Jump to content
You must now use your email address to sign in [click for more info] ×

Forum Security Alert: Important Information for All Forum Users


Recommended Posts

  • Staff
30 minutes ago, 1stn00b said:

So was this a case of "1234" password on administrator account or a social engineering attack ?

The admin password on the account in question was a random mix of upper and lower case letters and numbers, which the account holder had thought was unique to the forum account but was actually shared with another website who suffered a cyber attack. We have only discovered the shared nature of that password since the attack. We do take data protection seriously but this has shown up some weaknesses that we are addressing. Sorry again

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

I was one of the umpteen million people whose ADOBE accounts were hacked several years ago, including every bit of our information.  Had no idea until several WEEKS after the breach when I was finally notified.  Then we were offered a bandaid approach “in case,” plus the suggestion that we watch our bank accounts for an extended period.   Serif has notified us almost immediately with detailed information.   Just another very important reason why Serif has my unequivocal vote for One in a Million!  Thank you for letting us know so speedily.  Hopefully we will all watch our P’s and Q’s and send the bad guys to Junk/Trash.


24" iMAC Apple M1 chip, 8-core CPU, 8-core GPU, 16 GB unified memory, 1 TB SSD storage, Ventura 13.6.7.  Photo, Publisher, Designer 1.10.5, and 2.3.
MacBook Pro 13" 2020, Apple M1 chip, 16GB unified memory, 256GB  SSD storage
,  Ventura 13.6.7.   Publisher, Photo, Designer 1.10.5, and 2.1.1.  
 iPad Pro 12.9 2020 (4th Gen. IOS 16.6.1); Apple pencil.  
Wired and bluetooth mice and keyboards.9_9

Link to comment
Share on other sites

8 hours ago, Patrick Connor said:

The admin password on the account in question was a random mix of upper and lower case letters and numbers, ...

Which is usually a common feasible practise for passwords with a length of >= 12, though mixing in also some special characters additionally to that scheme, is even better.

 

8 hours ago, Patrick Connor said:

... which the account holder had thought was unique to the forum account but was actually shared with another website who suffered a cyber attack. ...

Well, that's the unfortunate point here and probably a good example for people in general, why not to (re)use one and the same pwd among multiple sites.

Though honestly that's also of no absolute protection, since in IT there generally doesn't exist something like an absolute for sure granted protection. Unfortunately, there are always ways and means to compromise IT systems in one way or another.

In short, nobody is really protected from something like that and unfortunately it can happen to anyone in IT at any time (...one of Murphy's laws)!

☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan
☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2

Link to comment
Share on other sites

First off, thank you for being once again completely transparent with the community. In these crazy times when thieves use more and more sophisticated means to scam, no one is safe. Who made the mistake or how is irrelevant; it can happen to anyone. What’s important is that we’re now aware of the attack and its possible fallout.

Secondly, I don’t know about other members but in 9 days since the cyber-attack took place, personally I see no spam/ phishing attempts. Of course I’ll continue to monitor my email activity for any possible fraudulent attempt — but so far so good.

Regards.

StudioLink 256gb 11’ M1 iPad Pro

iPadOS 17 Public Beta 1

iPad Magic Keyboard

Link to comment
Share on other sites

3 hours ago, ShelvsHOTpencil said:

Why are you storing the IP address of users? 

Patrick answered the question earlier here:

On 4/13/2023 at 1:53 PM, Patrick Connor said:

(…)we use the IP address history to keep spamming to  minimum

 

Greetings from Germany

Micha

Please excuse my bad english. I learned it at school over thirty years ago. If you don't use it (regularly), you'll loose it.

Windows 10 & iPadOS: Affinity Suite (v1 and v2), all Workbooks (v1, german language), some content-packages

Link to comment
Share on other sites

  • Staff

It was only because of the IP address tools that this breach was discovered, as the hacker had tried to break into 3 other staff accounts before that morning. Without the IP address we may not have found the breach.

The IP address storage is also a core feature of the spam defense of these off the shelf forums, and not something that we can avoid 

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

I am in cybersecurity also and I find that 2fa is very effective tool against account cracking. It would have prevented this attack.

Lenovo IdeaPad 5 Ryzen 7 5700U Rx Vega 8 graphics 

16GB RAM (15.3 usable) 

Acer KB202 27in 1080p monitor

Affinity Photo 1.10.6

Affinity photo 2 2.4.2 Affinity Designer 2 2.4.2 Affinity Publisher 2 2.4.2 on Windows 11 Pro version 23H2

Beta builds as they come out.

canon 80d| sigma 18-200mm F3.5-6.3 DC MACRO OS HSM | Tamron SP AF 28-75mm f/2.8 XR Di LD | Canon EF-S 10-18mm f/4.5-5.6 IS STM Autofocus APS-C Lens, Black

 

Link to comment
Share on other sites

On 4/13/2023 at 9:54 PM, Patrick Connor said:

Technically perhaps they could access the database, but the admin logs and other security logs are very clear and show us that was not done, NO passwords were compromised. Furthermore, even if they had accessed the DB (and they did not) all passwords are hashed (not stored in plain text) so useless to a hacker.

