Mercury Cougar Owners banner

1 - 19 of 19 Posts

·
Administrator
Joined
·
304 Posts
Discussion Starter #1
Hello Everyone,

Per the latest announcements we will be resetting everyone’s passwords. Shortly you should be receiving an email directing you how to change your password. It will look like this:

Subject: Your new password for *site name*
Dear *username*,

Your password has been reset by an administrator. Your new details are as follows:

Username: *username*

Password: *Randomly generated temp password*

To change your password, please visit this page: *link to password reset edit page from USERCP*

If you suspect this email is a scam, you can confirm the legitimacy of this email by manually navigate to the forum URL yourself and use your new password to log in.

All the best,

Site Name


As you can see it will give you a randomly generated temporary password, as well as telling you where you need to go to updated it accordingly.

If you do not receive this email please go to the contact us page and select Other, and type in Security Password Update Issues

We’re sorry for the inconvenience.



The Community Support Team
 

·
Premium Member
Joined
·
4,093 Posts
OK So MCN sent me a pass word that no human can remember. Thanks dumb ass. I have been a member here for so long I can't remember if ti was 1996 or what ever it was. I have never had a problem and really don't think this was needed. This is not a Bank or other financial institute.
 

·
Registered
Joined
·
2,400 Posts
Hilite the new password and copy it, then paste it in for the password...do all this with the link they provide in the same email to change your password. Simple. New password 10 digit requirment with a symbol and all is a little over the top, imo.
 

·
Registered
Joined
·
1,418 Posts
Admin,

What precipitated this mass need to update passwords? Was the site hacked?
 

·
Registered
Joined
·
50 Posts
Come on guys, in this day and age secure passwords are required everywhere. If a hacker gets into the site they can pull member lists with email addresses to add to their own spam lists, send out spam PM, take over admin functions, and basically destroy the website for fun. Depending on server security they can setup a mail script to pump out spam emails too.

I do this for a living so I know first hand how ugly it can get, some of the forums I look after have millions of posts and tens of thousands of members and are under constant attack.

I'm sure the admins have it covered but if it helps there is a vulnerable password checker in vb (it's pretty basic) at AdminCP -> Users -> Check Vulnerable Passwords
I also couldn't survive without the glowhost spam-o-matic mod. It's a life saver. Automatic spam email checking at registration and new member probation w/ automatic upgrades to registered status.
 

·
Registered
Joined
·
2,493 Posts
secure or not, the special character and capital letter is a lot to remember
 

·
Registered
Joined
·
50 Posts
Try using a phrase that you'll remember. Don't use this but as an example try something like [email protected] I used a one in place of I and and @ in place of A. Oh and when you log in put a check mark in the "Keep me logged in" button. Most modern browsers will ask to remember your password as well. Hope that helps.
 

·
Registered
Joined
·
48 Posts
Admin,

What precipitated this mass need to update passwords? Was the site hacked?
I'm guessing this is a vBulletin thing since another forum I'm on also required this change yesterday as well
 

·
Registered
Joined
·
64 Posts
My automated email notice ended up buried so far down my inbox that I didn't see it. When my login failed 3/5 of allotted attempts, I just clicked the "forgot my password" link and followed that process. Now I'm back in with just a few minutes inconvenience; no sweat. Cheers!
 
D

·
Guest
Joined
·
0 Posts
Ok so I didn't get the e-mail as my old e-mail what a state e-mail account which i no longer have? When I clicked on forgot my password it said to enter my e-mail. Then it told me it didn't recognize the e-mail so I had to re register on the site. Now how do I go about linking the two accounts or getting my old password changed? I sent three or four messages to ADMIN with no response. My latest attempt was to contact 69Vert as an administrator and see if he can help me out. Jeesh!
 

·
Administrator
Joined
·
304 Posts
Discussion Starter #12
Hi guys,

The site has not been hacked but there were quite a few of the larger social networking sites like Facebook and Twitter that have become compromised. Because some people use the same passwords across many sites, we want to make sure that no one on here is vulnerable as a result. Let us know if any of you are having troubles and we'll be happy to help out.

~Sheena
 

·
Registered
Joined
·
5,633 Posts
Really? Facebook and Twitter? Really?

45m passwords stolen from VerticalScope forums in massive data breach



"A hacker breached Toronto-based firm VerticalScope’s systems and stole 45 million records from its network of more than 1,100 websites and forums. The attack was reportedly carried out in February.
The company operates scores of major properties for automotive, sports, outdoor, health and hobby enthusiasts, including AutoGuide.com, Motorcycle.com, Boat.com, TennisUniverse.com, PetGuide.com and Mothering.com.
It isn’t clear who was behind the attack, and oddly, the company hasn’t made a public statement about the breach. Jerry Orban, vice president of corporate development, told ZDNet:
We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities.
LeakedSource, which indexes hacked credentials from data breaches, obtained a copy of the database and says that it also found IP addresses in the records.
It also noted that ‘less than 10% of the domains which account for a very small amount of leaked records used difficult to break encryption (less than a couple million).’ More than 40 million other passwords were secured using MD5 with salting, which is easy enough to crack.
ZDNet reported that a number of the VerticalScope sites it investigated ran versions of the popular vBulletin forum software dating back to 2007, which contained known security flaws that could easily be exploited by hackers.
There was something strange about the passwords that came up most frequently in this database.
Unlike the recent Twitter user hack, in which LeakedSource found the most common passwords to be ‘123456’, followed by ‘123456789’, ‘qwerty’ and ‘password’, a number of seemingly random strings made the top 10 list this time, including ’18atcskd2w’ at the no. 2 spot and ‘3rjs1la7qe’ at no. 4.
Troy Hunt, the creator of data breach tracker Have I Been Pwned?, said that, “This could be due to data inconsistencies in the source, issues with how the hacker exported them or tampering by someone else who’s handled it downstream of them.”
Akash Mahajan, Director at Web app security firm AppSecco, noted that this anomaly could also point to site-wide mandates enforced by administrators when trying to secure the database, or reset passwords for a number of users.
If you have an account on any of the forums run by VerticalScope, you’ll certainly want to change your password immediately."

