Attention - Password and Security Update - Page 2
Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 47

Thread: Attention - Password and Security Update

  1. #11
    Administrator cmfadmin's Avatar
    Join Date
    Oct 2008
    Posts
    351
    Passwords were not compromised, but enough information was gleamed that anyone with a simple password could have their account compromised.

    The article fails to mention that the breach was for a third party plugin. This breach is on countless sites across the internet and not just limited to ours.

    Their system was compromised and they grabbed user data for us and thousands of others. We cleared our part of the breach and went this route to further security. This is also in place as many members on the internet use the same or similar passwords across all things they use.

    We cannot go into detail at the moment as it is being dealt with on a legal level.

    ~ Glenda

  2. #12
    Senior Member humble_pie's Avatar
    Join Date
    Jun 2009
    Posts
    11,312
    Quote Originally Posted by hboy43 View Post
    Interesting that I think 7 of the last 10 people to visit my profile are people that have never posted a single post here. I am assuming that all 7 are here solely to hunt for personal data. I invite others to check their profile pages also to perhaps lend credence to my suspicions.

    we've talked about these chronic lurkers before. They're lurking on almost everyone's personal page. I always have a few of these chronic visitors. They're a bit like those Zebra barnacles that cling to the hulls of boats in the great lakes these days (trying to think of a metaphor that a sailor might like.)

    since a maximum of 10 visitors only can be accommodated at one time, on my page sometimes one of the chronic lurkers gets displaced by a real cmf forum member who comes visiting.

    what happens afterwards is that the displaced Zebra barnacle immediately gets itself or himself or herself back on board. So, in effect, i always have them. Only about 3 or 4 of them, though.

    what i do appreciate is Glenda coming here from time to time to update us. Just A Guy posted a linked story reciting that 45,000 Vertical Scopes client profiles had been stolen. Perhaps some were from cmf forum.

    instead of being rare stories, hacking stories like this are commonplace these days. It's widely said that the best way for managers to handle mishaps is to confront the issue promptly & deal with the issue in public, at least to a certain extent. So updates from Glenda are certainly very welcome.

    .
    Last edited by humble_pie; 2016-06-16 at 03:14 PM.
    ''bonté gracieuse et toute cette sorte de chose" - Astérix chez les bretons]

  3. #13
    Senior Member
    Join Date
    Sep 2013
    Location
    Ontario
    Posts
    775
    Quote Originally Posted by cmfadmin View Post
    [FONT="]Hey all,[/FONT]

    [FONT="]Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:[/FONT]

    [FONT="]1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and[/FONT]

    [FONT="]2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it. [/FONT]

    [FONT="]We'll also be sending out an email to users to let them know about the changes, in upcoming weeks. [/FONT]

    [FONT="]Thanks all, [/FONT]
    [FONT="]Helena[/FONT]
    [FONT="]Community Management[/FONT]
    Helena,
    You have posted the same message on dozens of other sites. (Google search results here)

    As a member of one of those, I have first hand experience with the changes you are implementing. On that site, it was a complete disaster. Many Many forum members unable to access their site. Email advising what action required not received. In my case, even username mix of UC/LC changed. In my case, when site said it had sent me a temporary password, it did not arrive. messages to "contact us" not responded to. I finally got my access to that site sorted out myself after over an hour. Some other forum members still have no access.

    Please try and get your act together before inflicting CMF with the same problems.

  4. Remove Advertisements
    CanadianMoneyForum.com
    Advertisements
     

  5. #14
    Administrator cmfadmin's Avatar
    Join Date
    Oct 2008
    Posts
    351
    Due to the password resets we were performing, several mail providers have throttled our overnight password resets on this community. We have upgraded our email service so this won't happen again. If you have not received a password reset as of yet, please request one using the "forgot password" function.

    Kevin

  6. #15
    Senior Member
    Join Date
    Mar 2012
    Posts
    3,287
    Must say that this was poorly thought out as usual. Instead of giving a heads up that we may encounter problems (I was one who didn't get the email), you implement it across the board (pun intended) or should I say boards and run into serious issues. I discovered I couldn't log in and then had to figure out the solution as I wasn't going to read the site without being logged in...since I'm the type who deals with the problem first.

    Nice to see, now that I'm logged in, that you posted a solution. Once again though, too little, too late.

    I've been through a number of these "ideas" now, and I'm wondering if it's really worth the hassle...
    I'm not JustAGuy (without spaces), or Donald, or <insert name here>.

  7. #16
    Senior Member
    Join Date
    Jan 2016
    Posts
    3,359
    Quote Originally Posted by Just a Guy View Post
    Must say that this was poorly thought out as usual. Instead of giving a heads up that we may encounter problems (I was one who didn't get the email), you implement it across the board (pun intended) or should I say boards and run into serious issues. I discovered I couldn't log in and then had to figure out the solution as I wasn't going to read the site without being logged in...since I'm the type who deals with the problem first.

    Nice to see, now that I'm logged in, that you posted a solution. Once again though, too little, too late.

    I've been through a number of these "ideas" now, and I'm wondering if it's really worth the hassle...
    Relax, it's not such a big deal and they did it to safeguard our security. We should be grateful.

  8. #17
    Senior Member
    Join Date
    Mar 2012
    Posts
    3,287
    As someone who has a company in this industry, I know what's done in the background probably better than most.

    When we implement such things, we do it with a plan, and plenty of communication...which outlines what we are going to do, what our clients should expect, what the timeline is, and what contingencies there are if things don't work out properly. We do this well in advance, to ensure everyone is aware.

    As someone who already had a strong password, and protected my personal information, I can tell you they didn't do it for me, they did it after they were breached.

    This was an ill thought out, knee jerk reaction with no forethought in reaction to poor existing procedures. It's also not the first such occurrence.

    It's not like if you send out 10,000's of emails, of not hundreds of thousands of them (seeing as they did this across all their sites) should be surprised that email servers are going to react...especially in this age of spam.
    I'm not JustAGuy (without spaces), or Donald, or <insert name here>.

  9. #18
    Senior Member
    Join Date
    Jan 2016
    Posts
    3,359
    Yes, and the expectations are totally different when you are running a for profit company vs a chatboard.

  10. #19
    Senior Member
    Join Date
    Mar 2012
    Posts
    3,287
    I'm sure verticalscope is running this for profit and not out of the goodness of their hearts.
    I'm not JustAGuy (without spaces), or Donald, or <insert name here>.

  11. #20
    Senior Member olivaw's Avatar
    Join Date
    Nov 2010
    Location
    Alberta
    Posts
    2,249
    Security changes made in response to a security incident are almost always inconvenient to end users. I too was taken by surprise by the password change and managed to get myself locked out briefly. The inconvenience of it was so minor that I thought it barely worth mentioning. Imagine my surprise when I found out that there are CMFers who are beside themselves with grief and anger. Cheer up folks.
    If you have something to say - then say.

Page 2 of 5 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •