Attention - Password and Security Update - VW Forum - VZi, Europe's largest VW, community and sales
 


     
 

Go Back   VW Forum - VZi, Europe's largest VW, community and sales > Community > Volkszone Technical Difficulties

Volkszone Technical Difficulties Any issues and concerns with the Volkszone website, please post them here.

Reply Post New Thread
 
Thread Tools Rate Thread Display Modes
Old 14-06-2016, 04:03 PM   #1
HelenaAG
VZ Editor

 
HelenaAG's Avatar

Trading feedback: (0)
 
Join Date: May 2012
Posts: 683
Garage
Default Attention - Password and Security Update

Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
__________________
HelenaAG is offline   Reply With Quote
Old 15-06-2016, 06:25 AM   #2
Sam Jelfs
Help! I'm trapped in here
 
Sam Jelfs's Avatar

Trading feedback: (2)
 
Join Date: Dec 2001
Location: Valkenswaard, NL
Posts: 14,072
Default

When you say "outside of this community" you mean your were hacked and have lost 45 million log in details that were secured with weak encryption?

https://news.slashdot.org/story/16/0...-sports-forums
Sam Jelfs is offline   Reply With Quote
Old 15-06-2016, 06:57 AM   #3
robocallaghan
Chat Slapper

Trading feedback: (0)
 
Join Date: Dec 2015
Posts: 168
Default

Why is this taking weeks to email and force password resets - send out the email asap you are putting other accounts at risk. Turn on reset password function today.

ffs MD5 - it's no longer 1992.

Spend less time

Rob.
robocallaghan is offline   Reply With Quote
 
Old 15-06-2016, 03:51 PM   #4
Nige G
Help! I'm trapped in here
 
Nige G's Avatar

Trading feedback: (11)
 
Join Date: Jun 2004
Location: Rugby
Posts: 19,719
Default

Quote:
Originally Posted by HelenaAG View Post
Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised

Did you actually mean to type "Reusing passwords can expose your other accounts because we used piss poor security and we were compromised"?

Why has this taken so long to be exposed? You were hacked in February FFS!!
__________________
AVOID THIS LIAR

Quote:
Originally Posted by TomD View Post
you leather clad puppy of mystery.
Nige G is offline   Reply With Quote
Old 15-06-2016, 06:27 PM   #5
HelenaAG
VZ Editor

 
HelenaAG's Avatar

Trading feedback: (0)
 
Join Date: May 2012
Posts: 683
Garage
Default

Heya all,

The article fails to mention that the breach was for a third party plugin. This breach is on countless sites across the internet and not just limited to ours.

Their system was compromised and they grabbed user data for us and thousands of others. We cleared our part of the breach and went this route to further security. This is also in place as many members on the internet use the same or similar passwords across all things they use.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Thanks,
HelenaAG is offline   Reply With Quote
Old 15-06-2016, 07:10 PM   #6
Nige G
Help! I'm trapped in here
 
Nige G's Avatar

Trading feedback: (11)
 
Join Date: Jun 2004
Location: Rugby
Posts: 19,719
Default

Quote:
Originally Posted by HelenaAG View Post
Heya all,

The article fails to mention that the breach was for a third party plugin. This breach is on countless sites across the internet and not just limited to ours.

Their system was compromised and they grabbed user data for us and thousands of others. We cleared our part of the breach and went this route to further security. This is also in place as many members on the internet use the same or similar passwords across all things they use.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Thanks,
What a load of fluff and bullshit.

Whether it was your own system or a plug in that you use, your database was still hacked 4 months ago and you didn't bother to tell anyone and then to rub salt in the wound you try to hide behind some crap about making security changes to make it a better experience for us.

I'm not angry at VS for being hacked, it happens. What I'm pissed off with is the complete lack of transparency about the situation and a total lack of respect for the users of this site by bullshitting about it and trying to hide it.
__________________
AVOID THIS LIAR

Quote:
Originally Posted by TomD View Post
you leather clad puppy of mystery.
Nige G is offline   Reply With Quote
Old 15-06-2016, 08:07 PM   #7
HelenaAG
VZ Editor

 
HelenaAG's Avatar

Trading feedback: (0)
 
Join Date: May 2012
Posts: 683
Garage
Default

Unfortunately the breach took place with a third party developer who's plugin we use. We were not informed of this issue until quite recently and have begun addressing it accordingly.


Lee
HelenaAG is offline   Reply With Quote
Old 15-06-2016, 08:13 PM   #8
HelenaAG
VZ Editor

 
HelenaAG's Avatar

Trading feedback: (0)
 
Join Date: May 2012
Posts: 683
Garage
Default

Quote:
Originally Posted by Sam Jelfs View Post
When you say "outside of this community" you mean your were hacked and have lost 45 million log in details that were secured with weak encryption?

https://news.slashdot.org/story/16/0...-sports-forums
Nope - the third party plug in was exploited, the info is from Feb, and we just found out about it within the last 72 hours or so.

These tech blogs don't have the full info and going on pure speculation.

Jeff M
HelenaAG is offline   Reply With Quote
Old 15-06-2016, 08:13 PM   #9
Sam Jelfs
Help! I'm trapped in here
 
Sam Jelfs's Avatar

Trading feedback: (2)
 
Join Date: Dec 2001
Location: Valkenswaard, NL
Posts: 14,072
Default

Quote:
Originally Posted by HelenaAG View Post
Unfortunately the breach took place with a third party developer who's plugin we use. We were not informed of this issue until quite recently and have begun addressing it accordingly.


Lee
Would you have ever brought the beach to our attention?
Sam Jelfs is offline   Reply With Quote
Old 15-06-2016, 08:15 PM   #10
HelenaAG
VZ Editor

 
HelenaAG's Avatar

Trading feedback: (0)
 
Join Date: May 2012
Posts: 683
Garage
Default

Quote:
Originally Posted by robocallaghan View Post
Why is this taking weeks to email and force password resets - send out the email asap you are putting other accounts at risk. Turn on reset password function today.

ffs MD5 - it's no longer 1992.

Spend less time

Rob.
The additional security measures have already been put in and the email will go out soon.

Updating a network as large as ours, notifications, testing, and developing fail safes do take some time but should be ready within the next 24-48 hours.

Jeff M
HelenaAG is offline   Reply With Quote
Reply Post New Thread

Bookmarks

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 12:27 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.

Disclaimer: For recreational purposes only, some assembly required. Any resemblance to real persons,
living or dead is purely intentional and the site admins are not responsible for direct, indirect,
incidental or consequential ridicule resulting from any defect or failure to perform. No animals
were harmed in the creation of this forum. Colours may fade over time. No other warranty expressed or implied.

volkszone.com

SupportingSupporting Brad's Cancer Foundation

 













 
© Volkszone • Terms and Conditions of use