Forum Hacked!

   #25  

myounus

Verified VCDS User
Verified
Joined
Oct 17, 2017
Messages
982
Reaction score
505
Location
Northwest UK
VCDS Serial number
C?ID=321059
I hope they need help from us - I’ll be happy to tell them to ‘foxtrot Oscar’ and jump into a fire. Scum
 
   #27  

NZDubNurd

Verified VCDS User
Verified
Joined
Nov 10, 2014
Messages
1,352
Reaction score
2,062
Location
New Zealand
VCDS Serial number
C?ID=230482
It wasn't your account. :)

-Uwe-
I joined in 2014... and my password wouldn't work... and Dana had to fix my email so I could get back in :D

(I assume the user knows who they are now though...?)
 
   #30  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
42,318
Reaction score
29,943
Location
USA
VCDS Serial number
HC100001
I joined in 2014... and my password wouldn't work... and Dana had to fix my email so I could get back in :D

(I assume the user knows who they are now though...?)
That user probably does not. It looks like he hasn't been active here in recent years.

-Uwe-
 
   #31  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
42,318
Reaction score
29,943
Location
USA
VCDS Serial number
HC100001
Hats off to a man of principle!
Thank you.

But it's not just principle, it's also practicality. They clearly already had whatever they got, and since it's data, there's no way for them to give it back, or to even to prove that it has been destroyed. So let's say I had paid them $500 worth of BTC last night (which would have been difficult in any case because I do not own any crypto, nor do I have an account with anyplace that would let me buy and transmit it). What would prevent them from coming back tonight and demanding $1000? Or tomorrow and demanding $5000?

Then there is the question of ethics. The only thing they really had to hold over my head was the idea that I could keep you folks, my customers from finding out that there had been a data breach, and thus I wouldn't be embarrassed, or have my reputation damaged. Would it have been ethical of me to try to keep the breach a secret? I don't think so! I mean does anyone think they wouldn't add whatever they got to the databases of such stuff that surely exist in the dark corners of the internet, even if I did pay them?

Nope, the only sensible way to handle this was for me to be honest with you guys immediately, and by doing that they have absolutely nothing to hold over my head, or any of yours either.

-Uwe-
 
Last edited:
   #32  

Gavra

Verified VCDS User
Verified
Joined
Mar 30, 2015
Messages
194
Reaction score
134
Location
Melbourne/Belgrade
VCDS Serial number
C?ID=240855
Thank you for fast action. Although I haven't logged in for a long time , it is nice to see someone respect privacy and act responsibly and promptly.
 
   #33  

iichel

Verified VCDS User
Verified
Joined
Aug 10, 2016
Messages
3,015
Reaction score
3,460
Location
Eindhoven, NB, NL
VCDS Serial number
C?ID=284912
Mate of mine once had this. He kept insisting he should receive an invoice, otherwise he could not justify spending money without a trace.

But I think the way Uwe acted is the only right way of doing so. Exactly for the reasons he states. Data is easily copied, transferred and there is no way to prove you destroyed it. And even if you did, there are many ways to un-delete it.
 
   #34  

Mike R

Ross-Tech Employee
Staff member
Administrator
VCDS Distributor
Ross-Tech Employee
Joined
Apr 10, 2014
Messages
456
Reaction score
537
Location
Virgo Supercluster
VCDS Serial number
C?ID=126524
That user probably does not. It looks like he hasn't been active here in recent years.

-Uwe-
giphy.gif
 
   #35  

downtime

Verified VCDS User
Verified
Joined
May 27, 2017
Messages
2,842
Reaction score
1,792
Location
Finland
VCDS Serial number
C?ID=280813
And pro tip if you haven't already activated. Activate the two-step authentication for the forum for your account. This will prevent the change of your password if your account gets leaked as hackers cannot change the authentication email and also the codes are not visible for the backup method.
 
   #38  

ArtooDeeDad

Verified VCDS User
Verified
Joined
Jun 10, 2022
Messages
10
Reaction score
14
Location
USA
VCDS Serial number
C?ID=518434
Coming from (cough) years of software, systems, infrastructure, etc...

Good call all around. Even if it is the right choice, it isn't always the easy choice. To Uwe's point, the compromised data isn't exactly high risk PII. That helps.

Thanks for the transparancy.

Was happy to see a 2FA option when i signed up. For something like a forum it is still a great way to keep someone from logging into an account with a compromised password. And i do think it worthwhile even for forums.

And having been through a number of all-night systems emergencies, i hope ya'll are able to catch up on some deserved sleep. Wish i could help.
 
   #40  

dieseldub

Verified VCDS User
Verified
Joined
Nov 7, 2017
Messages
148
Reaction score
201
Location
Gresham, OR
VCDS Serial number
C?ID=28764
A bit more excitement than most of us had asked for, for sure. lol

Well-handled, Uwe.
 
Top