Jump to content

security incident on forum.eset.com

MS-adm

By MS-adm
in ESET Announcements

 Share

Recommended Posts

  • Former ESET Employees
MS-adm

MS-adm 8

Posted
  • Former ESET Employees
Posted (edited)

Hello,

 

we have been informed by our third-party forum provider that user login details of ESET Security Forum members have been compromised. At this time we have confirmed that login data (user name/email and hashed forum passwords) have been accessed. We have requested details about the incident from our provider and have launched a full-scale investigation with them. ESET Security Forum has around 2,700 registered users and the only information stored are login details: no financial or other sensitive data are affected. ESET-operated infrastructure and ESET software users were not affected in any way by this incident.

 

We recommend that all ESET Security Forum users change their passwords. Having different passwords for different services is a good practice: if you used your ESET Security Forum password for other services, we recommend that you also change those passwords immediately too. Some useful tips on how to create strong passwords can be found at ESET WeLiveSecurity website: hxxp://www.welivesecurity.com/2013/07/17/how-to-create-strong-passwords-without-driving-yourself-mad/

 

To change your email and/or password:

Click your name at the top right of the window

Click My Settings

In the menu on the left, click Email & Password

Enter your new email and/or password

 

We apologize for any inconvenience.

 

ESET Security Forum

Edited by MS-adm
Instruction on changing u/p added
Link to comment
Share on other sites
Arakasi

Arakasi 549

Posted
Posted (edited)

Password reset done.

 

The method used to infiltrate will be the anticipated topic.

Sql injection will not impress me at all. Neither will entry point being the domain hosting providers (out of ESET's hands for the most part).

 

Any form other than, will surely peak my interest.

 

Since this forum is hosted by a third party, ESET was indirectly attacked.

Edited by Arakasi
Link to comment
Share on other sites
SweX

SweX 871

Posted
Posted (edited)

Password reset done again (I changed it just a couple days ago lol)

 

I was thinking of registering using an "alias" email but I didn't as I didn't think this forum out of all forums would be hacked. Oh well, I do at least use a different pass for my email. All the passwords I have used here since registering have ony been used here so that's good at least.

 

This is kind of funny though, knowing that MS-adm posted that recommendation to change our password due to all the hacks lately on other sites and forums, and now this, I guess "they" read the message and decided to hack in to really force us to change passwords.  :ph34r:

 

Edit: make this more of an alert with more "bling bling" to it so ALL users really see it and changes their passwords ASAP. If possible place a red link on top of the main forum to make it more visible not only in each parent section. 

Edited by SweX
Link to comment
Share on other sites
Nedim

Nedim 9

Posted
Posted

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

Link to comment
Share on other sites
ismethere

ismethere 0

Posted
Posted

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

Firstly Panda, Secondly Avast! then third ME....

Link to comment
Share on other sites
  • Former ESET Employees
MS-adm

MS-adm 8

Posted
  • Author
  • Former ESET Employees
Posted

Hello,

 

we already sent a bulk email to all registered forum members. As the email is sent out in cycles of n per minute, it can take a while to process all the mail.

ESET Security Forum

Link to comment
Share on other sites
Nedim

Nedim 9

Posted
Posted

Hello,

 

we already sent a bulk email to all registered forum members. As the email is sent out in cycles of n per minute, it can take a while to process all the mail.

ESET Security Forum

 

Good to know that. Thank you.

Link to comment
Share on other sites
  • Most Valued Members
cyberhash

cyberhash 169

Posted
  • Most Valued Members
Posted

This is going to happen regardless of what company or where the site is hosted. Once people find any type of exploit in any cms/forum software they can pull these databases at will.

 

Companies depend on 3rd party software to run all these sites nowadays and that's always going to pose a risk.

 

Even a disgruntled employee at any web host poses a risk .

 

Enjoy the internet !! :wub:

Link to comment
Share on other sites
siljaline

siljaline 57

Posted
Posted

The Avast Forum issue and this one are not to be confused.  The Avast Forum is still down while ESET has proactively taken swift action.
 

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

Link to comment
Share on other sites
Nedim

Nedim 9

Posted
Posted

 

The Avast Forum issue and this one are not to be confused.  The Avast Forum is still down while ESET has proactively taken swift action.

 

Hmm...first Avast, now ESET...who's next?

Bastards!

 

Note: send an email to all registered users!!!

 

 

They did the similar thing here and there. I didn't post it to bash ESET. It's not ESET's fault.

Link to comment
Share on other sites
kkay

kkay 0

Posted
Posted

Every time I turn around, some other place got hacked.  This is so frustrating.  I had toyed with the idea of a password manager, but am afraid that will get hacked.  We keep having to come up with more difficult passwords too.  Long gone are the days when it was a simple password, you could EASILY remember.  Now you have to put nonsense passwords in, and even that is not good enough.  Thank you ESET for informing your people right away.  That is very much appreciated.

Link to comment
Share on other sites
SweX

SweX 871

Posted
Posted (edited)

This is dumb for a security forum!

 

TH :rolleyes:

Don't worry the Webroot Forum will follow soon   :P  ;) (But let's hope not)

 

AFAIK, It doesn't matter if a forum is about Cars, Technology or Security. They are all forums running on software, so if the Car forum runs the same forum platform as the Security forum then you can't secure the Security forum any better than the Car forum and hope that the 3'rd party does everything they can to keep it as secure as possible.

 

I imagine that we will just see more and more of these bastard attacks.

Edited by SweX
Link to comment
Share on other sites
Nedim

Nedim 9

Posted
Posted

What if you login with your Facebook account to this forum, LAZY as I am?  :wacko:

 

Nothing to worry if you use two different passwords. 

Otherwise...disconnect your FB account and create new account on this forum.

And change passwords of course.

Link to comment
Share on other sites
goatty2

goatty2 0

Posted
Posted (edited)

password changed

having to change a few passwords these days

forgot to add

i didnt follow link on the email just incase

Edited by goatty2
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...