Forum Security Alert: Important Information for All Forum Users

[Patrick Connor]

36 minutes ago, Anmalo said:

When i change here password, the STORE pw will be change to.

Not true at all. You may have used the same password but they are changed independently. Your Chrome password manager may be confusing the issue. The passwords/databases are 100% independent.

[Anmalo]

Yes you have right, the Chrom cant be handle, you sould be change the login field names or chookies not the same as the store.

I think it is the same code on forum and store...

Now i have change the email adresse to an other, then it is functional with chrom.

regards

[henryg]

Shame most other companies breached do not show the transparency shown here!!

[Archangel]

Just, had someone attempt hacking my phone account via sending a code. Not sure if it is related but keep aware guys/

[GripsholmLion]

This is one of the reasons why I use SimpleLogin to create a unique alias for each internet account. It took even less time to generate a new alias and disable the old one than it took to update my account settings here. No organisation has my canonical email address other than, obviously, the provider of it.

[ShelvsHOTpencil]

Thank you for taking the time of day. I do understand that this type of issues are part of the online digital life. 

On 4/17/2023 at 4:12 PM, debraspicher said:

Data leaks are very common. It's an annoying hassle, but unique passwords are the only way to limit the scope of damage. If you have a secure location at home to lock up things, they do sell password books online that people can pencil in login details (per website/company). Most people don't follow this advice though. Anyway, much of our info is already out there in other ways.

When we sign up for anything online, there's always a chance that the service provider sells your info. It's difficult to track back to that signup unless you use a burner acct to narrow down which sites are doing this. I'd say appox 50-75% of signups do resell. (Edit: If you've typed out your email anywhere online publicly, it will also be scrapped by a bot, that's the other method...) I run my own email server, so I can just create a pop up alias that dumps into my main inbox for individual providers if I suspect they may sell my info. When I see that it's coming from that address, I can delete or block it easily and the mail server errors will usually get that alias scrubbed. Most of my signups go into a spam address anyway, since I already know that most sites can't be trusted.

It's not going to be a company like Serif that does the reselling of info. Usually a smaller website/web company that needs the bucks to keep their business running (since adblockers killed their revenue). I say all this to say, if you receive a significant amount of SPAM, your info is already out there in circulation. A vast majority of the SPAM that makes its way into our inboxes comes from the reselling of our information. So filtering what you sign up for is important. I recommend to use a spam acct for non-essential things. Even Amazon sellers we buy things from don't think twice to lift this information and use it to send us ads, etc. I receive phishing emails and "you have been hacked" stuff on a daily basis in droves for my spam accounts. In all the languages I speak. So unless we live on a digital island and we never sign up for anything, our info is being circulated in some way.

IPs are not as important unless you don't want anyone to know even your approximate location (usually city or nearby town). If that matters to you, use a VPN. Back in the day, some websites would actually display it publicly for tracking/accountability as a deterrent from trolls/users with multiple accts. IPs need tracking by server admins to prevent not just SPAM, but other forms of cyber attacks.

IPs are considered public information. When we email someone, our IP address may be going out with our emails. Depends on the provider and if we are using an external email client. Look up "email headers" and how to find IP-related info. You can easily spot out of country scammers this way by doing a geolocation lookup on the IP once you figure out which is the Sender IP...

 

[1stn00b]

On 4/17/2023 at 8:42 PM, Patrick Connor said:

No, most applications on your phone send your actual location constantly, your IP itself isn't very useful information.

Phone location tracking is the most invasive privacy breach since it can basically reveal thru inference where u live, where u work, where u shop, etc, etc. And when u combine the locations data of multiple users u can get their relations graph like friends, family, coworkers, lovers etc : > And all this data only with 2 variables : a timestamp and a location.

[Balveda]

Omg I'm being so relentlessly spammed right now, getting RSI dealing with them all.