Mizmo
Well-known Member
- Location
- Ontario Canada
My SF Password compromised...be aware
- Thread starter Mizmo
- Start date
Lara
Friend of the Arts
- Location
- Mid-Atlantic Coast
hmmm
I got a notice online 2 days ago using the real name of my bank and saying that my password had been compromised and to change it right then and there online. I just ignored it and checked my actual bank account for a few days which was just fine.
I got a notice online 2 days ago using the real name of my bank and saying that my password had been compromised and to change it right then and there online. I just ignored it and checked my actual bank account for a few days which was just fine.
Mizmo
Well-known Member
- Location
- Ontario Canada
I got same thing about a month ago but it was via a text on my mobile with a link to click...no way!hmmm
Of course I deleted but to be on safe side I did change my password through regular channels with bank on line .
hearlady
Ready for Spring!
- Location
- N Carolina
That's all worrisome.
OneEyedDiva
SF VIP
- Location
- New Jersey
Mizmo, how do you think your SF password would have been compromised? It would seem there'd be other more sensitive sites hackers would be looking to hack...like bank accounts.
hearlady
Ready for Spring!
- Location
- N Carolina
People use the same password for many things unfortunately.
OneEyedDiva
SF VIP
- Location
- New Jersey
A SF member who is a hacker?! I have at least 80 different accounts and I don't use the same password for any of them.
dilettante
Well-known Member
Well we did see an influx of crazy looking stuff in various languages the other day. It got cleaned up in a few hours but it did look like a partially successful penetration attempt. I'm not saying member's personal data or passwords were obtained but it did look pretty screwy.
I think they like to harvest passwords from any large site because so many people use the same password for many logins which might include their banks or other valuable targets.
Mizmo
Well-known Member
- Location
- Ontario Canada
I have no idea.
I can only think that it is someone who was trying to get logged in to SF to post under my name. I have not seen any worrisome posts so far but then I am just not able to look at everything. I have to limit my time on keyboard for various resons.
Some people tend to divulge too much information about themselves. I have seen it often in some discussions
I don't, so perhaps that is reason for choosing my name to get in.
Perhaps I should change my name too or quit the forum.......
Last edited:
Mizmo
Well-known Member
- Location
- Ontario Canada
I wouldn't dream of using the same password for everything.
I do not save financial and other personal passwords on line in any browser.
Nathan
Well-known Member
- Location
- High Desert- Calif.
That was a spammer, a hacker would be attempting to gain admin powers in order to access a sites database. A discussion forum such as SF would be an unlikely target.
dilettante
Well-known Member
As it turns out things are far from that simple.
What may appear as "spamming" can be a series of repeated probes, testing things like SQL Injection and scripting attacks. The hunt attempts to locate security holes providing access or control without needing elevation to administrative rights, and in many cases a web application's security model isn't based on machine level or even daemon/server level security.
What I saw looked more like repeated runs of foreign Lorem Ipsum filler text rather than spam as such anyway.
But this kind of site probably has limited value aside from victimizing people who use the same passwords many places.
Nathan
Well-known Member
- Location
- High Desert- Calif.
In this case the spammer tipped his hand pretty early on, and I'm guessing @Matrix banned the user account and blacklisted the IP address.
LadyEmeraude
just call me EM~
This is an interesting thread I’m glad to be reading it right now..
LadyEmeraude
just call me EM~
One morning about two weeks ago, I had a couple odd things occur. For probably half a day and whenever trying to log on to SF it directed me to change my password to access this site.
I though did not change my password. I waited it out and later that day I was able to successfully log in.
Another curious thing was when logging in (trying to) it indicated I needed to review my settings. I though was not logged in yet, it was just some weird anomaly I think. Quirky things happen and also on the particular devices we are using. Laptop, phone, tablet etc..
I though did not change my password. I waited it out and later that day I was able to successfully log in.
Another curious thing was when logging in (trying to) it indicated I needed to review my settings. I though was not logged in yet, it was just some weird anomaly I think. Quirky things happen and also on the particular devices we are using. Laptop, phone, tablet etc..
Last edited:
officerripley
Well-known Member
- Location
- Porlock, Calif
So true, sigh.
Colleen
Senior Member
- Location
- Pennsylvania
A similar thing happened to my Netflix account a while back. I went to Netflix on my TV to watch a movie one night and instead of my name being under the little box that says "Who's watching?", there was some other girl's name. I contacted Netflix and they said to change my password on my account. I did that and also added a PIN when I sign on to Netflix. I never use the same password for my accounts so how they hacked in I don't know. They did watch a couple movies, though...haha.
I never had a problem here, but you're right, I'd be more concerned if it involved money.