Per the latest announcements we will be resetting everyone’s passwords. Shortly you should be receiving an email directing you how to change your password. It will look like this:
Subject: Your new password for *site name*
Your password has been reset by an administrator. Your new details are as follows:
Password: *Randomly generated temp password*
To change your password, please visit this page: *link to password reset edit page from USERCP*
If you suspect this email is a scam, you can confirm the legitimacy of this email by manually navigate to the forum URL yourself and use your new password to log in.
All the best,
As you can see it will give you a randomly generated temporary password, as well as telling you where you need to go to updated it accordingly.
If you do not receive this email please go to the contact us page and select Other, and type in Security Password Update Issues
We’re sorry for the inconvenience.
Better late than never. This password change is a reactive measure - not a proactive one.
I do appreciate the prompt corrective reaction to the breach and don't mind the required password change with the updated complexity requirements.
I would hope that a stronger hash than MD5 was selected and that the other issues outlined below are also being addressed.
Poor OPSEC led to this in the first place. I'm sure they'll do better going forward. Unfortunately data breaches of all sorts are a fact of life today.
After researching the nature of the breach that initiated this password change I discovered that:
VerticalScope [The parent company of AutoGuide] ... may have stored too much data in one or several connected servers. The volume of data cracking one server may have given hackers access to several others, as they say, “there is no other way to explain a theft on such a large scale.”
Furthermore, a database sample given to ZDNet shows passwords that were hashed and salted with MD5, an obsolete method that is now too easy to decipher. In addition to passwords, email addresses, the site visited and a user’s IP information (which can be sometimes be used to determine location) are all listed in conjunction with the usernames that were compromised.
Lack of HTTPS encryption and the use of vulnerable older versions of the vBulletin forum software were other weaknesses in VerticalScope sites noted by ZDNet.
If you’d rather search for your particular username or other identifying data, LeakedSource now includes all of the hacked information from the VerticalScope network.
Mods? Yea, I got mods ... Air silencer delete, warp drive, dilithium crystals, flux capacitor, Slingshot Rubber band power adder, Moonshine & Gas, Leaf Blower Supercharger, Hamster Wheel & Hamster, Energizer Bunny generating 1.21 gigawatts, Mr. Fusion® Home Energy Reactor, hover conversion and a sextant celestial navigation system (The original GPS)
Best 1/4: 1,320 nanoseconds @ 670,616,629.2 miles per hour
"There isn't that much difference anymore between spacecraft, aircraft and modern automobiles..." - Keith Henry, NASA's Langley Research Center
See a list of my real mods and pictures of my car HERE. The true performance of my car was made possible by the Carolinas Crew Chief, RobertP at Rob's Tire & Auto.
Last edited by Trunk Monkey; 06-22-2016 at 08:12 AM.