vBulletin Security Bulletin: Account Passwords

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin Security Bulletin: Account Passwords

    I received this bulletin today from vBulleting:


    vBulletin Security eBulletin
    http://www.vbulletin.com/
    November 5th, 2015

    * Password Reset
    * Your License Information
    * Contact Us

    ------ Password Reset ------

    We take your security and privacy very seriously. Very recently, our security team discovered a sophisticated attack on our network. Our investigation indicates that the attacker may have accessed customer IDs and encrypted passwords on our systems.

    We have taken the precaution of resetting your account passwords - both for the forums and the members area. We have also reset the members area security question. We apologize for any inconvenience this has caused but felt that it was necessary to help protect your account.

    To regain access to your account:

    * Click the forgot password link on the login page.
    * Enter your account e-mail [or other details as requested] and an e-mail will be sent to you.
    * Open the email and follow the instructions to set your new password.

    Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you choose a password that you are not using on any other sites.


    GOLDWING AND F6B MAINTENANCE VIDEOS
    Save $1000 a year in labor by doing your own maintenance!

    Website | YouTube | 2001-2017 Videos | 2018+ Videos


  • #2
    Are you saying we need to change our forum passwords?

    Comment: (For off-topic replies)


    • #3
      Chris,

      Are you sure that is a legitimate message from V Bulletin or some kind of malware?

      I closed my account, and started a new sign on. I entered my sign on ID, and clicked on forgot password. I clicked on forgot password and when the next page opened I entered my email address and requested a new temp password. A message said I would receive a message.

      I never received any message and a couple of hours passed.

      I signed on again with my old password and everything seems normal.

      What's going on here? Were you and by extension we scammed?
      Harvey Barlow
      Crosby County, TX
      2010 Goldwing Level II Pearl Yellow (sold at 93,000 miles)
      2014 Goldwing Level II Pearl Blue (sold at 27,000 miles to forum member)

      Comment: (For off-topic replies)


      • #4
        If this was true, we wouldn't have logged in successfully.
        2008 Red GW1800 -- NRA Life Member - American Legion PUFL, American Legion Riders
        USMC 21 YRS/9 MO and when dead, a dead Marine.
        US Four Corner Ride https://clayusmcret.blogspot.com/
        2014 Mid-States Ride https://mid-states.blogspot.com/
        2015 NC to UT/NV Ride https://2015nvride.blogspot.com/

        50th State ridden on 19 Aug, 2016 DS #1584

        Comment: (For off-topic replies)


        • #5
          I suspect it was a bogus malware message or v bulletin had it screwed up.

          I either never received a password reset message as the site stated I would or, and this might be significant, the message was screened and rejected by my security software and ended up in my spam folder where I deleted it in a group of spam messages without looking at what was there.
          Harvey Barlow
          Crosby County, TX
          2010 Goldwing Level II Pearl Yellow (sold at 93,000 miles)
          2014 Goldwing Level II Pearl Blue (sold at 27,000 miles to forum member)

          Comment: (For off-topic replies)


          • #6
            Chris...did you figure this out yet...Do we need to do anything???

            John
            John - Richmond 2013 GL1800, Level 3

            Comment: (For off-topic replies)


            • #7
              Originally posted by JGDJR View Post
              Chris...did you figure this out yet...Do we need to do anything???

              John
              I recommend going to User Settings / Accounts every couple months and changing your password on a routine basis. NEVER do so when notified by an email with the suggestion to use the link provided. Chris got phished. If he had fallen for it, they'd own his account by now.
              2008 Red GW1800 -- NRA Life Member - American Legion PUFL, American Legion Riders
              USMC 21 YRS/9 MO and when dead, a dead Marine.
              US Four Corner Ride https://clayusmcret.blogspot.com/
              2014 Mid-States Ride https://mid-states.blogspot.com/
              2015 NC to UT/NV Ride https://2015nvride.blogspot.com/

              50th State ridden on 19 Aug, 2016 DS #1584

              Comment: (For off-topic replies)


              • HBarlow
                HBarlow commented
                Editing a comment
                Good advice worth remembering.

            • #8
              I checked the email headers before posting this and it was definitely from vBulletin. I also checked their support forum and found similar information. However, I have not been prompted to change my password.
              GOLDWING AND F6B MAINTENANCE VIDEOS
              Save $1000 a year in labor by doing your own maintenance!

              Website | YouTube | 2001-2017 Videos | 2018+ Videos

              Comment: (For off-topic replies)


              • #9
                Originally posted by Cruiseman View Post
                I checked the email headers before posting this and it was definitely from vBulletin. I also checked their support forum and found similar information. However, I have not been prompted to change my password.
                So one of the vBulletin moderators got phished....and fell for it. Otherwise, we all would have been subjected to forced password resets by now.
                2008 Red GW1800 -- NRA Life Member - American Legion PUFL, American Legion Riders
                USMC 21 YRS/9 MO and when dead, a dead Marine.
                US Four Corner Ride https://clayusmcret.blogspot.com/
                2014 Mid-States Ride https://mid-states.blogspot.com/
                2015 NC to UT/NV Ride https://2015nvride.blogspot.com/

                50th State ridden on 19 Aug, 2016 DS #1584

                Comment: (For off-topic replies)


                • #10
                  The fact that they said that encrypted passwords were hacked was a red flag to me. They should be salted and hashed passwords. Are our passwords really stored encrypted, or hashed?
                  Costa Mesa, CA
                  2012 RED GL1800

                  Comment: (For off-topic replies)

                  Sorry, you are not authorized to view this page

                  Related Topics

                  Collapse

                  Working...
                  X