Attention - Password and Security Update - Page 3 - VW Forum - VZi, Europe's largest VW, community and sales
 
Machine 7, high quality air-cooled  restoration and performance parts

     
 

Go Back   VW Forum - VZi, Europe's largest VW, community and sales > Community > Volkszone Technical Difficulties

Volkszone Technical Difficulties Any issues and concerns with the Volkszone website, please post them here.

Machine 7, high quality air-cooled  restoration and performance parts
Reply Post New Thread
 
Thread Tools Rate Thread Display Modes
Old 17-06-2016, 10:17 AM   #21
Brian Burrows
Older


VZi Member Sponsor

Trading feedback: (2)
 
Join Date: Jun 2004
Location: In the middle of someone's 'story' . . . mostly
Posts: 127,206
Default

Quote:
Originally Posted by veedubjunky View Post
I have just discovered when logging in again on my iPad for the first time that the system did not save my new password, I referred back to my 8 digit email code and tried that and it logged me in, marvellous!
AG - Any idea on this ^ please guys?
Brian Burrows is offline   Reply With Quote
Old 17-06-2016, 10:28 AM   #22
Dave Dorson
Help! I'm trapped in here
 
Dave Dorson's Avatar

Trading feedback: (4)
 
Join Date: Jun 2009
Location: Stamford, Lincs
Posts: 8,214
Default

I share DarrenW's concerns about stuff getting sent out in plain text. I know that other places I've used give a temporary password that you MUST reset in order to re-activate your account. That seems a far better method that just emailing (which isn't secure) a password and username in the same email, in plain text.
__________________
Bicycle Repair Tools wanted
Dave Dorson is offline   Reply With Quote
Old 17-06-2016, 12:07 PM   #23
visa
Chat Slapper

Trading feedback: (1)
 
Join Date: Sep 2011
Location: absolutely
Posts: 105
Default

This reeks of spin to me!

So a vulnerability in your system (the 3rd party vendor plugin, but still your system) was exploited by someone who then robbed all of your customers email addresses and password (that's us by the way).

I Assume that the system accounts are held in a separate database (or directory) to the forum accounts (this is normally considered best practice) and that the exploit via the plug in allowed the robbers system account access so they copy the contents of the forum database, yes?

So why are you increasing the complexity of the forum passwords because if the same thing happened again the thieves would still be able to copy our complex passwords?

To me it looks like AG are trying to make it look like they have improved security to deal with the problem when in actual fact the complexity of the forum passwords has nothing to do with how secure the system is, only how secure a forum members account is.
visa is offline   Reply With Quote
 
Old 17-06-2016, 01:59 PM   #24
GBJB
Wannabe Chat Slut
 
GBJB's Avatar

Trading feedback: (1)
 
Join Date: Sep 2012
Location: Poulton-le-Fylde, Lancashire
Posts: 1,474
Default

Quote:
Originally Posted by visa View Post
This reeks of spin to me!

So a vulnerability in your system (the 3rd party vendor plugin, but still your system) was exploited by someone who then robbed all of your customers email addresses and password (that's us by the way).

I Assume that the system accounts are held in a separate database (or directory) to the forum accounts (this is normally considered best practice) and that the exploit via the plug in allowed the robbers system account access so they copy the contents of the forum database, yes?

So why are you increasing the complexity of the forum passwords because if the same thing happened again the thieves would still be able to copy our complex passwords?

To me it looks like AG are trying to make it look like they have improved security to deal with the problem when in actual fact the complexity of the forum passwords has nothing to do with how secure the system is, only how secure a forum members account is.
Completely agree with all of this.
__________________
1968 1300 Beetle
1990 Porsche 944 S2
2005 New Beetle Cabrio
2010 T5 LWB Camper
2019 Golf R Wagon
GBJB is offline   Reply With Quote
Old 17-06-2016, 04:55 PM   #25
HelenaAG
VZ Editor

 
HelenaAG's Avatar

Trading feedback: (0)
 
Join Date: May 2012
Posts: 692
Garage
Default

Heya all,

Again sorry for all the confusion on this and extra work to reset a password.

We have outsourced the reset emails to another vendor to speed up the process and they should be much smoother and quicker now. The amount of emails, PMs, and posts we have to reply to is staggering so we are extremely backed up.

We have locked down the sites and updating your password will make sure you are not at risk.

Give us time and we will get back to you if you have a question. Unfortunately, I can not respond to every post in this thread ranging from anger, questions, etc.

