MS-adm

security incident on forum.eset.com

62 posts in this topic

Hello,

 

we have been informed by our third-party forum provider that user login details of ESET Security Forum members have been compromised. At this time we have confirmed that login data (user name/email and hashed forum passwords) have been accessed. We have requested details about the incident from our provider and have launched a full-scale investigation with them. ESET Security Forum has around 2,700 registered users and the only information stored are login details: no financial or other sensitive data are affected. ESET-operated infrastructure and ESET software users were not affected in any way by this incident.

 

We recommend that all ESET Security Forum users change their passwords. Having different passwords for different services is a good practice: if you used your ESET Security Forum password for other services, we recommend that you also change those passwords immediately too. Some useful tips on how to create strong passwords can be found at ESET WeLiveSecurity website: hxxp://www.welivesecurity.com/2013/07/17/how-to-create-strong-passwords-without-driving-yourself-mad/

 

To change your email and/or password:

Click your name at the top right of the window

Click My Settings

In the menu on the left, click Email & Password

Enter your new email and/or password

 

We apologize for any inconvenience.

 

ESET Security Forum

Edited by MS-adm
Instruction on changing u/p added

Share this post


Link to post
Share on other sites

Password reset done.

 

The method used to infiltrate will be the anticipated topic.

Sql injection will not impress me at all. Neither will entry point being the domain hosting providers (out of ESET's hands for the most part).

 

Any form other than, will surely peak my interest.

 

Since this forum is hosted by a third party, ESET was indirectly attacked.

Edited by Arakasi

Share this post


Link to post
Share on other sites

Password reset done again (I changed it just a couple days ago lol)

 

I was thinking of registering using an "alias" email but I didn't as I didn't think this forum out of all forums would be hacked. Oh well, I do at least use a different pass for my email. All the passwords I have used here since registering have ony been used here so that's good at least.

 

This is kind of funny though, knowing that MS-adm posted that recommendation to change our password due to all the hacks lately on other sites and forums, and now this, I guess "they" read the message and decided to hack in to really force us to change passwords.  :ph34r:

 

Edit: make this more of an alert with more "bling bling" to it so ALL users really see it and changes their passwords ASAP. If possible place a red link on top of the main forum to make it more visible not only in each parent section. 

Edited by SweX

Share this post


Link to post
Share on other sites

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

Share this post


Link to post
Share on other sites

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

Firstly Panda, Secondly Avast! then third ME....

Share this post


Link to post
Share on other sites

Hello,

 

we already sent a bulk email to all registered forum members. As the email is sent out in cycles of n per minute, it can take a while to process all the mail.

ESET Security Forum

Share this post


Link to post
Share on other sites

Hello,

 

we already sent a bulk email to all registered forum members. As the email is sent out in cycles of n per minute, it can take a while to process all the mail.

ESET Security Forum

 

Good to know that. Thank you.

Share this post


Link to post
Share on other sites

Used LassPass to Generate me a new password instead of weak one I had.

Share this post


Link to post
Share on other sites

This is dumb for a security forum!

 

TH :rolleyes:

Edited by Triple Helix

Share this post


Link to post
Share on other sites

Bulk email received - password changed. 

 

 

Share this post


Link to post
Share on other sites

This is going to happen regardless of what company or where the site is hosted. Once people find any type of exploit in any cms/forum software they can pull these databases at will.

 

Companies depend on 3rd party software to run all these sites nowadays and that's always going to pose a risk.

 

Even a disgruntled employee at any web host poses a risk .

 

Enjoy the internet !! :wub:

Share this post


Link to post
Share on other sites

The Avast Forum issue and this one are not to be confused.  The Avast Forum is still down while ESET has proactively taken swift action.
 

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

Share this post


Link to post
Share on other sites

 

The Avast Forum issue and this one are not to be confused.  The Avast Forum is still down while ESET has proactively taken swift action.

 

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

 

 

They did the similar thing here and there. I didn't post it to bash ESET. It's not ESET's fault.

Share this post


Link to post
Share on other sites

Every time I turn around, some other place got hacked.  This is so frustrating.  I had toyed with the idea of a password manager, but am afraid that will get hacked.  We keep having to come up with more difficult passwords too.  Long gone are the days when it was a simple password, you could EASILY remember.  Now you have to put nonsense passwords in, and even that is not good enough.  Thank you ESET for informing your people right away.  That is very much appreciated.

Share this post


Link to post
Share on other sites

This is dumb for a security forum!

 

TH :rolleyes:

Don't worry the Webroot Forum will follow soon   :P  ;) (But let's hope not)

 

AFAIK, It doesn't matter if a forum is about Cars, Technology or Security. They are all forums running on software, so if the Car forum runs the same forum platform as the Security forum then you can't secure the Security forum any better than the Car forum and hope that the 3'rd party does everything they can to keep it as secure as possible.

 

I imagine that we will just see more and more of these bastard attacks.

Edited by SweX

Share this post


Link to post
Share on other sites

What if you login with your Facebook account to this forum, LAZY as I am?  :wacko:

Share this post


Link to post
Share on other sites

What if you login with your Facebook account to this forum, LAZY as I am?  :wacko:

 

Nothing to worry if you use two different passwords. 

Otherwise...disconnect your FB account and create new account on this forum.

And change passwords of course.

Share this post


Link to post
Share on other sites

Password reset done.

Thanks for the information.

Share this post


Link to post
Share on other sites

Security forum that doesn't check how secure it's host is. Oops.

Share this post


Link to post
Share on other sites

password changed

having to change a few passwords these days

forgot to add

i didnt follow link on the email just incase

Edited by goatty2

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.