Hello Patrick, there are two related but different issues here, (a) how your systems were compromised and (b) the impact to forum users based on our knowledge of what data was accessed. 

Would Affinity be sharing more details on exactly how the attacker was able to compromise your services, and what services were breached? I'm still not very clear about your statement - if they could access your database then they were already deep inside your systems. Your SIEM services that manage your audit logs themselves may have been subject to other types of changes, i.e., it may not be possible to tell authoritatively whether password hashes or other data such as credit card details were indeed accessed, or were not accessed, just by looking at your admin and security logs. 

Second, with regards to the impact on forum users, there would be a problem if users have reused passwords, whether or not password hashes were accessed. Most folks tend to reuse the same email address & password combinations (against good security hygiene) simply because it's convenient. This is not so much your issue, but a general comment on the state of cybersecurity hygiene today.

Thanks!
-Sam

Link to comment
Share on other sites

they has the same kind of hack that colonial pipeline had in 2021 just google it.

Lenovo IdeaPad 5 Ryzen 7 5700U Rx Vega 8 graphics 

16GB RAM (15.3 usable) 

Acer KB202 27in 1080p monitor

Affinity Photo 1.10.6

Affinity photo 2 2.4.2 Affinity Designer 2 2.4.2 Affinity Publisher 2 2.4.2 on Windows 11 Pro version 23H2

Beta builds as they come out.

canon 80d| sigma 18-200mm F3.5-6.3 DC MACRO OS HSM | Tamron SP AF 28-75mm f/2.8 XR Di LD | Canon EF-S 10-18mm f/4.5-5.6 IS STM Autofocus APS-C Lens, Black

 

Link to comment
Share on other sites

  • Staff
34 minutes ago, BofG said:

Can you elaborate on this?...

Many peoples email addresses have been leaked in the past (See HaveIBeenPwned.com to see if your email or passwords have been compromised).

I suspect they came with a list of @serif.com email addresses and previously compromised passwords to see if they also gave access to the Affinity Forum accounts for those staff. 3 other accounts were tried and failed from the same IP address in the 10 minutes before the breach (these 3 accounts all locked after 3 failed password attempts). On the 4th staff account one of the compromised passwords seems to have got them access in less than 3 attempts.

With 3 failed attempts and lock (true of all accounts here) this forum cannot suffer from a brute force attack.

We have now implemented 2 factor authentication so a user cannot access an admin or moderator account without access to the authenticator application or to the actual email account of that address.

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

  • Staff
10 hours ago, Guest said:

Would Affinity be sharing more details on exactly how the attacker was able to compromise your services, and what services were breached?

No All the information is in this thread. I have held nothing back,

10 hours ago, Guest said:

if they could access your database then they were already deep inside your systems.

No, that is not how these forums work. They are hosted on their own servers with accounts 100% independent from any other systems.

10 hours ago, Guest said:

it may not be possible to tell authoritatively whether password hashes or other data such as credit card details were indeed accessed, or were not accessed, just by looking at your admin and security logs

The forums do not store any credit card details, as I explained repeatedly, and this is unhelpful to suggest we are missing something from the comprehensive admin logs which we have studied in detail before submitting our official completed report to the ICO.

10 hours ago, Guest said:

Second, with regards to the impact on forum users, there would be a problem if users have reused passwords, whether or not password hashes were accessed. Most folks tend to reuse the same email address & password combinations (against good security hygiene) simply because it's convenient. This is not so much your issue, but a general comment on the state of cybersecurity hygiene today.

Agreed, hence us telling all users by email, as this is effectively how they gained access to our forums in the first place.

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

I would like to say thanks for letting us know that it happened and the data that may have been compromised.

IP addresses are no issue as your provider will allocate a new fixed IP if necessary but I always recommend dynamic, as for the email it just adds to the spam.

Once again thanks to Affinity for coming forward and warning us of this compromise.

 

Both PC’s Win 11 x64 System with Intuos Pen & Touch 
PC1 ASUS ROG Strix - AMD Ryzen 9 6900X CPU @ 3.3GHz. 32GB RAM

- GPU 1: AMD Radeon integrated. GPU 2: NVIDIA RTX 3060, 6GB
PC2 HP Pavilion - 
Intel® Core™ i7-7700HQ CPU @ 2.80GHz (8 CPUs), 16GB RAM
 - GPU 1: Intel HD Graphics 630, GPU 2: NVIDIA GTX1050, 4GB

iPad (8th Gen) 2020

 

Link to comment
Share on other sites

  • Staff
On 4/17/2023 at 8:24 PM, ShelvsHOTpencil said:

And should I worry for my ip address leaking.