Quick summary:
- Data was breached back in Feb from a plugin from another company (email, pass, some IP - that is all)
- The data was not used or made public until earlier this week (when we found out about it)
- We have locked down sites and requested all user update passwords
- Just click the link in the email to update your password and if you have a question contact us here
- Response time could be 2-3 days since we have thousands of emails and all staff working extra shifts to help out.

Contact Us:
https://www.volkszone.com/VZi/sendmessage.php


Thanks in advance all

Jeff M
HelenaAG is offline   Reply With Quote
Old 17-06-2016, 07:06 PM   #26
veedubjunky
Help! I'm trapped in here
 
veedubjunky's Avatar

Trading feedback: (15)
 
Join Date: Jun 2007
Location: Chichester
Posts: 20,493
Default

Quote:
Originally Posted by veedubjunky View Post
I have just discovered when logging in again on my iPad for the first time that the system did not save my new password, I referred back to my 8 digit email code and tried that and it logged me in, marvellous!
Quote:
Originally Posted by Brian Burrows View Post
AG - Any idea on this ^ please guys?
Its not re-occurred on any other devices, now seems to be logging in all fine.
veedubjunky is offline   Reply With Quote
Old 17-06-2016, 07:11 PM   #27
Brian Burrows
Older


VZi Member Sponsor

Trading feedback: (2)
 
Join Date: Jun 2004
Location: In the middle of someone's 'story' . . . mostly
Posts: 127,206
Default

Quote:
Originally Posted by veedubjunky View Post
Its not re-occurred on any other devices, now seems to be logging in all fine.
Good stuff.
Brian Burrows is offline   Reply With Quote
Old 18-06-2016, 11:53 AM   #28
pea-green-machine
Seasoned Chat Slut
 
pea-green-machine's Avatar

Trading feedback: (0)
 
Join Date: Mar 2002
Location: Grays Essex
Posts: 2,974
Default

I have updated/ changed my password. Whenever I try to get to the site it keeps redirecting me to a sign up to BT fon page

Or when I do get on I get a pop up box with the same?

I linked to hear from and email notification from a subscribed thread?

Am I the only one or has that happened to other folks?

Its only VZI and pre 67 thats doing this no other sites.
__________________
25/36hp Flywheel shims available in various sizes
Hinge pin Tools now sold out...............
36hp Vacuum lines available 3 left
pea-green-machine is offline   Reply With Quote
Old 18-06-2016, 12:31 PM   #29
Brian Burrows
Older


VZi Member Sponsor

Trading feedback: (2)
 
Join Date: Jun 2004
Location: In the middle of someone's 'story' . . . mostly
Posts: 127,206
Default

Quote:
Originally Posted by pea-green-machine View Post
I have updated/ changed my password. Whenever I try to get to the site it keeps redirecting me to a sign up to BT fon page

Or when I do get on I get a pop up box with the same?

I linked to hear from and email notification from a subscribed thread?

Am I the only one or has that happened to other folks?

Its only VZI and pre 67 thats doing this no other sites.
What browser are you using? On a 'phone or computer? And the full VZi site or a mobile version?

Brian Burrows is offline   Reply With Quote
Old 18-06-2016, 12:38 PM   #30
pea-green-machine
Seasoned Chat Slut
 
pea-green-machine's Avatar

Trading feedback: (0)
 
Join Date: Mar 2002
Location: Grays Essex
Posts: 2,974
Default

On a Mac using safari, full site. When I use my phone I have no issue. Since I have logged back in using my new password it does seem to have stopped?
__________________
25/36hp Flywheel shims available in various sizes
Hinge pin Tools now sold out...............
36hp Vacuum lines available 3 left
pea-green-machine is offline   Reply With Quote
Reply Post New Thread

Bookmarks

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 03:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

Disclaimer: For recreational purposes only, some assembly required. Any resemblance to real persons,
living or dead is purely intentional and the site admins are not responsible for direct, indirect,
incidental or consequential ridicule resulting from any defect or failure to perform. No animals
were harmed in the creation of this forum. Colours may fade over time. No other warranty expressed or implied.

volkszone.com

SupportingSupporting Brad's Cancer Foundation

 










 
© Volkszone • Terms and Conditions of use



volkszone.com is an independent Volkswagen enthusiast website owned and operated by VerticalScope Inc. Content on volkszone.com is generated by its users. volkszone.com is not in any way affiliated with Volkswagen AG.