Someone Has Some Explaining To Do

[PDXChris]

So it appears you restored from a backup and did not get the database back from the hackers. With that being, hackers now have a copy of the sites database and being I am a Database Engineer, I know what they can and can't do with all that info, so please tell me you were using some sort of encryption for our passwords for our accounts.

 

[BigRedRage]

thankfully my password on here really isnt used anywhere else

 

[PDXChris]

thankfully my password on here really isnt used anywhere else

But that means they have your password here!!! So you might want to change that. Also, depending about how they got access, they could do it again and get that info too.

 

[BigRedRage]

But that means they have your password here!!! So you might want to change that. Also, depending about how they got access, they could do it again and get that info too.

if they are bored enough to login and post as me I am curious what they will post so ima leave it alone

 

[PDXChris]

I don't think you realize how much some people have posted in reguards to real life info. Links to LinkedIn, Facebook, Xbox Live and personal email. Mix that with the fact that many people may use the same password for those and a lof of other account could now be hacked. So I think it is fair to demand and explanation of how secure it is and what has been done to prevent it again.

Thankfully I too do not use this password for anything else, but that is not the point. I don't feel safe here anymore.

 

[BigRedRage]

I don't think you realize how much some people have posted in reguards to real life info. Links to LinkedIn, Facebook, Xbox Live and personal email. Mix that with the fact that many people may use the same password for those and a lof of other account could now be hacked. So I think it is fair to demand and explanation of how secure it is and what has been done to prevent it again.

Thankfully I too do not use this password for anything else, but that is not the point. I don't feel safe here anymore.

Oh no, im not rebutting your comments and expect shaggy will answer and come up with more safety for the site.

Im just talking.

 

[PDXChris]

Oh no, im not rebutting your comments and expect shaggy will answer and come up with more safety for the site.

Im just talking.

 

[unseenaz]

I don't think you realize how much some people have posted in reguards to real life info. Links to LinkedIn, Facebook, Xbox Live and personal email. Mix that with the fact that many people may use the same password for those and a lof of other account could now be hacked. So I think it is fair to demand and explanation of how secure it is and what has been done to prevent it again.

Thankfully I too do not use this password for anything else, but that is not the point. I don't feel safe here anymore.

Yeah this is fairly alarming. Thanks for the heads up Bruce. Gonna spend the better part of my morning changing all my passwords.

Is this at all related to the new owners of the board? Never saw anything like this with the company that ran the boards previously. Can anyone vouch for the new owners? Not accusing anyone but if there's malicious intent I can find a new place to talk AZ sports

 

[PDXChris]

Yeah this is fairly alarming. Thanks for the heads up Bruce. Gonna spend the better part of my morning changing all my passwords.

Is this at all related to the new owners of the board? Never saw anything like this with the company that ran the boards previously. Can anyone vouch for the new owners? Not accusing anyone but if there's malicious intent I can find a new place to talk AZ sports

I don't think there was any malicious intent by the new owners. Shaggy had been a poster for sometime before. Also, there are a lot of ways to hack a site like this, so maybe it is just lack of experience, like shotgunning changes to the site during the day without testing them. It appears to me he may be a UI developer, which in my experience means not a great Database Developer or Server Admin.

 

[Shaggy]

The original owners had been hacked before. Not sure if it was like this. I am also not sure if the hackers took the database or were just messing around. I had nothing to do with this. I would recommend changing your password on here and if you do use the same password on other sites, change those too, just in case. Keebali had alot of outdated files on this site that I thought I had updated, but I guess I messed it. I removed all those files and the front page(which is how I think they got in with the outdated software there) and have put in alot more protection. Sorry that this had to happen as this is something I never wanted to happen.

Please I recommend changing you password here for sure, just to be safe!

 

[Brian in Mesa]

Are posts (and possibly threads) missing because it was backed up to a certain time/date?

I know I responded to a few threads yet they now say I have never commented in them.

Oh well, your loss.

 

[Shaggy]

Yep had to use a backup from the night before and lost all posts from yesterday. Wish I didn't have to do it as I don't want to lose any of your posts but needed to happen. Brian make sure you change your password as all staff need to.

 

[Brian in Mesa]

Yep had to use a backup from the night before and lost all posts from yesterday. Wish I didn't have to do it as I don't want to lose any of your posts but needed to happen. Brian make sure you change your password as all staff need to.

Will do that right now.

 

[Mulli]

Are posts (and possibly threads) missing because it was backed up to a certain time/date?

I know I responded to a few threads yet they now say I have never commented in them.

Oh well, your loss.

You must hate the lost threads/posts.

 

[Brian in Mesa]

You must hate the lost threads/posts.

4.99/5.00

 

[Russ Smith]

I just changed my password after getting an email telling me to do so but I have to admit that doesn't change my feeling of security. If Someone hacked in, they would already have the passwords wouldn't they? So they could presumably also have something that allows them to see everyones new password after they changed it.

I don't use the same password elsewhere but I wonder how many people are now going to change their password to one they use elsewhere thus exposing that one?

 

[jf-08]

FWIW - the stored passwords are encrypted. I don't know if anyone can "un-encrypt" them, but it's better to be safe than sorry.

 

[Russ Smith]

FWIW - the stored passwords are encrypted. I don't know if anyone can "un-encrypt" them, but it's better to be safe than sorry.

OK that's good to know. A friend of mine is a professor that specializes in computer security. He said one of the oldest tricks they use is to access a site and plant software that allows them to track changes to passwords, then let everyone know so they all change the password, and then they have the passwords that they didn't actually have before.

So encrypted sounds good.

 

[PDXChris]

FWIW - the stored passwords are encrypted. I don't know if anyone can "un-encrypt" them, but it's better to be safe than sorry.

It depends on the type of encryption. Some are very simple to break and as old as this site is it is most likely a basic hash which is extremely simple to decrypt. In fact, there are sites out there that will decrypt a hash encrypted password.

 

[Twist18]

I just worry about being a contributor in the past to the site if they can get any of my paypal or financial records? I also changed my password and the email I had on here was at my last address.

 

[PDXChris]

I just worry about being a contributor in the past to the site if they can get any of my paypal or financial records? I also changed my password and the email I had on here was at my last address.

I wouldn't worry about that, PayPal uses a token that is not useful by itself. They are pretty rock-solid with their security.

 

[Phoenix219]

I hope I didn't lose any posts... I didn't have enough to begin with

Crappy... I made some decent points yesteday, and I *did* lose all my posts

 

[desertdawg]

Can we hack them back?

 

[LoyaltyisaCurse]

I Blame Shane! Haven't had an opportunity to use that in a while!

 

[LoyaltyisaCurse]

Can we hack them back?

That would be awesome...Banky?