Password compromised

Trevis · March 26, 2021 at 11:41 AM

Just a heads up, I got an alert that my password here was found online in a data dump. I hadn't changed it before the site had SSL enabled, so if anyone hasn't changed theirs in a while, it might be time to do so.

EdDinIL · March 26, 2021 at 01:07 PM

Was this the only site where you used that compromised password? Did that alert mention IC by name? The admins might be interested in more details, considering the implication that the entire site could be compromised.

mrmagloo · March 26, 2021 at 02:37 PM

I've got the warning a while ago too. I changed the password, and things were fine for a while, but now it's doing it again.

So Mauser and crew, when you see harsh stuff posted under my account, trust that it was NOT me. Until the security issue is resolved, we cannot be held responsible for hackers posting over the top stuff from our acct. Tried to upload screen show that identifies IC directly.

Graciously submitted.

Trevis · March 26, 2021 at 03:14 PM

Screen shot of the email attached.

Talonap · March 26, 2021 at 03:28 PM

Are you sure the message is legit?

/

Quiet Observer · March 26, 2021 at 03:41 PM

Are you sure the message is legit?

/

It is good advice to periodically change passwords, regardless of where the advice comes from.

I would never change it via a link in an email. I always close the email and go directly to the site in question and do the change there.

mauserme · March 26, 2021 at 04:27 PM

Screen shot of the email attached.

I received a similar email about several passwords I have saved in Chrome last week, mostly some pretty insecure passwords. My IC password wasn't included but that one is pretty complicated.

I took it to be Google scrubbing my saved passwords against a list they developed from the dark web. Do you use Chrome, and was the password they emailed you about saved in that browser?

gunuser17 · March 26, 2021 at 04:41 PM

I would first assume that the email alert was a phishing scam looking to obtain information. Before I would do anything, I would attempt to determine whether the alert notification was legitimate. I strongly suspect that it was not legitimate.

mauserme · March 26, 2021 at 04:49 PM

I would first assume that the email alert was a phishing scam looking to obtain information. Before I would do anything, I would attempt to determine whether the alert notification was legitimate. I strongly suspect that it was not legitimate.

Yes, for sure it's worth changing passwords just in case, but do so only through the websites that you would normally log on to.

mikeyk101 · March 26, 2021 at 05:04 PM

You can verify the email against your phone if you have Android. Go to settings, Google, and them Manage Your Google Account. The first choice will be Critical Security Issues. Click on the Take Action button to see the same compromised password information.

mrmagloo · March 26, 2021 at 05:05 PM

I would first assume that the email alert was a phishing scam looking to obtain information. Before I would do anything, I would attempt to determine whether the alert notification was legitimate. I strongly suspect that it was not legitimate.

That is legit. But I agree to never click links, and go directly to review the report. My alerts come in the way of popups from Chrome. It's done a pretty good job. I do use a pw mgr and each is unique to the site. Again, the unique password here was reported as compromised 3 months ago, and I posted it then. I changed the password, and it's again coming up as compromised again.

That said, because this isn't a transactional site, I'm not as worried about it, but still it's something to look into. IPS is not noted to be the most secure in the world. I had them managing my sites, with real time updates, and I still had problems from time to time. However, the hackers were more focused on the web store component, which I eventually was forced to move to Shopify, before finally selling them to VS and IB.

I think the biggest risk here are with members who use the same screen name, email, and password for multiple sites. That's flirting with disaster.

InterestedBystander · March 26, 2021 at 07:33 PM

Just a heads up, I got an alert that my password here was found online in a data dump. I hadn't changed it before the site had SSL enabled, so if anyone hasn't changed theirs in a while, it might be time to do so.

Whoa...how did I miss the SSL implementation here? When did that happen?

Euler · March 26, 2021 at 09:46 PM

Whoa...how did I miss the SSL implementation here? When did that happen?

Sometime during the week of Feb 8, I believe. YouTube embedding stopped working here at about the same time, although I think they are unrelated to each other.

Molly B. · March 27, 2021 at 04:55 PM

Whoa...how did I miss the SSL implementation here? When did that happen?
Sometime during the week of Feb 8, I believe. YouTube embedding stopped working here at about the same time, although I think they are unrelated to each other.

It appears the youtube problem and fixing the SSL is related.

Gator4838 · March 27, 2021 at 05:08 PM

Alright guys and gals can you please explain to me in layman,s terms what is going on and what steps I need to take if any?should everyone change password?

Trevis · March 27, 2021 at 07:11 PM

Screen shot of the email attached.
I received a similar email about several passwords I have saved in Chrome last week, mostly some pretty insecure passwords. My IC password wasn't included but that one is pretty complicated.

I took it to be Google scrubbing my saved passwords against a list they developed from the dark web. Do you use Chrome, and was the password they emailed you about saved in that browser?

I must have saved the password there, but have also used a different password manager since then, so it might even be an old password, but I figured it would be good to tell site admin in case there is something nefarious going on.

Quiet Observer · March 27, 2021 at 09:17 PM

Alright guys and gals can you please explain to me in layman,s terms what is going on and what steps I need to take if any?should everyone change password?

Based on posts #1, #4 and #16, the OP was notified by Google that his password here(?) had been compromised.

It may have been an old one and not his present one.

It does not appear to effect this site in general and does not appear to affect the rest of us.

But as I noted above #6, it can be a good idea to periodically change a password.

The article discusses the subject. Make your own decision.

How Often Should You Change Your Password? - Best Ways To Protect Your Privacy This 2021 - Defending Digital

EdDinIL · March 30, 2021 at 01:10 PM

Out of an abundance of caution I changed my password. Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days.

Trevis · March 30, 2021 at 01:28 PM

Out of an abundance of caution I changed my password. Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days.

That means it's time to get back to work!

EdDinIL · March 30, 2021 at 09:20 PM

Out of an abundance of caution I changed my password. Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days.
That means it's time to get back to work!

Ha! That's the problem, I'm working and when I get back to reading it, I have to log in again. :lol:

Sign In

Password compromised

Recommended Posts

Trevis

EdDinIL

mrmagloo

Trevis

Talonap

Quiet Observer

mauserme

gunuser17

mauserme

mikeyk101

mrmagloo

InterestedBystander

Euler

Molly B.

Gator4838

Trevis

Quiet Observer

EdDinIL

Trevis

EdDinIL

Archived

Recently Browsing 0 members

Browse

Activity

My Activity Streams

Store

Support