All forums user should reset their password

Chat about anything related to Linux Mint
richard-g8jvm
Level 3
Level 3
Posts: 163
Joined: Fri Jul 26, 2013 12:46 pm

accounts hacked ????

Post by richard-g8jvm » Mon Feb 29, 2016 5:12 pm

Hi I got a message from admin@linuxmint.com saying the forum had been hacked and user data had been compromised.

Fact or a phising exercise ????.
I used my normal login
Sorry to post here

Richard

User avatar
karlchen
Level 20
Level 20
Posts: 10829
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: accounts hacked ????

Post by karlchen » Mon Feb 29, 2016 5:23 pm

Hello, Richard.

Seems as if you may have missed the forum announcements:
Linux Mint Forums Back After Double Attack
All forums user should reset their password
and a number of various threads on the same topics.

Cheers,
Karl
Image
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.22a 64-bit
Ubuntu 18.04.2 32-bit Mate Desktop, Total Commander 9.22a 32-bit
Windows? - 1 window in every room

User avatar
Moem
Level 18
Level 18
Posts: 8869
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: accounts hacked ????

Post by Moem » Mon Feb 29, 2016 5:23 pm

Fact. Please read the existing threads on the subject. For example: the very first thread in the very first section of the forum.
viewtopic.php?f=143&t=217298
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

unixlover0
Level 1
Level 1
Posts: 13
Joined: Thu Sep 13, 2012 1:52 pm

cracked account prevention (offtopic)

Post by unixlover0 » Mon Feb 29, 2016 5:51 pm

Can I change my e-mail address or delete my current account? After the last news about "external attacker" I feel bad and vulnerable... like never before (even if my passwords were always weak).

User avatar
karlchen
Level 20
Level 20
Posts: 10829
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: cracked account prevention (offtopic)

Post by karlchen » Mon Feb 29, 2016 6:05 pm

Image
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.22a 64-bit
Ubuntu 18.04.2 32-bit Mate Desktop, Total Commander 9.22a 32-bit
Windows? - 1 window in every room

Cosmo.
Level 23
Level 23
Posts: 17827
Joined: Sat Dec 06, 2014 7:34 am

Re: cracked account prevention (offtopic)

Post by Cosmo. » Mon Feb 29, 2016 6:11 pm

Short answer: You can change your e-mail address. You will get a confirmation mail in this case.
You cannot delete your account, ask a board admin for that.

Some more: You feel vulnerable this is understandable. But are you less vulnerable if you leave the forum? No.

Where ever you go in the Internet you might get a victim of an attacker. If you feel vulnerable there is only one choice: Disconnect from the Internet, finish your contract with your Internet Service Provider (ISP).

The team has worked hard and has taken measurements to prevent this to happen again. This is no guarantee for all future, because such a guarantee cannot be given.

What you really should do is explained in the linked post: Most importantly change your password on every resource where you might have used as for this forum (what is a bad habit in any case).

You might explain in more detail, why you feel vulnerable and why you believe, that deleting the account would help you to feel better. Perhaps we are able to give you some helpful answers.

Mardukk
Level 1
Level 1
Posts: 1
Joined: Wed Dec 29, 2010 8:43 am

Re: All forums user should reset their password

Post by Mardukk » Mon Feb 29, 2016 6:15 pm

Thanks, Clem. :D

momist
Level 3
Level 3
Posts: 191
Joined: Mon May 21, 2012 3:30 pm
Location: Lancashire, Northwest England

Re: All forums user should reset their password

Post by momist » Mon Feb 29, 2016 6:39 pm

Thanks for the heads up. Thankfully, my password was a complex random one unique to this site. Not all my passwords elsewhere are though - I have some work to do.
momist : a follower of the Greek god Momer.

User avatar
The-Wizard
Level 12
Level 12
Posts: 4071
Joined: Fri Jan 28, 2011 3:12 pm
Location: Bedforshire, ENGLAND

Re: cracked account prevention (offtopic)

Post by The-Wizard » Mon Feb 29, 2016 6:41 pm

I have changed my password [well i would not be here otherwise] After reading Clems post I ran both my user name and e-mail through https://haveibeenpwned.com as he suggested, my e-mail was clean but my user name wasn't :roll: , it showed 1 attack, now my password has been changed I am not worried as I only use this handle on this forum. :lol:

wizard
The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place.

richard-g8jvm
Level 3
Level 3
Posts: 163
Joined: Fri Jul 26, 2013 12:46 pm

Re: accounts hacked ????

