We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
IMPORTANT! Have you received an email to your forum username?
Options
Comments
-
I've just signed in under my mums username and the banner showing this email warning is not showing, yet when i sign in under my own username it shows? confused?? i am ?? lolMy beloved dog Molly27/05/1997-01/04/2008RIP my wonderful stepdad - miss you loads:Axxxxxxxxx:Aour new editionsSenna :male: and Dali :female: both JRT0
-
People should be scared into thinking about how they manage their passwords. Even if there is no risk of them being disclosed this should act as a wakeup call to people who use the same password across multiple sites, and those who use simple passwords.Would those who keep saying it's likely that passwords have been compromised without any proof please STOP!
It's highly irresponsible, wrong, and scares people.
No good website would store passwords in clear text and vBulletin certainly doesn't. Not even the admins of MoneySavingExpert could find out your password.
Do a search for "salted hasing".
In a nutshell it means that websites have a system where you give them your password and they can tell if it's correct without actually having to store the password itself.
Your password would not be stored here, only a hash of the password and that can't be used to obtain access to your account
Going back to if people's passwords have been compromised, the answer is you cannot say for sure either way.
Yes vBulletin only stores salted hash of a users password, but we do not know exactly what data has been compromised. If the salt was taken then it wouldn't be too difficult to run a dictionary attack against the hashes and pick out common passwords.0 -
I've just signed in under my mums username and the banner showing this email warning is not showing, yet when i sign in under my own username it shows? confused?? i am ?? lol
Before i signed in the banner was there, then after signing in so i could vote on the poll for her, the banner disappeared.
Maybe not everyone who uses MSE is aware there is a problem?My beloved dog Molly27/05/1997-01/04/2008RIP my wonderful stepdad - miss you loads:Axxxxxxxxx:Aour new editionsSenna :male: and Dali :female: both JRT0 -
MSE_Martin wrote: »... We will be including this in the news story and intend to PM every forum member - as well as expanding the warnings on the change password page and new sign up page about not using such a password.Thankfully it seems most people who've received the email are finding it when they check their junk or spam folders. The senders seem to be sophisticated techies, but not too good at their spamming by confusing different websites.
Unfortunately a site like MSE is constantly under attack from hackers, I learned today that it seems almost every minute someone is trying to hack our info - most of these attempts come from overseas - even though we have very little for these people to harvest other than email addresses - far less lucrative than if we help data such as addresses that could help with ID fraud.
Over the last year we've been through a number of security updates, and brought in external consultants to probe and tests the site's security. Its something we take very seriously to protect our users - yet technology isn't perfect and determined hackers can on occassion, as this seems find their way in. Again my personal apologies as well as from my team - I am very sorry this has happened, but we're doing our best to work with it.
Martin
I've been very critical of this issue and I believe rightly so, but credit where credit is due. Thank you for your apology and for the PM users will be getting which will obviously make infrequent users aware of the issue.I'm hoping in the future this can be done to inform users of another breach which will probably happen again. A PM to each user about the breach last year may have saved this whole panic.
I would say that it might appear to be overseas but could easily be controlled from this country. It is worrying that there is no evidence of their presence though!0 -
I had an email, too.0
-
I got one, it was promptly ignored and deleted.0
-
Curiously enough, still no email to this Username (but there has been to the Tigs identity)0
-
Sorry to revive an old thread, but I've just received the "MoneyExpert" spam email with mention of defaqto etc, complete with link to what I assume to be a virus/trojan of some sort. So they're still up to their old tricks.0
-
I got an email too - late last night, which Hotmail immediately dispatched into the junk box.Don't wait for the storm to pass
Learn to dance in the rain0 -
MSE_Martin wrote: »Unfortunately a site like MSE is constantly under attack from hackers, I learned today that it seems almost every minute someone is trying to hack our info
So after X years someone bothered to inform Martin the extent of a security issue surrounding a site run in his name? I find that quite surprising that this information hadn't been requested by Martin or conveyed to him earlier!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.2K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.2K Work, Benefits & Business
- 599.3K Mortgages, Homes & Bills
- 177K Life & Family
- 257.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards