Trevis Posted March 26, 2021 at 11:41 AM Share Posted March 26, 2021 at 11:41 AM Just a heads up, I got an alert that my password here was found online in a data dump. I hadn't changed it before the site had SSL enabled, so if anyone hasn't changed theirs in a while, it might be time to do so. Link to comment Share on other sites More sharing options...
EdDinIL Posted March 26, 2021 at 01:07 PM Share Posted March 26, 2021 at 01:07 PM Was this the only site where you used that compromised password? Did that alert mention IC by name? The admins might be interested in more details, considering the implication that the entire site could be compromised. Link to comment Share on other sites More sharing options...
mrmagloo Posted March 26, 2021 at 02:37 PM Share Posted March 26, 2021 at 02:37 PM I've got the warning a while ago too. I changed the password, and things were fine for a while, but now it's doing it again. So Mauser and crew, when you see harsh stuff posted under my account, trust that it was NOT me. Until the security issue is resolved, we cannot be held responsible for hackers posting over the top stuff from our acct. Tried to upload screen show that identifies IC directly. Graciously submitted. Link to comment Share on other sites More sharing options...
Trevis Posted March 26, 2021 at 03:14 PM Author Share Posted March 26, 2021 at 03:14 PM Screen shot of the email attached. Link to comment Share on other sites More sharing options...
Talonap Posted March 26, 2021 at 03:28 PM Share Posted March 26, 2021 at 03:28 PM Are you sure the message is legit? / Link to comment Share on other sites More sharing options...
Quiet Observer Posted March 26, 2021 at 03:41 PM Share Posted March 26, 2021 at 03:41 PM Are you sure the message is legit? / It is good advice to periodically change passwords, regardless of where the advice comes from. I would never change it via a link in an email. I always close the email and go directly to the site in question and do the change there. Link to comment Share on other sites More sharing options...
mauserme Posted March 26, 2021 at 04:27 PM Share Posted March 26, 2021 at 04:27 PM Screen shot of the email attached.I received a similar email about several passwords I have saved in Chrome last week, mostly some pretty insecure passwords. My IC password wasn't included but that one is pretty complicated. I took it to be Google scrubbing my saved passwords against a list they developed from the dark web. Do you use Chrome, and was the password they emailed you about saved in that browser? Link to comment Share on other sites More sharing options...
gunuser17 Posted March 26, 2021 at 04:41 PM Share Posted March 26, 2021 at 04:41 PM I would first assume that the email alert was a phishing scam looking to obtain information. Before I would do anything, I would attempt to determine whether the alert notification was legitimate. I strongly suspect that it was not legitimate. Link to comment Share on other sites More sharing options...
mauserme Posted March 26, 2021 at 04:49 PM Share Posted March 26, 2021 at 04:49 PM I would first assume that the email alert was a phishing scam looking to obtain information. Before I would do anything, I would attempt to determine whether the alert notification was legitimate. I strongly suspect that it was not legitimate. Yes, for sure it's worth changing passwords just in case, but do so only through the websites that you would normally log on to. Link to comment Share on other sites More sharing options...
mikeyk101 Posted March 26, 2021 at 05:04 PM Share Posted March 26, 2021 at 05:04 PM You can verify the email against your phone if you have Android. Go to settings, Google, and them Manage Your Google Account. The first choice will be Critical Security Issues. Click on the Take Action button to see the same compromised password information. Link to comment Share on other sites More sharing options...
mrmagloo Posted March 26, 2021 at 05:05 PM Share Posted March 26, 2021 at 05:05 PM I would first assume that the email alert was a phishing scam looking to obtain information. Before I would do anything, I would attempt to determine whether the alert notification was legitimate. I strongly suspect that it was not legitimate. That is legit. But I agree to never click links, and go directly to review the report. My alerts come in the way of popups from Chrome. It's done a pretty good job. I do use a pw mgr and each is unique to the site. Again, the unique password here was reported as compromised 3 months ago, and I posted it then. I changed the password, and it's again coming up as compromised again. That said, because this isn't a transactional site, I'm not as worried about it, but still it's something to look into. IPS is not noted to be the most secure in the world. I had them managing my sites, with real time updates, and I still had problems from time to time. However, the hackers were more focused on the web store component, which I eventually was forced to move to Shopify, before finally selling them to VS and IB. I think the biggest risk here are with members who use the same screen name, email, and password for multiple sites. That's flirting with disaster. Link to comment Share on other sites More sharing options...