http://thenextweb.com/insider/2016/06/15/45m-passwords-stolen-verticalscope-forums-massive-data-breach/#gref
 

·
Registered
Joined
·
2,055 Posts
Ain't it great how they come on here and lie right to your face?
 

·
Registered
Joined
·
2,161 Posts
http://www.verticalscope.com/about-us/notice-of-data-breach.html





look what was just banner-ed across the top of all V/S sites ...


Verticalscope.com
Search the Site Search Search
ABOUT USOUR VERTICALSOUR SOLUTIONSCAREERSCONTACT US
HOME
Notice of Data Breach



You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you.

What Happened?

On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.

What Information Was Involved?

Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.

What We Are Doing

We are in the process of invalidating passwords of all VerticalScope user accounts. We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security. We are in the process of implementing stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes. We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords). We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API's of the February breach to allow their own security teams to investigate. We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.

VerticalScope is taking steps to strengthen account security. We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security. We are taking steps to investigate and test new encryption and security technologies to further protect our users.

What You Can Do

To keep your account as safe as possible, we recommend that you regularly change your VerticalScope community password, and that you use a unique password for each of your online accounts. Using the same password for multiple online accounts significantly increases your chances of being compromised. Even though the passwords stolen in February were hashed, we recommend that if you were using (or are currently using) your VerticalScope community password across multiple online accounts, that you change your password for such other online accounts. We encourage you to regularly review your accounts and report any suspicious or unrecognized activity immediately.

For More Information

If you have any questions, please feel free to contact our Community Management team by email at [email protected] or on the website that you frequent. A support thread has been created on each website, and our support teams are on there to help you through the process and answer any questions you may have.
Home Media Kits Accessibility AODA Terms of Use Privacy Statement Copyright © 2016 VerticalScope Inc. All rights reserved.
 

·
Registered
Joined
·
2,161 Posts
and I quote........ Mods and Admins every 180 days, members every 365 days.

"1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 180 day basis. When you login on the 181st day, you will have to change it. You guys and girls all have the highest level of access in our communities and this will help protect your accounts.

All other users on the community will have 365 day expirations. We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

I also ask that you help us with ensuring all users are being heard and we are answering everyone’s questions. We will be posting an announcement up to the community shortly and want to keep all chatter about this issue and any potential security issues in one place. If you see a user talking about this topic in a section outside of the announcement, please either move the post, or remove it and direct the user to the original thread. We greatly appreciate your help in this. If you have any questions please post them below



Thanks all,

Helena

Community Management"





""" I also ask that you help us with ensuring all users are being heard and we are answering everyone’s questions. We will be posting an announcement up to the community shortly and want to keep all chatter about this issue and any potential security issues in one place. If you see a user talking about this topic in a section outside of the announcement, please either move the post, or remove it and direct the user to the original thread. We greatly appreciate your help in this. If you have any questions please post them below """"




YES PLEASE help them cover up their screw up and control the fall out by only letting this be discussed in one (hidden) place ...
 

·
Registered
Joined
·
2,161 Posts
Users Browsing this Forum
There are currently 78 users browsing this forum. (4 members & 74 guests)
ndtorque 70B302Cat Lou223 polanskys
 

·
Registered
Joined
·
2,161 Posts
I see things have not improved much here .. just like the other VS sites ...

Currently Active UsersCurrently Active Users
There are currently 295 users online. 18 members and 277 guests
Most users ever online was 1,788, May 27th, 2015 at 11:37 AM.
Staff Member: ndtorque .:BLitZ:. 70B302Cat badcatt cobrasc427 droptopcat70 frankie3555 Hunterkane James C. leonbray Mike_B_SVT polanskys propayne sbbtech xr7g428 YJ4000
 

·
Administrator
Joined
·
304 Posts
Discussion Starter #19
Hey Guys,

I just want to post here to shed a little more light on the situation, at least as much as we can provide at the moment.

A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

Their system was compromised and they grabbed user data for us and thousands of others.
We cleared our part of the breach and went this route to further security.
This is also in place as many members on the internet use the same or similar passwords across all things they use.

Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used.
Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Though this breech happened in Feb, we were not notified until very recently. We worked hard to find a solution for this mess, and acted on it. Though it may not be ideal in some eyes, it is the best we have access to ATM.
Once the storm settles we may look into other methods for our security, but right now we ask that you be patient with us.

As for us not responding to members, you have to understand our community support team watches over many sites. Luckily this week and last, we have had many members from other teams offer help. With that said all emails sent to our Contact Us email will be dealt with. Granted, it may take a little time for us to get to all of them, but please be patient with us as we are working really hard to catch up and help everyone.

If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you for your patience and understanding,

Richard.
 
1 - 19 of 19 Posts
Top