• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Important Notice - Security Breach

Status
Not open for further replies.
I also received the following msg (twice) after I canged passwords.

Dear Unicorn512, Someone has tried to log into your account on Android Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes. The person trying to log into your account had the following IP address: 174.253.187.214 All the best, Android Forums

I checked and it's the VZN supplied address on my DROID3. Then it occurred to me that the Phandroid app on my phone must be the cause, so I uninstalled it.
 
Phases,

I changed my password earlier today as soon as I saw your notice, and this evening between 5:02 and 6:18PM Central Time there were four failed login attempts on my account. I was out eating dinner with my wife at the time, so I know for a fact that it wasn't me.

It seems to me that there is a high probability that whomever compromised your database is in fact trying to use that information to gain access to user accounts.

FYI...
 
Cam said:
Phases,

I changed my password earlier today as soon as I saw your notice, and this evening between 5:02 and 6:18PM Central Time there were four failed login attempts on my account. I was out eating dinner with my wife at the time, so I know for a fact that it wasn't me.

It seems to me that there is a high probability that whomever compromised your database is in fact trying to use that information to gain access to user accounts.

FYI...
Click to expand...

If you have any apps on your phone that connect to AF you need to resetu your password on them. They will continue to try and connect to AF using your old credentials and cause those messages. Accross 3 PCs and 2 phones I had to update passwords 28 times.
 
Unforgiven said:
If you have any apps on your phone that connect to AF you need to resetu your password on them. They will continue to try and connect to AF using your old credentials and cause those messages. Accross 3 PCs and 2 phones I had to update passwords 28 times.
Click to expand...
I'll do that, but those apps (Tapatalk) were not running on my phone or tablet, even in the background. Don't they have to be running for that to happen?
 
Cam said:
I'll do that, but those apps (Tapatalk) were not running on my phone or tablet, even in the background. Don't they have to be running for that to happen?
Click to expand...

Xyro said:
Do you have subscription or pm notifications on in tapatalk?
Click to expand...

^^^ that's the key, they check in for any push notifications. I had Forum Runner and Tapatalk both trying to check for PM's.
 
  • Like
Reactions: Cam
Xyro said:
Do you have subscription or pm notifications on in tapatalk?
Click to expand...
No and no. I just checked again to be sure. However, I certainly acknowledge that Tapatalk could have been the culprit, since I didn't change my password in that app until until just now. Like I said, Tapatalk wasn't running at all as far as I know, but who knows? That does seem more plausible than some hacker trying to use my account out of the thousands and thousands of accounts on AF...

Edit: Nevermind, I did have those settings turned on in Tapatalk. That must have been it.
 
i changed my password on my computer bright and early this morning and soon after received 3 notices that someone was attempting to log into my account with an incorrect password. i do have the phandroid app loaded on both my phone and tablet. i ran the network info app and realized that the ip address trying to access my account was the external ip for my isp. so i just opened the phandroid app on both phone and tablet and signed out, then waited the 15 minutes and resigned in. no more notices. all is good.
 
Familyguy1 said:
Thats quite interesting considering about a week ago I contacted you about the same thing...hmm.

Glad it is resolved though, thanks guys!
Click to expand...

Yep, recall it clearly and the response given was coordinated with admin with the best information at the time - but definitely, your query was escalated. ;)
 
Thank You ;

To all involved in finding and fixing some evil persons attempt . :-)
I for one am very appreciative of this.. and thanks again.
 
dawnierae said:
Absolutely fantastic, informative post. Thank you and the entire staff for your diligence in not only responding to the breach, but keeping us so well informed. KUDOS to all of you!:D
Click to expand...

agreed, THIS IS HOW A BREACH SHOULD BE HANDLED !!!!


It's really sad a "hobby/user forum" (no offense) can get it "right", but banks,online retailers, etc. fail so miserably.

Thank you.
 
colchiro said:
I just spent 2 hours changing forum and email passwords for work and home and still have a tablet left.
Click to expand...


Then the "security" fault lies with YOU, not AF...

using the same password everywhere is beyond bad.

I could see using the same password across forums, but e-mail? NEVER...

Please review your security practices before complaining about others... (glass houses and all that stuff)
 
I changed my password for this site, no issues at all. Luckily, this was one of the many sites that I've already converted the password over to a completely randomly generated password. The old password was 12 characters long, the new password is 16 characters long.

It has been said before by some people that you shouldn't use the same password for every site that you use. I personally use a randomly generated password for about 75% of all web sites that I have accounts on and save these passwords in my Roboform data.
 
Yeah, my band's web site hosted by 1&1 was attacked yesterday. Somehow they got into my main web page and altered it to call an install of a virus. Took me 2 hours to clean off my computer and remove the virus call.
 
trparky said:
I changed my password for this site, no issues at all. Luckily, this was one of the many sites that I've already converted the password over to a completely randomly generated password. The old password was 12 characters long, the new password is 16 characters long.

It has been said before by some people that you shouldn't use the same password for every site that you use. I personally use a randomly generated password for about 75% of all web sites that I have accounts on and save these passwords in my Roboform data.
Click to expand...


One Ring to rule them all, One Ring to find them, One Ring to bring them all, And in the darkness bind them

:P
 
Brandon Sheley said:
I'm glad the exploit was secured.


FYI.. There is a GIANT difference between a vbulletin forum and the framework a bank or most online retailers run :rolleyes:
Click to expand...

most definitely, banks, online retailers have much MORE at stake and should MORE forthcoming and faster to notify their users because the risk is greater...


if a vBulletin site can start notifying user within a couple hours, a bank should be doing it with an hour of confirming their systems were compromised and information lost.
 
Status
Not open for further replies.
Back
Top Bottom