IMPORTANT! Have you received an email to your forum username?

N1ckR

Yup, I got one this morning too.

Reset my password just incase.

Barks100

Received one of the e-mails but to the e-mail address on my personal details bit of MSE. The newsletter weekly e-mail goes to a different address and that's had no problems. Hope MSE gets to the bottom of how this has happened.

durham_girl

I've just got one too, although they have spelt my user name slightly wrong, using a capital D rather than lowercase. Also it didn't come through to the email address associated with this user ID, but the email address it came to does get the weekly email but has no user ID attached.

Keith

MSE was compromised many times in the last 12 months, remember the forum was taken down for a few days?

Anyone who is using a forum password as a password to online banking/email is slightly mad.

Jesthar

eslick wrote: »

mine arrived 6.50pm, is there a way of deleting your email that is linked to your username, cant seem to see it stored anywhere in my settings but then again cant find many settings

Yes, there is. In the User Control Panel (User CP) look for Your Profile -> Edit Your Details. The very top option is a button to take you to edit your e-mail and password.

Now, please, your attention for a moment!

Thank you

For my day job I System Administer a highly secure, business-critical internet based system for a major UK company. I also help administer a charity internet forum, although not a vBulletin based one, but the basics are very much the same. So let me see if I can help out a bit, and maybe calm a few worries.

1. Your password is double hashed, not double encrypted. Got that from the vBulletin site. I suspect the term 'encrypted' was used here earlier in an attempt to not confuse people who have no idea what 'hashed' is. Chances are your password is perfectly safe, as it would take quite a lot of computing power to crack it without full database access (and would be tricky even so), but changing it is a fast and reliable way to make sure. This looks more like database access, not individual account access.

2. This is nothing to do with Facebook, Twitter or any Social Networking site. I don't use any of them, but still got an email.

3. This is nothing to do with the weekly e-mail. I use a different address for that than for the forum. At the moment, it's come to only the forum e-mail addy.

4. If you receive the e-mail JUST DELETE IT. You are then safe!

5. If you opened the e-mail, but didn't click on the link YOU ARE SAFE - so just delete the e-mail,

6. If you clicked on the link, your virus protection didn't alert and you downloaded and installed something, I recommend a good, hard scan with your Anti-Virus/Anti- Malware program of choice.

7. There is a geeky saying which can be most politely summarised as - "If it exists and is online, it can be hacked in to". Microsoft gets hacked. Apple get hacked. Gmail gets hacked. NASA get hacked. Banks get hacked. Even the FBI get hacked. And those places will be running secuity far in excess of MSE, as this is simply (no matter how much we love it) a consumer advice forum. There just isn't any valid - or legal - reason for them to be running SSL or HTTPS like my systems do. If someone wants badly enough to get into a site, they will usually manage it. Same as they could your house, y'know? All the laws and all the security in the world isn't enough sometimes, just ask the chap who got into the Queen's bedroom the other year. Yes, in an ideal world it SHOULDN'T happen. But it is a fact of life that it does, and will continue to. Therefore, if you are concerned about personal details becoming known, try to avoid putting them online in the first place, and then use a different password for all systems you log in to, change them frequently and set up specific e-mail accounts for signing up to anything which might either be sensitive or result in spam. Yes, it's a lot of work, but it's the most effective way of reducing potential problems.

8. When I have a major problem with my system, I first spend a bit of time trying to run down what is wrong and whether or not I can fix it quickly before I take the step of a global user notification. If it's a wider problem, users get one or two updates a day at the most. The rest of the time is spent trying to get things *fixed* I'm sure they'd like minute by minute updates, but a) I'm equally sure they'd prefer the system to be working again, and b) I prefer to given them facts, not speculation, and facts can take time to emerge. I'm sure we'll get pertinent information as and when things progress.

9. I suspect the reason threads on this topic keep getting merged is the small army of MSE Board Guides (unpaid volunteers) quietly getting on with things in the background (kudos to you guys!)

10. Trust takes a lifetime to build, and a moment to destroy. For this site to remain effective, it requires trust. I therefore doubt that the information was sold or otherwise traded. Accidentally disseminated remains an option, of course, but MY first question, therefore, is who would profit from MSE not being trusted any more...?

~Jes

tashmatthews

Both myself and husband have received one!!

Addressed to our user names aswell :cool:

SugarSpun

Excellent post Jesthar, thank you.

Sarah_Joanne

I joined before December 2009 and I have NOT received an email

Myrmidon_Hunter

The email I received did not use my registered forum username nor my registered forum email address.

mikeyk_2

Jesthar wrote: »

7. There is a geeky saying which can be most politely summarised as - "If it exists and is online, it can be hacked in to".

As a person in a similar job, the only way to be 100% sure of a secure IT system is to turn it off and remove the power cable