All forums user should reset their password

Chat about anything related to Linux Mint
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
The-Wizard

Re: All forums user should reset their password

Post by The-Wizard »

Da_Thunderbird wrote:
I'm with Marke, and so pissed that I used my real email that I removed Mint from computers as it cannot be trusted.


Don't forget to throw away your sony devices. Their web site was hacked too.
and anyone on this list http://www.itproportal.com/2016/02/18/t ... s-of-2015/

wizard
User avatar
Schultz
Level 9
Level 9
Posts: 2940
Joined: Thu Feb 25, 2016 8:57 pm

Re: All forums user should reset their password

Post by Schultz »

The date of the hack should have been put in the email to avoid confusion. I thought it was hacked again until I read clem's first post in this thread.
Sector11

Re: All forums user should reset their password

Post by Sector11 »

Well, the only safe computer is one that has never been turned on, or if it has, has access to the net CUT at the source before going online. :D

LinuxMint is fine, the forums are OK as well. Read the OP.
knten

Re: All forums user should reset their password

Post by knten »

Well that's some bad news but at least it'll take trillions of years to brute force that password they got. I hope none of you were still running password1. :lol:
don250r

Re: All forums user should reset their password

Post by don250r »

Wow, i cant believe some people are equating the forum hack, with poor security in LM.
The forums(servers) are totally unrelated to LM OS.
The hacked ISOs could have been a problem for the unlucky few that downloaded them.
LM was just the target this time, any other distribution will be next :D
Dooteriah

Re: All forums user should reset their password

Post by Dooteriah »

Many Thanks for this Info! My PW is changed.
So stay cool and hanging up the hackers! :evil: :evil: :mrgreen:
Ark987

Re: All forums user should reset their password

Post by Ark987 »

Thanks for taking the time to notify users about this. Now let's apply defense in depth!
akino17

Re: All forums user should reset their password

Post by akino17 »

im not familiar with this site https://haveibeenpwned.com/ can u explain more.
User avatar
Moem
Level 22
Level 22
Posts: 16238
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: All forums user should reset their password

Post by Moem »

The site itself does that quite nicely:
https://haveibeenpwned.com/About
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
User avatar
Radish
Level 4
Level 4
Posts: 320
Joined: Sun May 12, 2013 11:20 pm

Re: All forums user should reset their password

Post by Radish »

Regarding my problem with "Topic reply notification" emails from Mint Forums going into Junk in ThunderBird and trying to train TB to not put them there. Yesterday I had a brainwave and went to look at what was happening in my actual Hotmail email account.

It turned out the emails being classed as Junk was happening at Hotmail itself. So I adjusted my settings at Hotmail for "Safe Senders" by adding the domain "linuxmint.com" into that list. As soon as I did that my "Topic reply notification" emails started arriving in my inbox again. Problem solved, great!

However, funny thing is that in the Safe Senders list I already had entries for "forums@linuxmint.com" and "admin@linuxmint.com" there. So I'm kind of scratching my head as how those two entries didn't guarantee that the notification emails went to my Inbox after the new forum went online. Why did I (eventually) have to add the domain linuxmint.com to the list to get the emails delivered into my Inbox after the new forum went online? Mmm...

Never mind, problem solved. Thanks for the responses. :)
Mint 17.3 x64 Cinnamon - Rosa
When stating what version of Mint you are using remember to include the "Edition". Is it "Cinnamon", "Mate", "KDE" or "XFCE"? This helps others help you.
Rollem
Level 1
Level 1
Posts: 20
Joined: Mon Jun 09, 2014 6:22 am

Re: All forums user should reset their password

Post by Rollem »

Perhaps in future the password contraints could be modified to allow the most secure passwords (xkcd style)
nuiq2

Re: All forums user should reset their password

Post by nuiq2 »

Just for info for all of you, I am a customer of Lifelock, an identity theft protection service. They just informed me that some of my data had been detected on another website for sale. It turned out to be my current email address and my forum username. I changed both my email and forum passwords. I like to check my passwords with “thepasswordmeter dot com” and “howsecureismypassword dot net” and both my password strengths should take between 4000 and 344000 years to crack. Anyway, the breach was real and the hackers did obtain data which they are trying to sell.
coolmanoh

Re: All forums user should reset their password

Post by coolmanoh »

In reference to recent email advising that
The Linux Mint forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted (hashed and salted) copy of your password from the forum database.
that password that was compromised--was it the password for this forum or for my email?
User avatar
xenopeek
Level 25
Level 25
Posts: 29531
Joined: Wed Jul 06, 2011 3:58 am

Re: All forums user should reset their password

Post by xenopeek »

That's the password for this forum. If you used the same password for other websites or for your email, you should change your password there as soon as possible. Use unique passwords.

Read the FAQ in the first post of this topic again though; attackers might be able to use brute-force to guess your password for this website but they can't decrypt it (the amount of time needed for brute-force guessing depends on the complexity of your password).
Image
killer de bug

Re: All forums user should reset their password

Post by killer de bug »

I have still not received the email. Should I consider that it has been blocked or that I will receive it later?
I mean I don't really care about receiving this email, because I'm well aware of the situation. I care more if 30 or 50% of the users are not receiving the notification...

:?
English Invader
Level 4
Level 4
Posts: 247
Joined: Thu Apr 23, 2015 11:53 am

Re: All forums user should reset their password

Post by English Invader »

killer de bug wrote:I have still not received the email. Should I consider that it has been blocked or that I will receive it later?
I mean I don't really care about receiving this email, because I'm well aware of the situation. I care more if 30 or 50% of the users are not receiving the notification...

:?
I didn't get an e-mail either. When I visited the forum for the first time after it went back online, I got a message saying I couldn't access the forum until I changed my password.
Duke49th

Re: All forums user should reset their password

Post by Duke49th »

Gosh...I use this password for many forums. Nothing with sensible informations I guess...but at least for forums.

What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).

I would guess it takes up to a couple of yers to brute force just one of such a password...?

Im lazy to change all my accounts. I really cant use a unique password on everything....heck...where shall I write this down? Writing down passwords is stupid...isnt it?

Edit: Just for the case (I alredy received an PM :D ) I already use several passwords minimum 11 chars long in combination with several email accounts.

Its just that I use this one from here on several forums. I already changed my email, password and password to some other sites that I use this email together with this password.

I now change everything within the next upcoming days. I use keepass now and generate better passwords. Worst case would be to lose the database lol...

Goodbye good ol' "Im feeling safe with 10-15 char long passwords" :(

This is the 3rd security breach on a website were Im a member in 2 month......that one day when I will have such a cracker kid infront of me :evil:
killer de bug

Re: All forums user should reset their password

Post by killer de bug »

Duke49th wrote: What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).
Remotely, I would not bet on more than a few days. :wink:
User avatar
Moem
Level 22
Level 22
Posts: 16238
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: All forums user should reset their password

Post by Moem »

Duke49th wrote:Writing down passwords is stupid...isnt it?
No. Especially not if you keep it in a hidden place (like inside a book that's stored with 500 other books and only you know that it's in that one) and if it allows you to use different passwords. Reusing passwords is stupid.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
BigEasy
Level 6
Level 6
Posts: 1282
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: All forums user should reset their password

Post by BigEasy »

Duke49th wrote:What you guys would say? 11 characters, uper/lower case, numbers and special characters (like !#?§ and so on).
Sorry, that password is already in use! :twisted: :lol:
https://www.youtube.com/watch?v=MZrdrfdAl44
Windows assumes I'm stupid but Linux demands proof of it
Locked

Return to “Chat about Linux Mint”