Staff Patrick Connor Posted April 14, 2023 Author Staff Share Posted April 14, 2023 30 minutes ago, 1stn00b said: So was this a case of "1234" password on administrator account or a social engineering attack ? The admin password on the account in question was a random mix of upper and lower case letters and numbers, which the account holder had thought was unique to the forum account but was actually shared with another website who suffered a cyber attack. We have only discovered the shared nature of that password since the attack. We do take data protection seriously but this has shown up some weaknesses that we are addressing. Sorry again henryg 1 Quote Patrick Connor Serif Europe Ltd Latest V2 releases on each platform Help make our apps better by joining our beta program! "There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self." W. L. Sheldon Link to comment Share on other sites More sharing options...
Archangel Posted April 14, 2023 Share Posted April 14, 2023 This is unacceptable. Although I blame the hackers more than Serif for the attack. Security online is a minefield of problems, It is scary. Quote Link to comment Share on other sites More sharing options...
jmwellborn Posted April 14, 2023 Share Posted April 14, 2023 I was one of the umpteen million people whose ADOBE accounts were hacked several years ago, including every bit of our information. Had no idea until several WEEKS after the breach when I was finally notified. Then we were offered a bandaid approach “in case,” plus the suggestion that we watch our bank accounts for an extended period. Serif has notified us almost immediately with detailed information. Just another very important reason why Serif has my unequivocal vote for One in a Million! Thank you for letting us know so speedily. Hopefully we will all watch our P’s and Q’s and send the bad guys to Junk/Trash. MikeTO, Patrick Connor, stokerg and 6 others 8 1 Quote 24" iMAC Apple M1 chip, 8-core CPU, 8-core GPU, 16 GB unified memory, 1 TB SSD storage, Ventura 13.6. Photo, Publisher, Designer 1.10.5, and 2.3. MacBook Pro 13" 2020, Apple M1 chip, 16GB unified memory, 256GB SSD storage, Ventura 13.6. Publisher, Photo, Designer 1.10.5, and 2.1.1. iPad Pro 12.9 2020 (4th Gen. IOS 16.6.1); Apple pencil. Wired and bluetooth mice and keyboards. Link to comment Share on other sites More sharing options...
v_kyr Posted April 15, 2023 Share Posted April 15, 2023 8 hours ago, Patrick Connor said: The admin password on the account in question was a random mix of upper and lower case letters and numbers, ... Which is usually a common feasible practise for passwords with a length of >= 12, though mixing in also some special characters additionally to that scheme, is even better. 8 hours ago, Patrick Connor said: ... which the account holder had thought was unique to the forum account but was actually shared with another website who suffered a cyber attack. ... Well, that's the unfortunate point here and probably a good example for people in general, why not to (re)use one and the same pwd among multiple sites. Though honestly that's also of no absolute protection, since in IT there generally doesn't exist something like an absolute for sure granted protection. Unfortunately, there are always ways and means to compromise IT systems in one way or another. In short, nobody is really protected from something like that and unfortunately it can happen to anyone in IT at any time (...one of Murphy's laws)! jmwellborn and Patrick Connor 2 Quote ☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan ☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2 Link to comment Share on other sites More sharing options...
CH Trippe Posted April 15, 2023 Share Posted April 15, 2023 Thank you! Patrick Connor 1 Quote Link to comment Share on other sites More sharing options...
iuli Posted April 15, 2023 Share Posted April 15, 2023 First off, thank you for being once again completely transparent with the community. In these crazy times when thieves use more and more sophisticated means to scam, no one is safe. Who made the mistake or how is irrelevant; it can happen to anyone. What’s important is that we’re now aware of the attack and its possible fallout. Secondly, I don’t know about other members but in 9 days since the cyber-attack took place, personally I see no spam/ phishing attempts. Of course I’ll continue to monitor my email activity for any possible fraudulent attempt — but so far so good. Regards. jmwellborn and Patrick Connor 1 1 Quote StudioLink 256gb 11’ M1 iPad Pro iPadOS 17 Public Beta 1 iPad Magic Keyboard Link to comment Share on other sites More sharing options...
ShelvsHOTpencil Posted April 16, 2023 Share Posted April 16, 2023 Why are you storing the IP address of users? Quote Link to comment Share on other sites More sharing options...
MichaDE Posted April 16, 2023 Share Posted April 16, 2023 3 hours ago, ShelvsHOTpencil said: Why are you storing the IP address of users? Patrick answered the question earlier here: On 4/13/2023 at 1:53 PM, Patrick Connor said: (…)we use the IP address history to keep spamming to minimum Patrick Connor 1 Quote Greetings from Germany Micha Please excuse my bad english. I learned it at school over thirty years ago. If you don't use it (regularly), you'll loose it. Windows 10 & iPadOS: Affinity Suite (v1 and v2), all Workbooks (v1, german language), some content-packages Link to comment Share on other sites More sharing options...
