Attention - Password and Security Update - Triumph675.Net Forums
Triumph675 Site Issues Got ideas on how to improve the site or having problems on the site? We'd like to hear about them.

Reply
 
Thread Tools Display Modes
post #1 of 11 Old 06-14-16, 12:05 Thread Starter
administrator
Administrator
 
Join Date: Oct 2005
Location: Toronto
Posts: 1,023
Thanks: 13
Thanked 52 Times in 37 Posts
Send a message via MSN to administrator
Attention - Password and Security Update

Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
administrator is offline  
The Following User Says Thank You to administrator For This Useful Post:
Bamboo671 (06-14-16)
Sponsored Links
Advertisement
 
post #2 of 11 Old 06-14-16, 13:12
Bamboo671
Senior Member
 
Bamboo671's Avatar
 
Join Date: May 2008
Location: 671
Posts: 4,463
Thanks: 93
Thanked 98 Times in 93 Posts
Garage
Thanks for the update and all the hard work you and the other admins do to keep this site great!

1997 YZF100R/Thunderace - She committed suicide 15Mar07!
2008 Daytona 675 - She was murdered 30Jan13
2013 Daytona 675R - Sexy reincarnation 15Mar13! Here's my build



"Win or learn...never lose"
Bamboo671 is offline  
post #3 of 11 Old 06-14-16, 13:40
Neanderthal
Senior Member
 
Neanderthal's Avatar
 
Join Date: Oct 2008
Location: Springfield, MO
Posts: 8,088
Thanks: 205
Thanked 253 Times in 216 Posts
Garage
Do we go ahead and change the password now (and where do we do that), or do we wait until we try to access the site and are forced to type in a new password?
Neanderthal is offline  
 
post #4 of 11 Old 06-15-16, 02:25
Wesjob
Junior Member
 
Join Date: Mar 2016
Location: Zushi Kanagawa, Japan
Posts: 39
Thanks: 0
Thanked 1 Time in 1 Post
Garage
Thanks for the update!
Wesjob is offline  
post #5 of 11 Old 06-15-16, 16:08 Thread Starter
administrator
Administrator
Threadstarter Threadstarter
 
Join Date: Oct 2005
Location: Toronto
Posts: 1,023
Thanks: 13
Thanked 52 Times in 37 Posts
Send a message via MSN to administrator
Quote:
Originally Posted by Neanderthal View Post
Do we go ahead and change the password now (and where do we do that), or do we wait until we try to access the site and are forced to type in a new password?
Hey there,

You will receive a prompt to reset your password. I'm not too sure when this will happen, but within the near future.
You can go ahead and change your password now if you'd like, but as mentioned you will have to change it again.

For those of you who are curious on how to do that go to:
User CP -> Your Control Panel -> Settings and Options -> Edit Email and Password.

If you guys have any more concerns/questions/feedback regarding this issue, please feel free to post them here!

Thank you for your understanding and patience,

Richard.
administrator is offline  
The Following 2 Users Say Thank You to administrator For This Useful Post:
Bamboo671 (06-16-16), Neanderthal (06-15-16)
post #6 of 11 Old 06-21-16, 00:53
nelson
BOTM Winner
 
nelson's Avatar
 
Join Date: Dec 2009
Posts: 831
Thanks: 7
Thanked 12 Times in 11 Posts
Garage
nelson is offline  
post #7 of 11 Old 06-22-16, 15:53 Thread Starter
administrator
Administrator
Threadstarter Threadstarter
 
Join Date: Oct 2005
Location: Toronto
Posts: 1,023
Thanks: 13
Thanked 52 Times in 37 Posts
Send a message via MSN to administrator
Hey there,

We are not at liberty to say too much as this issue is being investigated by authorities.

There are articles going around, talking about the issue, though they leave a lot out. A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

I hope this helped clarify some things.
If you have any Concerns/Comments/Questions about this, please feel free to ask us here.


~Shane
administrator is offline  
post #8 of 11 Old 06-22-16, 16:21
nelson
BOTM Winner
 
nelson's Avatar
 
Join Date: Dec 2009
Posts: 831
Thanks: 7
Thanked 12 Times in 11 Posts
Garage
Quote:
Originally Posted by administrator View Post
Hey there,

We are not at liberty to say too much as this issue is being investigated by authorities.

There are articles going around, talking about the issue, though they leave a lot out. A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

I hope this helped clarify some things.
If you have any Concerns/Comments/Questions about this, please feel free to ask us here.


~Shane
I'm sorry, Shane, but this is not clear.

Since user data has been compromised, all users should be informed as they may use the same password for other sites (e.g. banking, email, etc.) That would be really important information that everyone needs to know.

This has really been poorly handled.
nelson is offline  
post #9 of 11 Old 06-23-16, 13:23 Thread Starter
administrator
Administrator
Threadstarter Threadstarter
 
Join Date: Oct 2005
Location: Toronto
Posts: 1,023
Thanks: 13
Thanked 52 Times in 37 Posts
Send a message via MSN to administrator
hey nelson,

Im sorry you feel its been poorly handled.

we will be and have been sending out forced password changes, patched our end of the breach a bit ago, putting in extra security, and notifying all users, admins, mods, including everyone at our office to make all the changes as the users have. its for the extra security boost. and also, to keep the users accounts safe, along with everyone elses for the future. this patches everything. its a matter of "just in case" kind of thing. :)

We appreciate all the input on the matter though. And we do apologize for any inconvience this causes.

Protecting your account here will protect this site from being vandalized, and will help protect accounts on other sites. The basic info (ie. email) that could be gleamed from a hacked account could compromise other accounts on different sites, ones that may have access to more sensitive information. paypal sites, shopping sites, etc. to name a few. Adding complexity puts a stopper on that happening. We are putting in this changes to not just amp up security, but also to help with user account safety as users use the same password, or in some cases, the same email and username for sites with more sensitive information when on the internet.



as such, we thought this would be the best course of action to touch base with all users, and cover everyone. :)


Let me know if you have any further inquiries and questions.


~Shane
administrator is offline  
post #10 of 11 Old 06-24-16, 20:43
Snowman1985
Junior Member
 
Join Date: Aug 2012
Posts: 116
Thanks: 13
Thanked 5 Times in 4 Posts
Super-duper passwords dont help hacks/breaches. The new password requirements are unnecessarily complex for a forum. This isn't access codes for nukes.

2011 Daytona. OEM Quickshifter, Zero Gravity DB, Saddlemen Track CF, TechSpecs, Morimoto Mini HID Retrofit
Snowman1985 is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Triumph675.Net Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode


Forum Jump

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

 
For the best viewing experience please update your browser to Google Chrome