Post by richard-g8jvm » Mon Feb 29, 2016 7:06 pm

OK I MISSED IT !!
I clicked on notifications and nothing
I'll disappear for a few more months

Sky-Aisling
Level 1
Level 1
Posts: 6
Joined: Wed Feb 10, 2016 12:08 pm

Re: All forums user should reset their password

Post by Sky-Aisling » Mon Feb 29, 2016 7:13 pm

Where on this forum do I edit my password?

ygog
Level 1
Level 1
Posts: 5
Joined: Tue Jan 11, 2011 1:11 pm
Location: Wales

security

Post by ygog » Mon Feb 29, 2016 7:16 pm

Hi,
If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts
I have used the same `email address" for other sites but Not the same password ; the fact that they ,the hackers, have my email address , does
this pose a security threat for me and what should I do ? Should I change all my passwords ?
ygog

LaughterOnWater
Level 1
Level 1
Posts: 1
Joined: Sat Jan 23, 2016 2:07 pm

Re: All forums user should reset their password

Post by LaughterOnWater » Mon Feb 29, 2016 7:22 pm

Thanks for a reasonable response and an understandable email.
I've changed my password, though it's 20-character random and unique to this site.

I like KeePass as a password protector/generator. It's cross-platform. You can keep the main file on dropbox and a unique key file outside of dropbox on your windows, mac, ios or android machine, along with a password, acting a little like a physical two-factor authorization. Without the key file (not on dropbox) and the password, you can't get in.

(No I don't work for KeePass.)

Cosmo.
Level 23
Level 23
Posts: 17827
Joined: Sat Dec 06, 2014 7:34 am

Re: All forums user should reset their password

Post by Cosmo. » Mon Feb 29, 2016 7:23 pm

Sky-Aisling wrote:Where on this forum do I edit my password?
You find this described here.
Last edited by karlchen on Mon Feb 29, 2016 7:27 pm, edited 1 time in total.
Reason: added quote as a different post had been inserted inbetween question and answer

Sky-Aisling
Level 1
Level 1
Posts: 6
Joined: Wed Feb 10, 2016 12:08 pm

Re: All forums user should reset their password

Post by Sky-Aisling » Mon Feb 29, 2016 7:30 pm

Thank you, Cosmo.

User avatar
karlchen
Level 20
Level 20
Posts: 10829
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: security

Post by karlchen » Mon Feb 29, 2016 7:32 pm

Hello, ygog.

As you did already use different passwords for different websites, you are on the safe side. As safe as a carp fish can be in a sea of sharks.
The worst thing which might happen is that your e-mail account will receive more spam in the near future.
You may check whether your e-mail address is on the "Have I been pwned" list. Though not being on the list does not give you any warranty either.

Cheers,
Karl
Image
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.22a 64-bit
Ubuntu 18.04.2 32-bit Mate Desktop, Total Commander 9.22a 32-bit
Windows? - 1 window in every room

ygog
Level 1
Level 1
Posts: 5
Joined: Tue Jan 11, 2011 1:11 pm
Location: Wales

Re: security

Post by ygog » Mon Feb 29, 2016 7:42 pm

Hello karlchen ,

Many thanks for your prompt reassurance.

ygog.

Krzychu
Level 2
Level 2
Posts: 69
Joined: Sat Mar 01, 2014 9:14 pm

Re: All forums user should reset their password

Post by Krzychu » Mon Feb 29, 2016 8:07 pm

Thanks for email. It was in my junk folder, but I check it anyway so no problem for me. I hope other people check it too...

bperrybap
Level 1
Level 1
Posts: 4
Joined: Mon Jul 04, 2011 12:39 am

Re: All forums user should reset their password

Post by bperrybap » Mon Feb 29, 2016 8:21 pm

Is there some kind of MITM being used to access the forum?
If I go to user control panel->[Profile]->Manage "Remember Me" login keys.

The IP address reported is usually but not always, not my IP address.
The one I keep seeing is: 185.93.229.8 which is registered to Sucuri Inc. and is definitely not my IP address.

I do see older logins where the IP address matched my IP address.

--- bill

ren7
Level 1
Level 1
Posts: 6
Joined: Mon Jan 05, 2015 8:35 am

Re: All forums user should reset their password

Post by ren7 » Mon Feb 29, 2016 8:39 pm

Thanks to all involved in sorting this problem.

@Radish
The greater number of links in the topic reply email compared to the password change email may have increased the apparent spammyness in the "opinion" of the Bayesian filter. Regardless, Cosmo's advice seems worthy.

Kind regards,
Ren7

Post Reply

Return to “Chat about Linux Mint”