Staff Patrick Connor Posted April 16, 2023 Author Staff Share Posted April 16, 2023 It was only because of the IP address tools that this breach was discovered, as the hacker had tried to break into 3 other staff accounts before that morning. Without the IP address we may not have found the breach. The IP address storage is also a core feature of the spam defense of these off the shelf forums, and not something that we can avoid Quote Patrick Connor Serif Europe Ltd Latest V2 releases on each platform Help make our apps better by joining our beta program! "There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self." W. L. Sheldon Link to comment Share on other sites More sharing options...
Affinityconfusesme Posted April 16, 2023 Share Posted April 16, 2023 I am in cybersecurity also and I find that 2fa is very effective tool against account cracking. It would have prevented this attack. Quote Lenovo IdeaPad 5 Ryzen 7 5700U Rx Vega 8 graphics 16GB RAM (15.3 usable) Acer KB202 27in 1080p monitor Affinity Photo 1.10.6 Affinity photo 2 2.4.2 Affinity Designer 2 2.4.2 Affinity Publisher 2 2.4.2 on Windows 11 Pro version 23H2 Beta builds as they come out. canon 80d| sigma 18-200mm F3.5-6.3 DC MACRO OS HSM | Tamron SP AF 28-75mm f/2.8 XR Di LD | Canon EF-S 10-18mm f/4.5-5.6 IS STM Autofocus APS-C Lens, Black Link to comment Share on other sites More sharing options...
Guest Posted April 17, 2023 Share Posted April 17, 2023 On 4/13/2023 at 9:54 PM, Patrick Connor said: Technically perhaps they could access the database, but the admin logs and other security logs are very clear and show us that was not done, NO passwords were compromised. Furthermore, even if they had accessed the DB (and they did not) all passwords are hashed (not stored in plain text) so useless to a hacker. Hello Patrick, there are two related but different issues here, (a) how your systems were compromised and (b) the impact to forum users based on our knowledge of what data was accessed. Would Affinity be sharing more details on exactly how the attacker was able to compromise your services, and what services were breached? I'm still not very clear about your statement - if they could access your database then they were already deep inside your systems. Your SIEM services that manage your audit logs themselves may have been subject to other types of changes, i.e., it may not be possible to tell authoritatively whether password hashes or other data such as credit card details were indeed accessed, or were not accessed, just by looking at your admin and security logs. Second, with regards to the impact on forum users, there would be a problem if users have reused passwords, whether or not password hashes were accessed. Most folks tend to reuse the same email address & password combinations (against good security hygiene) simply because it's convenient. This is not so much your issue, but a general comment on the state of cybersecurity hygiene today. Thanks! -Sam Quote Link to comment Share on other sites More sharing options...
Affinityconfusesme Posted April 17, 2023 Share Posted April 17, 2023 they has the same kind of hack that colonial pipeline had in 2021 just google it. Quote Lenovo IdeaPad 5 Ryzen 7 5700U Rx Vega 8 graphics 16GB RAM (15.3 usable) Acer KB202 27in 1080p monitor Affinity Photo 1.10.6 Affinity photo 2 2.4.2 Affinity Designer 2 2.4.2 Affinity Publisher 2 2.4.2 on Windows 11 Pro version 23H2 Beta builds as they come out. canon 80d| sigma 18-200mm F3.5-6.3 DC MACRO OS HSM | Tamron SP AF 28-75mm f/2.8 XR Di LD | Canon EF-S 10-18mm f/4.5-5.6 IS STM Autofocus APS-C Lens, Black Link to comment Share on other sites More sharing options...
Catshill Posted April 17, 2023 Share Posted April 17, 2023 10 hours ago, Guest said: Would Affinity be sharing more details on exactly how the attacker was able to compromise your services, and what services were breached? For their own security I would desperately hope not. Quote Link to comment Share on other sites More sharing options...
