Former ESET Employees MS-adm 8 Posted June 5, 2014 Former ESET Employees Posted June 5, 2014 (edited) Hello, we have been informed by our third-party forum provider that user login details of ESET Security Forum members have been compromised. At this time we have confirmed that login data (user name/email and hashed forum passwords) have been accessed. We have requested details about the incident from our provider and have launched a full-scale investigation with them. ESET Security Forum has around 2,700 registered users and the only information stored are login details: no financial or other sensitive data are affected. ESET-operated infrastructure and ESET software users were not affected in any way by this incident. We recommend that all ESET Security Forum users change their passwords. Having different passwords for different services is a good practice: if you used your ESET Security Forum password for other services, we recommend that you also change those passwords immediately too. Some useful tips on how to create strong passwords can be found at ESET WeLiveSecurity website: hxxp://www.welivesecurity.com/2013/07/17/how-to-create-strong-passwords-without-driving-yourself-mad/ To change your email and/or password: Click your name at the top right of the window Click My Settings In the menu on the left, click Email & Password Enter your new email and/or password We apologize for any inconvenience. ESET Security Forum Edited June 6, 2014 by MS-adm Instruction on changing u/p added
sky7 19 Posted June 5, 2014 Posted June 5, 2014 (edited) Is this true? ESET Security Websites and Forum for Spain Hacked by Indonesian Hacker Edited June 5, 2014 by sky7
Arakasi 549 Posted June 5, 2014 Posted June 5, 2014 (edited) Password reset done. The method used to infiltrate will be the anticipated topic. Sql injection will not impress me at all. Neither will entry point being the domain hosting providers (out of ESET's hands for the most part). Any form other than, will surely peak my interest. Since this forum is hosted by a third party, ESET was indirectly attacked. Edited June 5, 2014 by Arakasi
SweX 871 Posted June 5, 2014 Posted June 5, 2014 (edited) Password reset done again (I changed it just a couple days ago lol) I was thinking of registering using an "alias" email but I didn't as I didn't think this forum out of all forums would be hacked. Oh well, I do at least use a different pass for my email. All the passwords I have used here since registering have ony been used here so that's good at least. This is kind of funny though, knowing that MS-adm posted that recommendation to change our password due to all the hacks lately on other sites and forums, and now this, I guess "they" read the message and decided to hack in to really force us to change passwords. Edit: make this more of an alert with more "bling bling" to it so ALL users really see it and changes their passwords ASAP. If possible place a red link on top of the main forum to make it more visible not only in each parent section. Edited June 5, 2014 by SweX
Nedim 9 Posted June 5, 2014 Posted June 5, 2014 Hmm...first Avast, now ESET...who's next? Bastards! Note: send an email to all registered users!!!
ismethere 0 Posted June 5, 2014 Posted June 5, 2014 Hmm...first Avast, now ESET...who's next? Bastards! Note: send an email to all registered users!!! Firstly Panda, Secondly Avast! then third ME....
Former ESET Employees MS-adm 8 Posted June 5, 2014 Author Former ESET Employees Posted June 5, 2014 Hello, we already sent a bulk email to all registered forum members. As the email is sent out in cycles of n per minute, it can take a while to process all the mail.ESET Security Forum
Nedim 9 Posted June 5, 2014 Posted June 5, 2014 Hello, we already sent a bulk email to all registered forum members. As the email is sent out in cycles of n per minute, it can take a while to process all the mail. ESET Security Forum Good to know that. Thank you.
Temp Member 3 Posted June 5, 2014 Posted June 5, 2014 Used LassPass to Generate me a new password instead of weak one I had.
Triple Helix 0 Posted June 5, 2014 Posted June 5, 2014 (edited) This is dumb for a security forum! TH Edited June 5, 2014 by Triple Helix
Veeshush 3 Posted June 5, 2014 Posted June 5, 2014 Everytime something like this happens I recommend people get familar with LastPass or KeePass https://en.wikipedia.org/wiki/KeePass
Most Valued Members cyberhash 201 Posted June 5, 2014 Most Valued Members Posted June 5, 2014 This is going to happen regardless of what company or where the site is hosted. Once people find any type of exploit in any cms/forum software they can pull these databases at will. Companies depend on 3rd party software to run all these sites nowadays and that's always going to pose a risk. Even a disgruntled employee at any web host poses a risk . Enjoy the internet !!
siljaline 57 Posted June 5, 2014 Posted June 5, 2014 The Avast Forum issue and this one are not to be confused. The Avast Forum is still down while ESET has proactively taken swift action. Hmm...first Avast, now ESET...who's next? Bastards! Note: send an email to all registered users!!!
Nedim 9 Posted June 5, 2014 Posted June 5, 2014 The Avast Forum issue and this one are not to be confused. The Avast Forum is still down while ESET has proactively taken swift action. Hmm...first Avast, now ESET...who's next? Bastards! Note: send an email to all registered users!!! They did the similar thing here and there. I didn't post it to bash ESET. It's not ESET's fault.
kkay 0 Posted June 5, 2014 Posted June 5, 2014 Every time I turn around, some other place got hacked. This is so frustrating. I had toyed with the idea of a password manager, but am afraid that will get hacked. We keep having to come up with more difficult passwords too. Long gone are the days when it was a simple password, you could EASILY remember. Now you have to put nonsense passwords in, and even that is not good enough. Thank you ESET for informing your people right away. That is very much appreciated.
SweX 871 Posted June 5, 2014 Posted June 5, 2014 (edited) This is dumb for a security forum! TH Don't worry the Webroot Forum will follow soon (But let's hope not) AFAIK, It doesn't matter if a forum is about Cars, Technology or Security. They are all forums running on software, so if the Car forum runs the same forum platform as the Security forum then you can't secure the Security forum any better than the Car forum and hope that the 3'rd party does everything they can to keep it as secure as possible. I imagine that we will just see more and more of these bastard attacks. Edited June 5, 2014 by SweX
ESET Insiders m4v3r1ck 123 Posted June 5, 2014 ESET Insiders Posted June 5, 2014 What if you login with your Facebook account to this forum, LAZY as I am?
Nedim 9 Posted June 5, 2014 Posted June 5, 2014 What if you login with your Facebook account to this forum, LAZY as I am? Nothing to worry if you use two different passwords. Otherwise...disconnect your FB account and create new account on this forum. And change passwords of course.
The PIT 1 Posted June 5, 2014 Posted June 5, 2014 Security forum that doesn't check how secure it's host is. Oops.
goatty2 0 Posted June 5, 2014 Posted June 5, 2014 (edited) password changed having to change a few passwords these days forgot to add i didnt follow link on the email just incase Edited June 5, 2014 by goatty2
Recommended Posts