InterestedBystander Posted March 26, 2021 at 07:33 PM Share Posted March 26, 2021 at 07:33 PM Just a heads up, I got an alert that my password here was found online in a data dump. I hadn't changed it before the site had SSL enabled, so if anyone hasn't changed theirs in a while, it might be time to do so.Whoa...how did I miss the SSL implementation here? When did that happen? Link to comment Share on other sites More sharing options...
Euler Posted March 26, 2021 at 09:46 PM Share Posted March 26, 2021 at 09:46 PM Whoa...how did I miss the SSL implementation here? When did that happen? Sometime during the week of Feb 8, I believe. YouTube embedding stopped working here at about the same time, although I think they are unrelated to each other. Link to comment Share on other sites More sharing options...
Molly B. Posted March 27, 2021 at 04:55 PM Share Posted March 27, 2021 at 04:55 PM Whoa...how did I miss the SSL implementation here? When did that happen?Sometime during the week of Feb 8, I believe. YouTube embedding stopped working here at about the same time, although I think they are unrelated to each other. It appears the youtube problem and fixing the SSL is related. Link to comment Share on other sites More sharing options...
Gator4838 Posted March 27, 2021 at 05:08 PM Share Posted March 27, 2021 at 05:08 PM Alright guys and gals can you please explain to me in layman,s terms what is going on and what steps I need to take if any?should everyone change password? Link to comment Share on other sites More sharing options...
Trevis Posted March 27, 2021 at 07:11 PM Author Share Posted March 27, 2021 at 07:11 PM Screen shot of the email attached.I received a similar email about several passwords I have saved in Chrome last week, mostly some pretty insecure passwords. My IC password wasn't included but that one is pretty complicated. I took it to be Google scrubbing my saved passwords against a list they developed from the dark web. Do you use Chrome, and was the password they emailed you about saved in that browser? I must have saved the password there, but have also used a different password manager since then, so it might even be an old password, but I figured it would be good to tell site admin in case there is something nefarious going on. Link to comment Share on other sites More sharing options...
Quiet Observer Posted March 27, 2021 at 09:17 PM Share Posted March 27, 2021 at 09:17 PM Alright guys and gals can you please explain to me in layman,s terms what is going on and what steps I need to take if any?should everyone change password? Based on posts #1, #4 and #16, the OP was notified by Google that his password here(?) had been compromised. It may have been an old one and not his present one. It does not appear to effect this site in general and does not appear to affect the rest of us.But as I noted above #6, it can be a good idea to periodically change a password. The article discusses the subject. Make your own decision.How Often Should You Change Your Password? - Best Ways To Protect Your Privacy This 2021 - Defending Digital Link to comment Share on other sites More sharing options...
EdDinIL Posted March 30, 2021 at 01:10 PM Share Posted March 30, 2021 at 01:10 PM Out of an abundance of caution I changed my password. Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days. Link to comment Share on other sites More sharing options...
Trevis Posted March 30, 2021 at 01:28 PM Author Share Posted March 30, 2021 at 01:28 PM Out of an abundance of caution I changed my password. Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days. That means it's time to get back to work! Link to comment Share on other sites More sharing options...
EdDinIL Posted March 30, 2021 at 09:20 PM Share Posted March 30, 2021 at 09:20 PM Out of an abundance of caution I changed my password. Now IC is timing out my sign-on after a few hours of inactivity (4 hours?) instead of 3 days.That means it's time to get back to work! Ha! That's the problem, I'm working and when I get back to reading it, I have to log in again. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.