independent and unofficial
Prince fan community
Welcome! Sign up or enter username and password to remember me
Forum jump
Forums > General Discussion > Org Site Hacked
« Previous topic  Next topic »
  New topic   Printable     (Log in to 'subscribe' to this topic)
Author

Tweet     Share

Message
Thread started 01/24/22 6:07pm

TrivialPursuit

avatar

Org Site Hacked

Ben posted this in another forum, one which folks may not check a lot. So read here: https://prince.org/msg/3/468500


It would appear that some nefarious folks have attacked prince.org and found a security hole through which they were able to determine some of the database structure, and then extract usernames, email addresses, and passwords. It's unclear to me how many they managed to actually extract (possibly zero, but we should assume they were able to extract ALL just to be on the safe side).

Hence why you'll need to get a new password to sign in, which will be mailed to your email address on file. You can of course change the password to somethign else, but please do NOT change it back to your original password, as you should assume another party now has that one.

Uncharacteristically sloppy coding on my part, so apologies. It's been remedied and I will do an audit of other similar vectors, it's certainly possible there's another one somewhere lurking. Sorry. Kind of amazing that we actually managed to go over 20 years without a similar successful attack though...

[Edited 1/25/22 0:13am]

Sorry, it's the Hodgkin's talking.
  - E-mail - orgNote - Report post to moderator
Reply #1 posted 01/24/22 7:59pm

89Flowers

avatar

Formerley UncleGrandpa, now I'm using my second account as my primary. 18 years of info lost but I'm fine with that. Let's start anew.

This post has been modified from its original thought. It has been formatted to fit into the space and run in the time allotted.
  - E-mail - orgNote - Report post to moderator
Reply #2 posted 01/24/22 10:49pm

MsSeaOfEveryth
ing

TrivialPursuit said:

Ben posted this in another forum, one which folks may not check a lot. So read here.


It would appear that some nefarious folks have attacked prince.org and found a security hole through which they were able to determine some of the database structure, and then extract usernames, email addresses, and passwords. It's unclear to me how many they managed to actually extract (possibly zero, but we should assume they were able to extract ALL just to be on the safe side).

Hence why you'll need to get a new password to sign in, which will be mailed to your email address on file. You can of course change the password to somethign else, but please do NOT change it back to your original password, as you should assume another party now has that one.

Uncharacteristically sloppy coding on my part, so apologies. It's been remedied and I will do an audit of other similar vectors, it's certainly possible there's another one somewhere lurking. Sorry. Kind of amazing that we actually managed to go over 20 years without a similar successful attack though...

Wow so now this explains why i had a hard time signing in. wink

  - E-mail - orgNote - Report post to moderator
Reply #3 posted 01/25/22 1:47am

EmmaMcG

I was almost locked out of the org forever razz . My ex set this account up for me years ago with a throwaway email address. I never even knew what that email address was. It's just thanks to some really good luck and his incredible memory that he was able to recall what that email address was so that he was able to give me the new password. If not for that, that would have been the end of me on this site.

Though, I am now contemplating deleting my account anyway...
  - E-mail - orgNote - Report post to moderator
Reply #4 posted 01/25/22 1:56am

kpowers

avatar

EmmaMcG said:

I was almost locked out of the org forever razz . My ex set this account up for me years ago with a throwaway email address. I never even knew what that email address was. It's just thanks to some really good luck and his incredible memory that he was able to recall what that email address was so that he was able to give me the new password. If not for that, that would have been the end of me on this site. Though, I am now contemplating deleting my account anyway...

shocked omfg no no no! batman

  - E-mail - orgNote - Report post to moderator
Reply #5 posted 01/25/22 7:51am

coldcoffeeandc
ocacola

avatar

EmmaMcG said:

I was almost locked out of the org forever razz . My ex set this account up for me years ago with a throwaway email address. I never even knew what that email address was. It's just thanks to some really good luck and his incredible memory that he was able to recall what that email address was so that he was able to give me the new password. If not for that, that would have been the end of me on this site.

Though, I am now contemplating deleting my account anyway...



sad
  - E-mail - orgNote - Report post to moderator
Reply #6 posted 01/25/22 9:07am

nayroo2002

avatar

Aaaaahhhhh.

So that explains all those viagra spams in my mailbox.

"Whatever skin we're in
we all need 2 b friends"
  - E-mail - orgNote - Report post to moderator
Reply #7 posted 01/25/22 11:45am

TrivialPursuit

avatar

nayroo2002 said:

Aaaaahhhhh.

So that explains all those viagra spams in my mailbox.


Does it, though? lol lol lol

Sorry, it's the Hodgkin's talking.
  - E-mail - orgNote - Report post to moderator
Reply #8 posted 01/25/22 12:33pm

nayroo2002

avatar

TrivialPursuit said:

nayroo2002 said:

Aaaaahhhhh.

So that explains all those viagra spams in my mailbox.


Does it, though? lol lol lol

Since i've been a "member" of the Org, yeah

"Whatever skin we're in
we all need 2 b friends"
  - E-mail - orgNote - Report post to moderator
Reply #9 posted 01/25/22 2:49pm

onlyforaminute

avatar

EmmaMcG said:

I was almost locked out of the org forever razz . My ex set this account up for me years ago with a throwaway email address. I never even knew what that email address was. It's just thanks to some really good luck and his incredible memory that he was able to recall what that email address was so that he was able to give me the new password. If not for that, that would have been the end of me on this site.

Though, I am now contemplating deleting my account anyway...

This may be the case for a lot of people. I know I have active email accounts I've never been on because of services I haven't used in years. I just happened to use one I do peek at for this place.
Time keeps on slipping into the future...


