Jump to content


Photo

security incident on forum.eset.com


61 replies to this topic

#1 MS-adm

MS-adm
  • Group: Administrators
  • Posts: 75
  • Kudos: 5
  • Joined: 06-February 13

Posted 05 June 2014 - 07:48 AM

Hello,

 

we have been informed by our third-party forum provider that user login details of ESET Security Forum members have been compromised. At this time we have confirmed that login data (user name/email and hashed forum passwords) have been accessed. We have requested details about the incident from our provider and have launched a full-scale investigation with them. ESET Security Forum has around 2,700 registered users and the only information stored are login details: no financial or other sensitive data are affected. ESET-operated infrastructure and ESET software users were not affected in any way by this incident.

 

We recommend that all ESET Security Forum users change their passwords. Having different passwords for different services is a good practice: if you used your ESET Security Forum password for other services, we recommend that you also change those passwords immediately too. Some useful tips on how to create strong passwords can be found at ESET WeLiveSecurity website: http://www.welivesec...g-yourself-mad/

 

To change your email and/or password:

Click your name at the top right of the window

Click My Settings

In the menu on the left, click Email & Password

Enter your new email and/or password

 

We apologize for any inconvenience.

 

ESET Security Forum


Edited by MS-adm, 06 June 2014 - 12:05 AM.
Instruction on changing u/p added

  • 0

#2 sky7

sky7
  • Group: Members
  • Posts: 68
  • Kudos: 15
  • Joined: 02-April 14

Posted 05 June 2014 - 08:22 AM

Is this true?  ESET Security Websites and Forum for Spain Hacked by Indonesian Hacker
 


Edited by sky7, 05 June 2014 - 09:17 AM.

  • 0

#3 Arakasi

Arakasi
  • Group: Members
  • Posts: 2,398
  • Kudos: 524
  • Joined: 25-June 13

Posted 05 June 2014 - 10:07 AM

Password reset done.

 

The method used to infiltrate will be the anticipated topic.

Sql injection will not impress me at all. Neither will entry point being the domain hosting providers (out of ESET's hands for the most part).

 

Any form other than, will surely peak my interest.

 

Since this forum is hosted by a third party, ESET was indirectly attacked.


Edited by Arakasi, 05 June 2014 - 10:07 AM.

  • 0

The More credit you give away, the more will come back to you. The more you help others, the more they will want to help you. -Tracy

Why ESET at home? Why ESET at the office? ESET Two-Factor Authentication  DESlock+ Sysrescue Live  -- Renew your home license (US)?


#4 SweX

SweX
  • Group: Members
  • Posts: 1,988
  • Kudos: 685
  • Joined: 15-May 13

Posted 05 June 2014 - 12:21 PM

Password reset done again (I changed it just a couple days ago lol)

 

I was thinking of registering using an "alias" email but I didn't as I didn't think this forum out of all forums would be hacked. Oh well, I do at least use a different pass for my email. All the passwords I have used here since registering have ony been used here so that's good at least.

 

This is kind of funny though, knowing that MS-adm posted that recommendation to change our password due to all the hacks lately on other sites and forums, and now this, I guess "they" read the message and decided to hack in to really force us to change passwords.  :ph34r:

 

Edit: make this more of an alert with more "bling bling" to it so ALL users really see it and changes their passwords ASAP. If possible place a red link on top of the main forum to make it more visible not only in each parent section. 


Edited by SweX, 05 June 2014 - 12:29 PM.

  • 0

OpenDNS | ESET Powered By -> ESET Technology

"He has 512mb of ram and his computer runs fine with eset lol." 

 


#5 Nedim

Nedim
  • Group: Members
  • Posts: 61
  • Kudos: 7
  • Joined: 16-May 13

Posted 05 June 2014 - 02:47 PM

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!


  • 0

#6 ismethere

ismethere
  • Group: Members
  • Posts: 11
  • Kudos: 0
  • Joined: 03-June 14

Posted 05 June 2014 - 03:02 PM

I reset password too...be aware


  • 0

#7 ismethere

ismethere
  • Group: Members
  • Posts: 11
  • Kudos: 0
  • Joined: 03-June 14

Posted 05 June 2014 - 03:03 PM

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

Firstly Panda, Secondly Avast! then third ME....


  • 0

#8 Manzai

Manzai
  • Group: Members
  • Posts: 2
  • Kudos: 0
  • Joined: 16-June 13

Posted 05 June 2014 - 03:06 PM

Password changed :)


  • 0

#9 MS-adm

MS-adm
  • Group: Administrators
  • Posts: 75
  • Kudos: 5
  • Joined: 06-February 13

Posted 05 June 2014 - 03:38 PM

Hello,

 

we already sent a bulk email to all registered forum members. As the email is sent out in cycles of n per minute, it can take a while to process all the mail.

