Forum Hacked!

Status
Not open for further replies.
   #41  

JMR

Professional User
Professional VCDS User
Joined
Sep 27, 2021
Messages
4,083
Reaction score
2,422
Location
Romania
VCDS Serial number
C?ID=432218
That rules me out then… :eek:
you don't say, how about i sent Uwe a "something" digital just a day before..:)) i couldn't sleep all night long after the news that the forum got hacked , i tought he was gonna blame me..now being all romanian :eek:
 
   #42  

Mwell

Verified VCDS User
Verified
Joined
Jan 7, 2021
Messages
49
Reaction score
16
Location
EU
VCDS Serial number
C?ID=439106
Happy it was nothing serious, good thing you didn't pay them.

I guess in the USA you are not obliged by law (according to the current legislation, such as Pennsylvania Consumer Data Protection Act) to report such data breaches to the authorities, as well as inform the users/customers (within x days) ?
 
   #43  

JMR

Professional User
Professional VCDS User
Joined
Sep 27, 2021
Messages
4,083
Reaction score
2,422
Location
Romania
VCDS Serial number
C?ID=432218
yeah, no shit ! I was really scared afterwards :facepalm:
 
   #44  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
49,792
Reaction score
34,070
Location
USA
VCDS Serial number
HC100001
Happy it was nothing serious, good thing you didn't pay them.

I guess in the USA you are not obliged by law (according to the current legislation, such as Pennsylvania Consumer Data Protection Act) to report such data breaches to the authorities, as well as inform the users/customers (within x days) ?
Well, I certainly did inform users/customers -- immediately -- less than one day after we found out.

However, I do not think it's reportable to "authorities" since the a reportable breach is generally defined as: A person’s name, combined with a social security number, driver’s license info, state ID, credit card or financial account number, medical or health insurance information, or biometric data such as fingerprint or iris scans, and DNA profiles. In some (but certainly not all) cases, the forum might have a person's name, but it has none of the other info that would make it reportable.

-Uwe-
 
   #46  

Crasher

Professional User
Professional VCDS User
Joined
Jun 12, 2015
Messages
2,402
Reaction score
2,143
Location
Nottingham, England
VCDS Serial number
C?ID=21420
That Uwe, he have BIG cojones...:thumbs:
 
  • Haha
Reactions: JMR
   #48  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
49,792
Reaction score
34,070
Location
USA
VCDS Serial number
HC100001
ihuog0M.jpg


-Uwe-
 
   #49  

JMR

Professional User
Professional VCDS User
Joined
Sep 27, 2021
Messages
4,083
Reaction score
2,422
Location
Romania
VCDS Serial number
C?ID=432218
He mafia style !!!:cool: Collector ! Skull cracker , leg breaker ,finger twister , nail puller , finger cutting ...type of guy :)
 
   #51  

Bruce

Active Member
Staff member
Ross-Tech Employee
Joined
Jan 30, 2014
Messages
3,212
Reaction score
5,194
Location
Near Philadelphia, PA, USA
VCDS Serial number
--------
I ain't afraid of him.. ask him about the time he bent-over and dared me.... now that is a story!

Funny, he never asked again..

That was back in the day when I was his boss... now he are mine.. oh the fun we have had!
 
   #52  

DV52

Verified VCDS User
Verified
Joined
May 16, 2014
Messages
5,469
Reaction score
5,936
Location
Melbourne, Australia
VCDS Serial number
C?ID=194404
We're pretty confident the problem was "OpSec" -- an improperly secured account with Admin access.
IMO, this is not a big deal. That's all more-or-less "public" information anyway.
hm..... Yes, I am a "disillusioned" forum member - but No, this reply is NOT sour-grapes!!

Data security is a very serious matter to me - particularly when it relates to MY DATA!! The replies (above) that underplay the seriousness of these type of security breaches are niave in the extreme! My advice to those that have this mentality is: reserve your opinion untill you are an actual victim of identity theft. And don't assume that it can't happen to you - it's only a matter of time and luck!

I've just had to deal with exactly this issue (i.e. identity theft) as a result of security breaches in the customer database for a large Australian utility company and I now find similar administrative failings in this forum - very disappointing because I consider Ross-Tech to be run by professionals!!

My belief about Ross-Tech notwithstanding, I have to make comment on the astonishing claim that "This is not a big deal" because "That's all more-or-less "public" information anyway". Of course it's true that public information is just that - but getting the details about individual members is generally NOT a worthwhile activity for hackers.

The files thieved from this forum will have an entirely different value proposition on the dark-web because they (likely) provide a complete list of members records linking each forum members details in an easily accessible format. In no way is this the same as hackers trolling individual member's "public information"

XenForo is a mature product that is widely used and I assume that "an improperly secured account with Admin access" was not a problem with the software. If this is correct, it means that this breach was an entirely avoidable matter within the control of the administration of this forum. At the very least, this begs answers to forum member to the question; what changes has been made to guarantee (use the word "ensure" if you want) that the risk of further breaches is at best minimized?

Finally, (sadly) I'm no longer an active member of this forum and I stumbled upon this matter purely because I wanted to access an old post of mine (for another forum). However, there will be other non-regular members that will be totally unaware of these happenings about their personal data. Is it really proper that this remains their problem when they receive the fraudulent emails - or do they deserve to be informed?

Again, very disappointing!

Don

PS: maybe it's somewhere in this forum and I've missed it (my apology if so)- but usually when this type of administrative failure happens, there is a statement of contrition!!
 