This moment is all there is...
  - E-mail - orgNote - Report post to moderator
Reply #10 posted 01/25/22 3:30pm

EmmaMcG

coldcoffeeandcocacola said:

EmmaMcG said:

I was almost locked out of the org forever razz . My ex set this account up for me years ago with a throwaway email address. I never even knew what that email address was. It's just thanks to some really good luck and his incredible memory that he was able to recall what that email address was so that he was able to give me the new password. If not for that, that would have been the end of me on this site.

Though, I am now contemplating deleting my account anyway...



sad



I'd give it a week before I'm forgotten about completely.
  - E-mail - orgNote - Report post to moderator
Reply #11 posted 01/25/22 3:31pm

EmmaMcG

kpowers said:



EmmaMcG said:


I was almost locked out of the org forever razz . My ex set this account up for me years ago with a throwaway email address. I never even knew what that email address was. It's just thanks to some really good luck and his incredible memory that he was able to recall what that email address was so that he was able to give me the new password. If not for that, that would have been the end of me on this site. Though, I am now contemplating deleting my account anyway...

shocked omfg no no no! batman



Not decided yet. We'll see what happens.
  - E-mail - orgNote - Report post to moderator
Reply #12 posted 01/25/22 3:57pm

PennyPurple

avatar

EmmaMcG said:

kpowers said:

shocked omfg no no no! batman

Not decided yet. We'll see what happens.

Awe, c'mon you've got to keep us updated on the kids.

  - E-mail - orgNote - Report post to moderator
Reply #13 posted 01/25/22 5:03pm

OnlyNDaUsa

avatar

so if your email used here used the same password... change that one too. and the site stores passwords as plain text, they should be encrypted

"Keep on shilling for Big Pharm!"
  - E-mail - orgNote - Report post to moderator
Reply #14 posted 01/25/22 6:43pm

prb

avatar

OnlyNDaUsa said:

so if your email used here used the same password... change that one too. and the site stores passwords as plain text, they should be encrypted


The password i used here i only used here- thank goodness.
seems that i was busy doing something close to nothing, but different than the day before music beret
  - E-mail - orgNote - Report post to moderator
Reply #15 posted 01/26/22 12:36am

kpowers

avatar

EmmaMcG said:

kpowers said:

shocked omfg no no no! batman

Not decided yet. We'll see what happens.

Great, first Betty White and now this

  - E-mail - orgNote - Report post to moderator
Reply #16 posted 01/26/22 12:02pm

IanRG

I needed to get my email address changed. I still use the email that I signed up with and works for everything else (including orgnotes) but I never got the warning email.

.

If the hack means that you are currently forced to lurk, perhaps you will need to do the same.

  - E-mail - orgNote - Report post to moderator
Reply #17 posted 01/26/22 1:23pm

OnlyNDaUsa

avatar

There is a web site that checks your email to see if it was owns or on the dark web or something...

https://haveibeenpwned.com/
"Keep on shilling for Big Pharm!"
  - E-mail - orgNote - Report post to moderator
Reply #18 posted 01/26/22 2:50pm

IanRG

OnlyNDaUsa said:

There is a web site that checks your email to see if it was owns or on the dark web or something... https://haveibeenpwned.com/

.

This is a marketing site for a password manager. It only reports possible breaches. Mine reports:

.

1 A 2013 commonly known Adobe breach long since addressed

.

2 A 2014 unverified potential breach

.

3 A 2017 spambot that grabbed millions of emails and some passwords with no indication of which or for what.

.

4 A 2019 file that included some background information not passwords or IDs on millions of people with no indication of which or for what

.

5 A 2019 email and background data breach for millions with no passwords. Again, not indication of what data or for what.

.

Aside from the commonly known first one, the service is no good. It is unable to tell you which identities and passwords have recently been breached.

.

You are much better off using a password manager, enabling 2 factor authentication and using different and hard to hack passwords that are not based on prior passwords, especially old ones.

  - E-mail - orgNote - Report post to moderator
Reply #19 posted 01/26/22 3:20pm

OnlyNDaUsa

avatar

IanRG said:

OnlyNDaUsa said:

There is a web site that checks your email to see if it was owns or on the dark web or something... https://haveibeenpwned.com/

.

This is a marketing site for a password manager. It only reports possible breaches. Mine reports:

.

1 A 2013 commonly known Adobe breach long since addressed

.

2 A 2014 unverified potential breach

.

3 A 2017 spambot that grabbed millions of emails and some passwords with no indication of which or for what.

.

4 A 2019 file that included some background information not passwords or IDs on millions of people with no indication of which or for what

.

5 A 2019 email and background data breach for millions with no passwords. Again, not indication of what data or for what.

.

Aside from the commonly known first one, the service is no good. It is unable to tell you which identities and passwords have recently been breached.

.

You are much better off using a password manager, enabling 2 factor authentication and using different and hard to hack passwords that are not based on prior passwords, especially old ones.

YES 2 factor is good as are managers. But this site seems decent. I also have other monatoring services...

"Keep on shilling for Big Pharm!"
  - E-mail - orgNote - Report post to moderator
Reply #20 posted 01/26/22 7:27pm

luv4u

Moderator

avatar

moderator

lock Post on that other link. Thanks

canada

Ohh purple joy oh purple bliss oh purple rapture!
REAL MUSIC by REAL MUSICIANS - Prince
"I kind of wish there was a reason for Prince to make the site crash more" ~~ Ben
  - E-mail - orgNote - Report post to moderator
  New topic   Printable     (Log in to 'subscribe' to this topic)
« Previous topic  Next topic »
Forums > General Discussion > Org Site Hacked