No, most applications on your phone send your actual location constantly, your IP isn't very useful information.

On 4/17/2023 at 8:24 PM, ShelvsHOTpencil said:

I would love to see 2fa implemented.

2FA is implemented here already. It can be turned on under your account settings > privacy

It is also coming to the Affinity Store accounts soon

On 4/17/2023 at 8:24 PM, ShelvsHOTpencil said:

Other than being vigilant, should I do anything else?

Not really, vigilance regarding emails you receive is always recommend.

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

1 hour ago, ShelvsHOTpencil said:

Thank you for clarifying the need for collecting up address. However as mentioned above I would love to see 2fa implemented. And should I worry for my ip address leaking.

I can’t help but feel like I got a target on my back. Other than being vigilant, should I do anything else?

Data leaks are very common. It's an annoying hassle, but unique passwords are the only way to limit the scope of damage. If you have a secure location at home to lock up things, they do sell password books online that people can pencil in login details (per website/company). Most people don't follow this advice though. Anyway, much of our info is already out there in other ways.

When we sign up for anything online, there's always a chance that the service provider sells your info. It's difficult to track back to that signup unless you use a burner acct to narrow down which sites are doing this. I'd say appox 50-75% of signups do resell. (Edit: If you've typed out your email anywhere online publicly, it will also be scrapped by a bot, that's the other method...) I run my own email server, so I can just create a pop up alias that dumps into my main inbox for individual providers if I suspect they may sell my info. When I see that it's coming from that address, I can delete or block it easily and the mail server errors will usually get that alias scrubbed. Most of my signups go into a spam address anyway, since I already know that most sites can't be trusted.

It's not going to be a company like Serif that does the reselling of info. Usually a smaller website/web company that needs the bucks to keep their business running (since adblockers killed their revenue). I say all this to say, if you receive a significant amount of SPAM, your info is already out there in circulation. A vast majority of the SPAM that makes its way into our inboxes comes from the reselling of our information. So filtering what you sign up for is important. I recommend to use a spam acct for non-essential things. Even Amazon sellers we buy things from don't think twice to lift this information and use it to send us ads, etc. I receive phishing emails and "you have been hacked" stuff on a daily basis in droves for my spam accounts. In all the languages I speak. So unless we live on a digital island and we never sign up for anything, our info is being circulated in some way.

IPs are not as important unless you don't want anyone to know even your approximate location (usually city or nearby town). If that matters to you, use a VPN. Back in the day, some websites would actually display it publicly for tracking/accountability as a deterrent from trolls/users with multiple accts. IPs need tracking by server admins to prevent not just SPAM, but other forms of cyber attacks.

IPs are considered public information. When we email someone, our IP address may be going out with our emails. Depends on the provider and if we are using an external email client. Look up "email headers" and how to find IP-related info. You can easily spot out of country scammers this way by doing a geolocation lookup on the IP once you figure out which is the Sender IP...

Link to comment
Share on other sites

24 minutes ago, Nana said:

@Patrick Connor, any reason why we can enable 2FA on the forum account but not on the store account? One would consider the store account needing more protection as it's linked with licenses and personal details including postal addresses.

Reread Patrick's last post in this thread

To save time I am currently using an automated AI to reply to some posts on this forum. If any of "my" posts are wrong or appear to be total b*ll*cks they are the ones generated by the AI. If correct they were probably mine. I apologise for any mistakes made by my AI - I'm sure it will improve with time.

Link to comment
Share on other sites

  • Staff
4 hours ago, Nana said:

any reason why we can enable 2FA on the forum account but not on the store account?

the forums are off the shelf and have this already available. The Affinity Accounts/Store are propriety software and everything needs writing and testing ourselves, so takes time and consideration

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

  • Staff

@AdrianoCahete

To delete your forum account simply send an email to DataProtection@serif.com from the email address associated with your forum account. If you also want any personal data deleted (for example any Affinity Store account), state that in the email too.

Patrick Connor
Serif Europe Ltd

"There is nothing noble in being superior to your fellow man. True nobility lies in being superior to your previous self."  W. L. Sheldon

 

Link to comment
Share on other sites

Password is the SAME on STORE and FORUM ! Not working for me with 2 separated passwords into Chrom with Passwordmanager.

I have changes my password!!

 

When i change here password, the STORE pw will be change to.
Why you say i not the same?

regards

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.