Jump to content

All members should CHANGE their passwords - Help thread

Shawn

By Shawn
in MW Site News & Member Feedback

 Share

Recommended Posts

Shawn SMS Squadron Leader

Shawn

Posted
Posted

This is the 2nd time we've had someone use an old/reused password on the boards to post in the sales section.

I suggest everyone change their passwords immedietely...I might try to see if I can do a forum wide force for everyone.

Again PLEASE don't REUSE passwords from other sites...once one site is compromised, if you use that password somewhere else, they've can get in here (or someplace much more important than a robot forum!!)
Shawn

Shawn SMS Squadron Leader

Shawn

Posted
  • Author
Posted

I am forcing all members to change their passwords...2 re-uses in 1 week is just too much

Sorry for the  troubles...hopefully this clears out old potential account targets

Let me know if you have problems...asssuming you can reset and log back in 😛

Oh man...this blows
Shawn

Shawn SMS Squadron Leader

Shawn

Posted
  • Author
Posted

If the password reset functionality is working...I'll see some recent posts, so let me know if you able to get back into the forums, else I'll start checking for errors
S

Seto Kaiba Super Dimension Member

Seto Kaiba

Posted
Posted

It would probably have been a good idea to send a mass email and/or put up a more visible notice that there was a forced password reset beforehand.

Just making a thread about it in the forums really doesn't cut it as notification, since most users first impulse on seeing they've been logged out will be to try to log back in before trying to read new posts in the forums and the forums'll tell 'em their account is locked.

azrael Super Dimension Member

azrael

Posted
Posted
43 minutes ago, Seto Kaiba said:

It would probably have been a good idea to send a mass email and/or put up a more visible notice that there was a forced password reset beforehand.

Just making a thread about it in the forums really doesn't cut it as notification, since most users first impulse on seeing they've been logged out will be to try to log back in before trying to read new posts in the forums and the forums'll tell 'em their account is locked.

Email is a terrible idea if people's email accounts are compromised as well (and that's likely the case).

Shawn SMS Squadron Leader

Shawn

Posted
  • Author
Posted

There is no real winning solution....and again sorry for the troubles, I sort of went nuclear when I saw the 2nd account compromised by reuse
I also enabled stronger passwords, so the older 'pass123' from 10 years ago won't work anymore either
Hopefully we can put this password re-use issue behind us soon

Chowser Pineapple Eater

Chowser

Posted
Posted

Updated and everything works.  It seems to be happening everywhere where someone uses someone's old compromised account to try and rip people off.

I'm just happy that the password requirement is 20+ characters like some of the gov't websites I use. lol

Savvi ARMD Deck Swabber

Savvi

Posted
Posted

I've also changed my password. Thanks for the alert! (My password is now super different from everything else!)

[back to lurking]

Renmazuo Cannon Fodder

Renmazuo

Posted
Posted

Good to see it was something prompted by you! I wasn't sure I could trust the email (because I've not logged in on the site for ages) so I instead got to the site, used the "Forgot your password?" prompt and did it like that. 

Seto Kaiba Super Dimension Member

Seto Kaiba

Posted
Posted
11 hours ago, azrael said:

Email is a terrible idea if people's email accounts are compromised as well (and that's likely the case).

True, if the owner of a hacked account used the same password for their email their email is likely compromised too... but we're talking about the other 99.9% of the userbase who aren't.  To them, just showing up and not being able to log in without any readily visible clue as to why is a problem that may lead some to believe erroneously they've been banned, that the forum has been hacked, etc.

Shawn SMS Squadron Leader

Shawn

Posted
  • Author
Posted

I'll scrub through the account email issues later tonight...will close the other alert threads so I can focus on this one for getting members back on track

Seems like most people have had success getting their accounts reset (I know it was annoying), the problematic ones with old emails and things will be resolved tonight.

We've been online for over 20 years...so I can definitely understand how some email providers have simply vanished...and if your MWF account just worked...well it just worked.

Shawn

  • azrael changed the title to All members should CHANGE their passwords - Help thread
Shawn SMS Squadron Leader

Shawn

Posted
  • Author
Posted

I am working through the following user accounts (orig,temp new)

Alphahorizon,Alphahorizon_2
sh9000,sh002
Drad,Darkonnen
derex3592,derex3593
yman1437,yman1437_2

When I am re-verifying who you are, I'm using IP recorded IP addresses and devices as the first round.
It is really hard to 'prove' if the new you is the old you...imagine saying 'yeah..I'm me, I swear'...when your IP address is in a different state, or bouncing around all over locations when your old usage showed a different usage pattern.

It might have been easier to just close for For Sale section LOL...this is a hot mess, but work with me.
Anything about your old profile would be very helpful to me right now...I really hate asking for any personal information about location, but this might be the exception.
S

brouken Global's Pipe Holder

brouken

Posted
Posted

Wow, I wondered why I was signed out and my password didn't work when I tried logging in. Got the verification email and updated my password. Hope you get things sorted out Shawn! 

Shawn SMS Squadron Leader

Shawn

Posted
  • Author
Posted

If you are VPN user, I would ask for your to try and use your original phone or computer account for a post or two to help me match your current vs old.

VPNs are really screwing this up...as they are meant to do! 😛

 

wmkjr SMS Squadron Leader

wmkjr

Posted
Posted

Thanks for the heads up! Got an email notification and came here to check if it's a scam or not. No VPN.

wmkjr SMS Squadron Leader

wmkjr

Posted
Posted

Only hiccup was trying to type new password, 2nd time wasn't registering and showed up not matching but hit the save and it went thru. VPN on.

Shawn SMS Squadron Leader

Shawn

Posted
  • Author
Posted

Ok, the IP adress history is working for 2 out of 3 accounts so far, so this should be able to work for some of us.
Again, I'm sorry to ask you to do this, but if you are using VPN, please turn if off for a message or two to me, then you can re-enable.
The forum software might take a little time to aggregate the info into its report, so please be patient until the info is presented to me.

My methodology is to looking up the current IP of your temp account to the old account from dec 21 and earlier (well before hacker person started the trouble...I assume)
If I see the IP there it is a go.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...