Staff Patrick Connor Posted April 17, 2023 Author Staff Share Posted April 17, 2023 34 minutes ago, BofG said: Can you elaborate on this?... Many peoples email addresses have been leaked in the past (See HaveIBeenPwned.com to see if your email or passwords have been compromised). I suspect they came with a list of @serif.com email addresses and previously compromised passwords to see if they also gave access to the Affinity Forum accounts for those staff. 3 other accounts were tried and failed from the same IP address in the 10 minutes before the breach (these 3 accounts all locked after 3 failed password attempts). On the 4th staff account one of the compromised passwords seems to have got them access in less than 3 attempts. With 3 failed attempts and lock (true of all accounts here) this forum cannot suffer from a brute force attack. We have now implemented 2 factor authentication so a user cannot access an admin or moderator account without access to the authenticator application or to the actual email account of that address. iuli and Catshill 2 Quote Patrick Connor Serif Europe Ltd Latest V2 releases on each platform Help make our apps better by joining our beta program! "There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self." W. L. Sheldon Link to comment Share on other sites More sharing options...
Staff Patrick Connor Posted April 17, 2023 Author Staff Share Posted April 17, 2023 10 hours ago, Guest said: Would Affinity be sharing more details on exactly how the attacker was able to compromise your services, and what services were breached? No All the information is in this thread. I have held nothing back, 10 hours ago, Guest said: if they could access your database then they were already deep inside your systems. No, that is not how these forums work. They are hosted on their own servers with accounts 100% independent from any other systems. 10 hours ago, Guest said: it may not be possible to tell authoritatively whether password hashes or other data such as credit card details were indeed accessed, or were not accessed, just by looking at your admin and security logs The forums do not store any credit card details, as I explained repeatedly, and this is unhelpful to suggest we are missing something from the comprehensive admin logs which we have studied in detail before submitting our official completed report to the ICO. 10 hours ago, Guest said: Second, with regards to the impact on forum users, there would be a problem if users have reused passwords, whether or not password hashes were accessed. Most folks tend to reuse the same email address & password combinations (against good security hygiene) simply because it's convenient. This is not so much your issue, but a general comment on the state of cybersecurity hygiene today. Agreed, hence us telling all users by email, as this is effectively how they gained access to our forums in the first place. Bob 1 Quote Patrick Connor Serif Europe Ltd Latest V2 releases on each platform Help make our apps better by joining our beta program! "There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self." W. L. Sheldon Link to comment Share on other sites More sharing options...
AiDon Posted April 17, 2023 Share Posted April 17, 2023 I would like to say thanks for letting us know that it happened and the data that may have been compromised. IP addresses are no issue as your provider will allocate a new fixed IP if necessary but I always recommend dynamic, as for the email it just adds to the spam. Once again thanks to Affinity for coming forward and warning us of this compromise. Seneca and iuli 2 Quote Both PC’s Win 11 x64 System with Intuos Pen & Touch PC1 ASUS ROG Strix - AMD Ryzen 9 6900X CPU @ 3.3GHz. 32GB RAM- GPU 1: AMD Radeon integrated. GPU 2: NVIDIA RTX 3060, 6GB PC2 HP Pavilion - Intel® Core™ i7-7700HQ CPU @ 2.80GHz (8 CPUs), 16GB RAM - GPU 1: Intel HD Graphics 630, GPU 2: NVIDIA GTX1050, 4GBiPad (8th Gen) 2020 Link to comment Share on other sites More sharing options...
Inkipolony Posted April 17, 2023 Share Posted April 17, 2023 I shall change the email address for a start. Patrick Connor 1 Quote Link to comment Share on other sites More sharing options...
ShelvsHOTpencil Posted April 17, 2023 Share Posted April 17, 2023 Thank you for clarifying the need for collecting up address. However as mentioned above I would love to see 2fa implemented. And should I worry for my ip address leaking. I can’t help but feel like I got a target on my back. Other than being vigilant, should I do anything else? Quote Link to comment Share on other sites More sharing options...
Staff Patrick Connor Posted April 17, 2023 Author Staff Share Posted April 17, 2023 On 4/17/2023 at 8:24 PM, ShelvsHOTpencil said: And should I worry for my ip address leaking. No, most applications on your phone send your actual location constantly, your IP isn't very useful information. On 4/17/2023 at 8:24 PM, ShelvsHOTpencil said: I would love to see 2fa implemented. 2FA is implemented here already. It can be turned on under your account settings > privacy. It is also coming to the Affinity Store accounts soon On 4/17/2023 at 8:24 PM, ShelvsHOTpencil said: Other than being vigilant, should I do anything else? Not really, vigilance regarding emails you receive is always recommend. Quote Patrick Connor Serif Europe Ltd Latest V2 releases on each platform Help make our apps better by joining our beta program! "There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self." W. L. Sheldon Link to comment Share on other sites More sharing options...