ESET Security Forum


  • 1

#10 Nedim

Nedim
  • Group: Members
  • Posts: 61
  • Kudos: 7
  • Joined: 16-May 13

Posted 05 June 2014 - 03:40 PM

Hello,

 

we already sent a bulk email to all registered forum members. As the email is sent out in cycles of n per minute, it can take a while to process all the mail.

ESET Security Forum

 

Good to know that. Thank you.


  • 0

#11 Temp Member

Temp Member
  • Group: Members
  • Posts: 39
  • Kudos: 2
  • Joined: 17-May 13

Posted 05 June 2014 - 03:45 PM

Used LassPass to Generate me a new password instead of weak one I had.


  • 0

#12 Triple Helix

Triple Helix
  • Group: Members
  • Posts: 2
  • Kudos: 0
  • Joined: 12-June 13

Posted 05 June 2014 - 03:57 PM

This is dumb for a security forum!

 

TH :rolleyes:


Edited by Triple Helix, 05 June 2014 - 03:57 PM.

  • 0

Triple Helix

Microsoft® MVP Consumer Security

VIP Member of ASAP


#13 Veeshush

Veeshush
  • Group: Members
  • Posts: 12
  • Kudos: 2
  • Joined: 03-November 13

Posted 05 June 2014 - 04:07 PM

Everytime something like this happens I recommend people get familar with LastPass or KeePass https://en.wikipedia.org/wiki/KeePass


  • 0

#14 siljaline

siljaline
  • Group: Members
  • Posts: 181
  • Kudos: 55
  • Joined: 16-April 13

Posted 05 June 2014 - 04:16 PM

Bulk email received - password changed. 

 

 


  • 1

#15 cyberhash

cyberhash
  • Group: Members
  • Posts: 40
  • Kudos: 14
  • Joined: 11-June 13

Posted 05 June 2014 - 04:58 PM

This is going to happen regardless of what company or where the site is hosted. Once people find any type of exploit in any cms/forum software they can pull these databases at will.

 

Companies depend on 3rd party software to run all these sites nowadays and that's always going to pose a risk.

 

Even a disgruntled employee at any web host poses a risk .

 

Enjoy the internet !! :wub:


  • 4

#16 siljaline

siljaline
  • Group: Members
  • Posts: 181
  • Kudos: 55
  • Joined: 16-April 13

Posted 05 June 2014 - 05:06 PM

The Avast Forum issue and this one are not to be confused.  The Avast Forum is still down while ESET has proactively taken swift action.
 

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!


  • 2

#17 manOFpeace

manOFpeace
  • Group: Members
  • Posts: 3
  • Kudos: 0
  • Joined: 19-September 13

Posted 05 June 2014 - 05:26 PM

Password changed as requested.


  • 0

#18 Nedim

Nedim
  • Group: Members
  • Posts: 61
  • Kudos: 7
  • Joined: 16-May 13

Posted 05 June 2014 - 05:32 PM

 

The Avast Forum issue and this one are not to be confused.  The Avast Forum is still down while ESET has proactively taken swift action.
 

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

 

 

They did the similar thing here and there. I didn't post it to bash ESET. It's not ESET's fault.


  • 0

#19 kkay

kkay
  • Group: Members
  • Posts: 32
  • Kudos: 0
  • Joined: 06-December 13

Posted 05 June 2014 - 05:37 PM

Every time I turn around, some other place got hacked.  This is so frustrating.  I had toyed with the idea of a password manager, but am afraid that will get hacked.  We keep having to come up with more difficult passwords too.  Long gone are the days when it was a simple password, you could EASILY remember.  Now you have to put nonsense passwords in, and even that is not good enough.  Thank you ESET for informing your people right away.  That is very much appreciated.


  • 0

#20 SweX

SweX
  • Group: Members
  • Posts: 1,988
  • Kudos: 685
  • Joined: 15-May 13

Posted 05 June 2014 - 05:39 PM

This is dumb for a security forum!

 

TH :rolleyes:

Don't worry the Webroot Forum will follow soon   :P  ;) (But let's hope not)

 

AFAIK, It doesn't matter if a forum is about Cars, Technology or Security. They are all forums running on software, so if the Car forum runs the same forum platform as the Security forum then you can't secure the Security forum any better than the Car forum and hope that the 3'rd party does everything they can to keep it as secure as possible.

 

I imagine that we will just see more and more of these bastard attacks.


Edited by SweX, 05 June 2014 - 06:10 PM.

  • 1

OpenDNS | ESET Powered By -> ESET Technology

"He has 512mb of ram and his computer runs fine with eset lol." 

 




Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users