Recent Attack

[AliGW]

Where have they turned up online? Link, please.

 

[mole999]

Where have they turned up online? Link, please.

LOL, are we really going to post a link that would expose what has already been released even further into the wild

 

[AliGW]

Well, without hard proof, I'm not taking anybody's word for it. And if it's true, then you should, before now, and in a very overt way, have advised all members to change their passwords. So don't "LOL" me, please.

 

[RoryA]

We did in fact do precisely that. There was a banner at the top of the forum advising people to change their passwords.

 

[AliGW]

I did not see it, I am afraid. This is the first I have heard of it.

I would have expected some form of E-mail notification if it were that serious.

 

[Kyle123]

There are sites you can subscribe to that will notify you when your email address is found in compromised data. https://haveibeenpwned.com Is one that despite sounding a bit dodgy is run by Troy Hunt a Microsoft recognised security reasrcher. You get an email if you've been compromised. there are other sites out there as well.

To be honest though it's the reason I use a password manager, unique random passwords on each site so it doesn't really matter if they're compromised (especially since they're hard to crack in the first place)

 

[mole999]

I did not see it, I am afraid. This is the first I have heard of it.

I would have expected some form of E-mail notification if it were that serious.

To paraphrase Caveat Emptor this site has Members 374,498, thats a lot of email bandwidth to utilise to pass a single message which the banner at the top of the page for a number of weeks served adequately to publicise

My own opinion > 35,000 websites hacked using an exploit in vBulletin Forum Software

 

[Krayons]

I am rather concerned over the fact that you have moderators laughing about the situation and worrying about how many emails you would have to send, as if it's some sort of great inconvenience, to notify the community of members of fact that their accounts have been compromised.

I'm willing to bet that a large sum of those 374,498 users, have no idea mrexcel.com was hacked. For those users who infrequent the forum, forgot they had an account, were on vacation or otherwise just havent logged in during that period, then they have no clue. For all they know, some script kiddy could be browsing through their private email as we speak.

A small banner at the top of the website, which I should note didnt even advise users to change passwords until Kyle123 and I put up a stink... and you consider that "adequate"?

@AliGW, do or don't, its on you at the end of the day. I think this thread already makes it evident why should be changing your passwords.

 

[Joe4]

as if it's some sort of great inconvenience, to notify the community of members of fact that their accounts have been compromised.

Do you have any idea what happens if you try to send out 375,000 email from a single source?
You get classified as a "Spammer", start showing up on Spam websites, and many ISPs start blocking emails from your IP.
We already have some situations where some ISPs block our emails, as I see it often when people send us emails when they sign up and never receive the confirmation email that we send that contains the link they must click to activate their account.

 

[AliGW]

A small banner at the top of the website, which I should note didnt even advise users to change passwords until Kyle123 and I put up a stink... and you consider that "adequate"?

@AliGW, do or don't, its on you at the end of the day. I think this thread already makes it evident why should be changing your passwords.

I have changed my password, of course! My issue is with the banner that I do not recall having seen. If I managed to 'miss' seeing it, then it was not as conspicuous as it needed to be. Just sayin' ...