   #53  

JMR

Professional User
Professional VCDS User
Joined
Sep 27, 2021
Messages
4,083
Reaction score
2,422
Location
Romania
VCDS Serial number
C?ID=432218
Nice to see you DV52. As far as the data breach goes ..i think it a not as damaging . It s just user data perhaps , name address and phone number ( that s all required to register for VCDS and RT forum). Now...everytime i order something on the internet , i give the same info out to various vendors and i prefer to pay on delivery , not giving out my SSN /CC number or other more precise identifier. If such info is required , i shop somewhere else . However , i pay the bills to various utilities companies online where they do require a SSN and card number . How good are they protected against a hack ? I have no idea. So....those are the perils of modern times. BTW , on HBO on demand there is a movie called Black Box , a french production , interesting movie ..exposing the perils of technology ,hacking cars and airplanes..
 
Last edited:
   #54  

Righteouness

Verified VCDS User
Verified
Joined
May 4, 2021
Messages
88
Reaction score
21
Location
Australia
VCDS Serial number
C?ID=434582
Well, some people have nothing else better to do.

I hope they step on a piece of Lego, twice, in the same spot.
 
  • Haha
Reactions: JMR
   #55  

OwnerTR

Verified VCDS User
Verified
Joined
Sep 2, 2021
Messages
69
Reaction score
33
Location
Turkey
VCDS Serial number
C?ID=493252
Get well soon. I closed the MyBB Turkey support forum site in 2016 because of the scum of this mentality.
 
   #57  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
49,792
Reaction score
34,070
Location
USA
VCDS Serial number
HC100001
reserve your opinion untill you are an actual victim of identity theft.
Aboslutely. But I don't see how the data available in this forum could possibly be used to steal someone's identity, or even how it would be particularly helpful toward that end. Their "business model" appears to have been to solicit donations, and when when that didn't work out, to try to collect a ransom from me so that I might be able to avoid disclosing what happened.

At the very least, this begs answers to forum member to the question; what changes has been made to guarantee (use the word "ensure" if you want) that the risk of further breaches is at best minimized?
All RT employees (even those who don't have Admin access) are now required to use 2FA to access the forum, and this is rigidly enforced. I had encouraged that previously, but failed to enforce it as I should have, and thus I take full responsibility for the breach.

In addition, the re-use of passwords that are (or have been) used elsewhere is forbidden, but I have no means to enforce that since I can't see the passwords people are using (as mentioned previously in this thread, the forum only stores a salted hash of users' passwords), and even if I could see then, I'd have no way to know whether they've ever been used somewhere else.

We've also installed an additional security add-on that generates logs for things like Admin login failures and suspicious activity by IP address and we're checking them regularly.

-Uwe-
 
Last edited:
   #58  

JMR

Professional User
Professional VCDS User
Joined
Sep 27, 2021
Messages
4,083
Reaction score
2,422
Location
Romania
VCDS Serial number
C?ID=432218
Well, some people have nothing else better to do.

I hope they step on a piece of Lego, twice, in the same spot.
Naaah..don t wish that on your worst enemy. I did step on one once , right as i got out of the bed i took 3-4 steps and stepped on a piece of plastic lego ,as i luxated/twisted my ankle i lounged towards the high dresser in the bedroom and slammed my forehead in it , i nearly blacked out and fell backwards and banged my back on the wood edge of the bed and as i tried to prop myself i nearly broke my hand on a plastic toy truck . To top of it all , right then and there my daughter had joined the event and split my lip with a plastic doll while laughing out. The chain of events was unreal and i wish i had recorded it somehow. So no ! No lego !!
Edit : now that i look back at the event , it seems funny for.me too, but there i was a 1.82 /100 kg guy , bleeding from the mouth , searing pain in my back ,ankle and right hand and blurry vision. I was absolutely enraged like a wild bull and i think i ve exhausted my cursing repertoire ( which in romania language is almost like whole language ) in less than 10 minutes. I still bear a 1 cm cut inside of my upper lip , the lip was sectioned through by the dolls head. I had to sit there for what seemed like a whole year before i had mustered the strength to get up. So yeah..funny now , a nightmare then . Since then i kinda developed a sort of a shuflle walk where i don t lift my feet too much off the ground while inside the house so i minimize the risk of stepping on one again.
 
Last edited:
   #59  

JMR

Professional User
Professional VCDS User
Joined
Sep 27, 2021
Messages
4,083
Reaction score
2,422
Location
Romania
VCDS Serial number
C?ID=432218
Between me and you i wanted to throw the legos out for a very long time now , my son absolutely loves to spread them out all over the house. It is a constant source of tension in this household but my wife s convinced that somehow the lego building helps developing skills. I am terrified that my kids will step on one while running like nuts around the house . So i absolutely effing hate legos ! Here s my bag of constant discord and nightmares ! It used to be a much bigger sack but I secretly take 1 piece everyday and throw it in the trash so by the time i m done hopefully no one will notice that they are missing. I tell the kids and wife that the sack of pieces gets smaller because they they ( the kids) throw them under the furniture or in the back yard . Lol . I hate them with a burning passion !! They are dangerous and a hazard in any household.

 
   #60  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
49,792
Reaction score
34,070
Location
USA
VCDS Serial number
HC100001
I hate them with a burning passion !!
I absolutely loved them when I was a kid. My own kids were never that keen on them.

-Uwe-
 
Status
Not open for further replies.
Back
Top