Carson Dyle
Diamond Member
- Jul 2, 2012
- 8,173
- 524
- 126
The reset and the mass mailing were done in conjunction, so yeah, you may log in/be logged into the forums before you get the email.
sao123
Lifer
- May 27, 2002
- 12,653
- 205
- 106
I also share in this frustration, just changed my PW 2 days ago, now its 905 days old???
And why did I have to change a brand new password that the system claimed was 905 days old?
And seriously, to be notified this long after the suspected breach *really* isn't good practice.
GoodRevrnd
Diamond Member
- Dec 27, 2001
- 6,801
- 581
- 126
Did some major VBB hack pop up or something? I've been forcibly reset on two other major forums I visit.
Same here. Really makes you wonder if anyone at AnandTech really understands the software they're using.
Adul
Elite Member
SparkyJJO
Lifer
- May 16, 2002
- 13,357
- 7
- 81
Yeah that just happened to me too
Oh well, changed again. I had already changed it twice before, first when I found out this had happened, and again because I didn't like the first password I set. Now that one's blown, so 3rd time's a charm maybe?
Red Squirrel
No Lifer
Happened to me too, and then I changed it, it worked for a while (Was logged in) then I was logged out, and it stopped working, and had to use forget password feature.
sao123
Lifer
- May 27, 2002
- 12,653
- 205
- 106
VB 3.x has been considered EOL for years, although 3.8.9 was released in 2014, there have been no updates since, its hard to know how many unpatched security holes there are.
I actually wanted to take a moment and thank the mods here for the way they are handling this event. Stuff happens, even to the most secure of sites.
The email I received struck the absolute right tone. I want to thank those responsible for:
1) Admitting there was a breech
2) Giving common-sense advice about the use of passwords (unique for each site, etc.)
3) Not requiring long, complex passwords on this site
A very popular, large A/V forum had a similar breech and hid the fact they were compromised, but required password changes. The password they required was at least 10 digits long, with capital and lower case letters, numbers and a special character. It's a ridiculous standard for non-critical information, and many of us have simply left.
I won't visit them again because they demonstrated they don't understand security at all. They weren't hacked because their USERS had weak passwords.
The fact is that there is no information stored here that compromises any private information about me. It does not require the kind of security standard required by financial sites.
The email I received struck the absolute right tone. I want to thank those responsible for:
1) Admitting there was a breech
2) Giving common-sense advice about the use of passwords (unique for each site, etc.)
3) Not requiring long, complex passwords on this site
A very popular, large A/V forum had a similar breech and hid the fact they were compromised, but required password changes. The password they required was at least 10 digits long, with capital and lower case letters, numbers and a special character. It's a ridiculous standard for non-critical information, and many of us have simply left.
I won't visit them again because they demonstrated they don't understand security at all. They weren't hacked because their USERS had weak passwords.
The fact is that there is no information stored here that compromises any private information about me. It does not require the kind of security standard required by financial sites.
Brainonska511
Lifer
- Dec 10, 2005
- 28,900
- 14,172
- 136
sao123
Lifer
- May 27, 2002
- 12,653
- 205
- 106
U do realize that this announcement could have been made 4 days ago when the breach was discovered, right?
norseamd
Lifer
- Dec 13, 2013
- 13,990
- 180
- 106
As a security precaution we expired all passwords, as that was the safest thing to do. "905 days" is just an artifact of how we went about it.
ultimatebob
Lifer
- Jul 1, 2001
- 25,134
- 2,450
- 126
I hope that they fixed the security hole, or this password reset is just a waste of time. The hackers will have the new passwords cracked within days if they're still using weak encryption.
ViviTheMage
Lifer
Red Squirrel
No Lifer
:biggrin:
Yeah I probably would not log on to here on an untrusted network like a public wifi or something. I'm not sure why they don't go to https.
But right now the priority should probably be to figure out how the db was leaked. Unless it's someone crooked at the data centre that sniffed traffic, but that would only really get a handful of passwords. I think this was an actual db leak. I guess if you happen to get an admin password... then you have the keys to everything.
Torn Mind
Lifer
- Nov 25, 2012
- 12,078
- 2,772
- 136
IIRC, they got rid of the more frequent scheduled maintenance as well. Knowing Anand and co were techies, whatever that maintenence was could have been for very good reason, i.e data backups or something, given that they did it every week.
RossMAN
Grand Nagus
- Feb 24, 2000
- 79,034
- 441
- 136
So that's why I was prompted to change my password.
Can anyone recommend a random password generator?
RossMAN
Grand Nagus
- Feb 24, 2000
- 79,034
- 441
- 136
Thanks, while waiting I decided to go with random.org and a less secure 24 character string password. But it's still better than the default vBulletin password I was using for years, it was maybe 12 digits?
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter