Privacy concerns?

FlightlessDuck

FlightlessDuck

Y kant Donald fly?
Joined
Jun 20, 2006
So did this hacker who took over the boards over the weekend of Easter get emails, passwords, etc? Are passwords encrypted?

I think regardless, everyone should make sure to change their password both on this site and anywhere else they use that same password (which you shouldn't do).
 


This must be why dis was down. Thank you all. Not sure I know how to change password but will go and try.
 
AnnaS said:
This must be why dis was down. Thank you all. Not sure I know how to change password but will go and try.
Click to expand...
click your profile icon and there is a "password and security link".. worse case sign- out and say you forgot password to reset
 
I changed my password. I also changed a couple of websites that had the same email/password combinaion :scared::bitelip:. It was something that had been on my "to-do list" since I installed 1Password on all my devices a couple of months ago. Now, 1Password and I are both happy. I appreciate that passwords were not compromised, but I feel safer changing everything.
 


I had suspicion that it was a compromised user account, based on the activity that was taking place (gradual deletion of threads, which eventually led to the entire board getting wiped). If it were a true data breach (where password compromise was in question), then the entire server would have likely gone offline. Calling this a "breach" or a "hack" would be false, since it was just a single user account that was compromised, probably due to a weak or re-used password.

XenForo encrypts all passwords by default, and I highly doubt the user who gained unauthorized access was smart enough (or had the resources) to decrypt the database(s) XenForo runs off of.

Always a good idea to change your passwords every 30 days, though. LastPass is a great service for reminding you to do so.

Disclaimer: I do not work for the Dis, but have 10+ years experience as an IT system administrator.
 
Last edited:
EpcotPhoenician said:
I had suspicion that it was a compromised user account, based on the activity that was taking place (gradual deletion of threads, which eventually led to the entire board getting wiped). If it were a true data breach (where password compromise was in question), then the entire server would have likely gone offline. Calling this a "breach" or a "hack" would be false, since it was just a single user account that was compromised, probably due to a weak or re-used password.

XenForo encrypts all passwords by default, and I highly doubt the user who gained unauthorized access was smart enough (or had the resources) to decrypt the database(s) XenForo runs off of.

Always a good idea to change your passwords every 30 days, though. LastPass is a great service for reminding you to do so.

Disclaimer: I do not work for the Dis, but have 10+ years experience as an IT system administrator.
Click to expand...
Correct
 
EpcotPhoenician said:
ICalling this a "breach" or a "hack" would be false, since it was just a single user account that was compromised, probably due to a weak or re-used password.
Click to expand...

I'm glad the attacker didn't have access to the database, and that passwords are not in clear text . But, getting access to an account that doesn't belong to you is still a security breach, regardless of how pedantic you want to get over use of the word "hack".
 
FlightlessDuck said:
I'm glad the attacker didn't have access to the database, and that passwords are not in clear text . But, getting access to an account that doesn't belong to you is still a security breach, regardless of how pedantic you want to get over use of the word "hack".
Click to expand...
I agree to this as well
 
FlightlessDuck said:
I'm glad the attacker didn't have access to the database, and that passwords are not in clear text . But, getting access to an account that doesn't belong to you is still a security breach, regardless of how pedantic you want to get over use of the word "hack".
Click to expand...

I should note that this isn't a coding issue or anything. The webmasters weren't responsible for this. It's just one of those things. Like when somebody else gets a hold of your credit card or whatever.
 
Sooo...they just got one user's password? Or one of the admin accounts password? If the former, I guess that raises the question of why can someone getting one user's password somehow bring the entire site down for 2 days? What kind of power do our accounts secretly have!!??
 
Wiltony said:
Sooo...they just got one user's password? Or one of the admin accounts password? If the former, I guess that raises the question of why can someone getting one user's password somehow bring the entire site down for 2 days? What kind of power do our accounts secretly have!!??
Click to expand...

They must have gotten an administrator's password, meaning they either responded to a phishing scam, or use the same id/password in another service that was compromised. I would hope all administrators have multifactor enabled.
 
Zimwicket said:
They must have gotten an administrator's password, meaning they either responded to a phishing scam, or use the same id/password in another service that was compromised. I would hope all administrators have multifactor enabled.
Click to expand...

One would think that would be a requirement, especially for a business. Apparently they do not.

Let this be a reminder: MICKEY is not a safe password. Nor is Goofy, Walt, Donald, WDW, WaltDisneyWorld, Disneyworld, Disneyland, 123456, 12345678, password, abc123, qwerty, princess, letmein, baseball, football, monkey, computer, OR any of the previous with a '1' on the end.... :rotfl2:
 
Bianca and Bernard said:
One would think that would be a requirement, especially for a business. Apparently they do not.

Let this be a reminder: MICKEY is not a safe password. Nor is Goofy, Walt, Donald, WDW, WaltDisneyWorld, Disneyworld, Disneyland, 123456, 12345678, password, abc123, qwerty, princess, letmein, baseball, football, monkey, computer, OR any of the previous with a '1' on the end.... :rotfl2:
Click to expand...

And your password should be at least 8 characters. So MickeMinnieGoofyDonaldPlutoHeweyDeweyLouie works ;)
 
You must log in or register to reply here.

Share this page


GET A DISNEY VACATION QUOTE

Dreams Unlimited Travel is committed to providing you with the very best vacation planning experience possible. Our Vacation Planners are experts and will share their honest advice to help you have a magical vacation.

Let us help you with your next Disney Vacation!


New DISboards Threads

C
Water slide camera for action pictures?
Replies
0
Views
86
CTCruiser221
C
Sith
A few questions in regards to sending my son and his girlfriend to Disneyland without me
Replies
1
Views
162
starry_solo
starry_solo
M
AC on Pirates
Replies
0
Views
112
Mar_613
M
gregf71
Paseo?! Has anyone been yet?!
Replies
0
Views
112
gregf71
gregf71
M
ABD vs DCL
Replies
3
Views
161
Bad Pink Tink 2.0
Bad Pink Tink 2.0
S
What percentage of owners are membership extras eligible?
Replies
1
Views
159
DisTravels
DisTravels
NEWS & UPDATES



Latest posts







facebook twitter
Top