  • Joined: 26-February 18

Posted 26 March 2021 - 03:46 PM

Whoa...how did I miss the SSL implementation here? When did that happen?


Sometime during the week of Feb 8, I believe. YouTube embedding stopped working here at about the same time, although I think they are unrelated to each other.
The welfare of the people in particular has always been the alibi of tyrants, and it provides the further advantage of giving the servants of tyranny a good conscience.

- Albert Camus, Resistance, Rebellion, and Death, 1960.


#14 Molly B.

    IllinoisCarry spokesperson

  • Moderator
  • 17,530 posts
  • Joined: 18-April 05

Posted 27 March 2021 - 10:55 AM

 

Whoa...how did I miss the SSL implementation here? When did that happen?


Sometime during the week of Feb 8, I believe. YouTube embedding stopped working here at about the same time, although I think they are unrelated to each other.

 


It appears the youtube problem and fixing the SSL is related.


"It does not take a majority to prevail ... but rather an irate, tireless minority, keen on setting brushfires of freedom in the minds of men." --Samuel Adams

#15 Gator4838

    Member

  • Members
  • PipPipPipPipPipPipPip
  • 359 posts
  • Joined: 05-April 19

Posted 27 March 2021 - 11:08 AM

Alright guys and gals can you please explain to me in layman,s terms what is going on and what steps I need to take if any?should everyone change password?

#16 Trevis

    Member

  • Members
  • 3,027 posts
  • Joined: 19-October 07

Posted 27 March 2021 - 01:11 PM

 

Screen shot of the email attached.


I received a similar email about several passwords I have saved in Chrome last week, mostly some pretty insecure passwords. My IC password wasn't included but that one is pretty complicated.

I took it to be Google scrubbing my saved passwords against a list they developed from the dark web.  Do you use Chrome, and was the password they emailed you about saved in that browser?

 

I must have saved the password there, but have also used a different password manager since then, so it might even be an old password, but I figured it would be good to tell site admin in case there is something nefarious going on. 


"You know, there are some words I've known since I was a schoolboy: 'With the first link, the chain is forged. The first speech censured...the first thought forbidden...the first freedom denied--chains us all irrevocably.' Those words were uttered by Judge Aaron Satie, as wisdom...and warning. The first time any man's freedom is trodden on, we're all damaged..." - Capt. Jean-Luc Picard

 

“But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case it is unfit to exist.”

― Lysander SpoonerNo Treason: The Constitution of No Authority

1AApp.jpg


#17 Quiet Observer

    Member

  • Supporting Members Team
  • 2,105 posts
  • Joined: 20-May 15

Posted 27 March 2021 - 03:17 PM

Alright guys and gals can you please explain to me in layman,s terms what is going on and what steps I need to take if any?should everyone change password?

 

Based on posts #1, #4 and #16, the OP was notified by Google that his password here(?) had been compromised. 

It may have been an old one and not his present one. 

It does not appear to effect this site in general and does not appear to affect the rest of us.

But as I noted above #6, it can be a good idea to periodically change a password. 

 

The article discusses the subject. Make your own decision.

How Often Should You Change Your Password? - Best Ways To Protect Your Privacy This 2021 - Defending Digital



#18 EdDinIL

    Member

  • Supporting Members Team
  • PipPipPipPipPipPipPipPipPip
  • 461 posts
  • Joined: 08-January 14

Posted 30 March 2021 - 07:10 AM

Out of an abundance of caution I changed my password.  Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days.  


Life Member: NRA, ISRA, SAF

 


#19 Trevis

    Member

  • Members
  • 3,027 posts
  • Joined: 19-October 07

Posted 30 March 2021 - 07:28 AM

Out of an abundance of caution I changed my password.  Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days.

That means it's time to get back to work!

"You know, there are some words I've known since I was a schoolboy: 'With the first link, the chain is forged. The first speech censured...the first thought forbidden...the first freedom denied--chains us all irrevocably.' Those words were uttered by Judge Aaron Satie, as wisdom...and warning. The first time any man's freedom is trodden on, we're all damaged..." - Capt. Jean-Luc Picard

 

“But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case it is unfit to exist.”

― Lysander SpoonerNo Treason: The Constitution of No Authority

1AApp.jpg


#20 EdDinIL

    Member

  • Supporting Members Team
  • PipPipPipPipPipPipPipPipPip
  • 461 posts
  • Joined: 08-January 14

Posted 30 March 2021 - 03:20 PM

 

Out of an abundance of caution I changed my password.  Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days.

That means it's time to get back to work!

 

Ha! That's the problem, I'm working and when I get back to reading it, I have to log in again.   :lol:


Life Member: NRA, ISRA, SAF

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users