debraspicher Posted April 17, 2023 Share Posted April 17, 2023 1 hour ago, ShelvsHOTpencil said: Thank you for clarifying the need for collecting up address. However as mentioned above I would love to see 2fa implemented. And should I worry for my ip address leaking. I can’t help but feel like I got a target on my back. Other than being vigilant, should I do anything else? Data leaks are very common. It's an annoying hassle, but unique passwords are the only way to limit the scope of damage. If you have a secure location at home to lock up things, they do sell password books online that people can pencil in login details (per website/company). Most people don't follow this advice though. Anyway, much of our info is already out there in other ways. When we sign up for anything online, there's always a chance that the service provider sells your info. It's difficult to track back to that signup unless you use a burner acct to narrow down which sites are doing this. I'd say appox 50-75% of signups do resell. (Edit: If you've typed out your email anywhere online publicly, it will also be scrapped by a bot, that's the other method...) I run my own email server, so I can just create a pop up alias that dumps into my main inbox for individual providers if I suspect they may sell my info. When I see that it's coming from that address, I can delete or block it easily and the mail server errors will usually get that alias scrubbed. Most of my signups go into a spam address anyway, since I already know that most sites can't be trusted. It's not going to be a company like Serif that does the reselling of info. Usually a smaller website/web company that needs the bucks to keep their business running (since adblockers killed their revenue). I say all this to say, if you receive a significant amount of SPAM, your info is already out there in circulation. A vast majority of the SPAM that makes its way into our inboxes comes from the reselling of our information. So filtering what you sign up for is important. I recommend to use a spam acct for non-essential things. Even Amazon sellers we buy things from don't think twice to lift this information and use it to send us ads, etc. I receive phishing emails and "you have been hacked" stuff on a daily basis in droves for my spam accounts. In all the languages I speak. So unless we live on a digital island and we never sign up for anything, our info is being circulated in some way. IPs are not as important unless you don't want anyone to know even your approximate location (usually city or nearby town). If that matters to you, use a VPN. Back in the day, some websites would actually display it publicly for tracking/accountability as a deterrent from trolls/users with multiple accts. IPs need tracking by server admins to prevent not just SPAM, but other forms of cyber attacks. IPs are considered public information. When we email someone, our IP address may be going out with our emails. Depends on the provider and if we are using an external email client. Look up "email headers" and how to find IP-related info. You can easily spot out of country scammers this way by doing a geolocation lookup on the IP once you figure out which is the Sender IP... Quote Link to comment Share on other sites More sharing options...
Nana Posted April 18, 2023 Share Posted April 18, 2023 @Patrick Connor, any reason why we can enable 2FA on the forum account but not on the store account? One would consider the store account needing more protection as it's linked with licenses and personal details including postal addresses. Quote Link to comment Share on other sites More sharing options...
carl123 Posted April 18, 2023 Share Posted April 18, 2023 24 minutes ago, Nana said: @Patrick Connor, any reason why we can enable 2FA on the forum account but not on the store account? One would consider the store account needing more protection as it's linked with licenses and personal details including postal addresses. Reread Patrick's last post in this thread Quote To save time I am currently using an automated AI to reply to some posts on this forum. If any of "my" posts are wrong or appear to be total b*ll*cks they are the ones generated by the AI. If correct they were probably mine. I apologise for any mistakes made by my AI - I'm sure it will improve with time. Link to comment Share on other sites More sharing options...
Staff Patrick Connor Posted April 18, 2023 Author Staff Share Posted April 18, 2023 4 hours ago, Nana said: any reason why we can enable 2FA on the forum account but not on the store account? the forums are off the shelf and have this already available. The Affinity Accounts/Store are propriety software and everything needs writing and testing ourselves, so takes time and consideration Xzenor 1 Quote Patrick Connor Serif Europe Ltd Latest V2 releases on each platform Help make our apps better by joining our beta program! "There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self." W. L. Sheldon Link to comment Share on other sites More sharing options...
Staff Patrick Connor Posted April 19, 2023 Author Staff Share Posted April 19, 2023 @AdrianoCahete To delete your forum account simply send an email to DataProtection@serif.com from the email address associated with your forum account. If you also want any personal data deleted (for example any Affinity Store account), state that in the email too. Quote Patrick Connor Serif Europe Ltd Latest V2 releases on each platform Help make our apps better by joining our beta program! "There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self." W. L. Sheldon Link to comment Share on other sites More sharing options...
Anmalo Posted April 19, 2023 Share Posted April 19, 2023 Password is the SAME on STORE and FORUM ! Not working for me with 2 separated passwords into Chrom with Passwordmanager. I have changes my password!! When i change here password, the STORE pw will be change to. Why you say i not the same? regards Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.