Attention - Password and Security Update - Page 5 - MG-Rover.org Forums
 30Likes
Reply
 
LinkBack Thread Tools Rate Thread Display Modes
post #81 of 135 (permalink) Old 22-06-2016, 18:39
Registered User
 
Join Date: Jun 2007
Location: Derbyshire
Car: 2013 MG 3 VTI Tech Style
Posts: 11,523
When will autoguide learn?

Sent an email as advised on the 17th about the password issues and not being able to reset it.

Finally got a reply asking me to confirm details today from an autoguide rep, shame that I had to register a new account and post to ask the forum admins to be able to sort it which they duly did.

5 days to respond to an email about the issue hat autoguide themselves created and locked everyone out with hardly any warning.

They will never learn.
simcor is offline  
Sponsored Links
Advertisement
 
post #82 of 135 (permalink) Old 22-06-2016, 22:25
Registered User
 
Join Date: Jan 2009
Location: Loire Valley
Car: R 75 Diesel. Plus Honda CB 1,000 R. motorbike. 130 bhp engine
Posts: 5,723
Blog Entries: 3
Quote:
Originally Posted by simcor View Post
When will autoguide learn?

Sent an email as advised on the 17th about the password issues and not being able to reset it.

Finally got a reply asking me to confirm details today from an autoguide rep, shame that I had to register a new account and post to ask the forum admins to be able to sort it which they duly did.

5 days to respond to an email about the issue hat autoguide themselves created and locked everyone out with hardly any warning.

They will never learn.



I'm glad to see your back, Simon.




Oooops, I mean you're back.--------------------Lol.






Colv.----------------
COLVERT is offline  
post #83 of 135 (permalink) Old 23-06-2016, 22:20
Registered User
 
Join Date: Nov 2008
Location: Gävle, Sweden
Car: Rover 75
Posts: 219
Quote:
Originally Posted by vitesse v8 View Post
Many thanks, back as old self.

Understand from Roverlike that even you admin were not told about this forced action. If you have contact with the owners please tell them of the displeasure of the members (and I suspect the admin team).

Thanks again for your patience.
Account's been fine, managed to post a few comments, all back to normal (ish).

And now 23th June I'm locked out again as my password doesn't work. Opened my mail account to find those Canucks have after several days of inaction decided to read my original mail post in the "contact" section and, and without obviously talking to the admin team here ...... wait for it ..... issued me with yet another new password.

Words defeat me at the moment to describe this level of incompetence. But bear in mind it's not the local guys, as it hit them with no forewarning. They've done their best at damage control, and helped a lot of us get back on. And then along came the Canucks and mess things up again.

Not messing about with my Safari passwords at this time of night, will have to wait till morning.

Such are the benefits of international takeovers.
vitesse v8 is offline  
 
post #84 of 135 (permalink) Old 24-06-2016, 05:13
Rover Lifestyle
 
Roverlike's Avatar
 
Join Date: Aug 2009
Location: Split, Croatia
Car: Rover 200 (95-99) 'Bubble Shape'
Posts: 10,405
Quote:
Originally Posted by vitesse v8 View Post
Account's been fine, managed to post a few comments, all back to normal (ish).

And now 23th June I'm locked out again as my password doesn't work. Opened my mail account to find those Canucks have after several days of inaction decided to read my original mail post in the "contact" section and, and without obviously talking to the admin team here ...... wait for it ..... issued me with yet another new password.

Words defeat me at the moment to describe this level of incompetence. But bear in mind it's not the local guys, as it hit them with no forewarning. They've done their best at damage control, and helped a lot of us get back on. And then along came the Canucks and mess things up again.

Not messing about with my Safari passwords at this time of night, will have to wait till morning.

Such are the benefits of international takeovers.
I am sorry for that, but I do not know what to say any more...
Roverlike is offline  
post #85 of 135 (permalink) Old 24-06-2016, 20:31 Thread Starter
Administrator
 
AdminC's Avatar
 
Join Date: Jul 2012
Car: CityRover
Posts: 748
Hey there,

That article you posted is not accurate, as a lot of information has been left out;

A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

Their system was compromised and they grabbed user data for us and thousands of others.
We cleared our part of the breach and went this route to further security.
This is also in place as many members on the internet use the same or similar passwords across all things they use.

Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used.
Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Though this breech happened in Feb, we were not notified until very recently. We worked hard to find a solution for this mess, and acted on it. Though it may not be ideal in some eyes, it is the best we have access to ATM.
Once the storm settles we may look into other methods for our security, but right now we ask that you be patient with us.

If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you for your patience and understanding,

Richard.
AdminC is offline  
post #86 of 135 (permalink) Old 25-06-2016, 06:23
Registered User
 
Join Date: Jan 2011
Location: North Devon
Car: Rover 25
Posts: 648
This all now makes sense.

Last week, I got a Phishing E-Mail that addressed me by name. Now I know where my name came from.
Spudgun! is online now  
post #87 of 135 (permalink) Old 25-06-2016, 10:07
Registered User
 
Join Date: Feb 2009
Location: Wigan
Car: MG TF
Posts: 163
Verticalscope say I should address any questions to the board(s) I frequent, so here goes:

Why were't users notified of the breach when it occured in February? Why wait until they found the data for sale in June? The data could have been made available for several months before it was "found" and that time could have led to hacked accounts, lost money and more.

They phrased it thus: "On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online"

That implies they were aware of the data breach in Feb.

Can you escalate the question and get an answer please? (Disclaimer: I work in IT and specialise in security - so I'm interested).

Nick
NikTheGeek is offline  
post #88 of 135 (permalink) Old 25-06-2016, 11:28
Registered User
 
Join Date: Apr 2016
Location: Manchester
Car: Rover 75
Posts: 109
I got this notice banner when I logged on the site, should I be clicking it or not!


skeleboy is offline  
post #89 of 135 (permalink) Old 25-06-2016, 11:38
Rover Lifestyle
 
Roverlike's Avatar
 
Join Date: Aug 2009
Location: Split, Croatia
Car: Rover 200 (95-99) 'Bubble Shape'
Posts: 10,405
Quote:
Originally Posted by skeleboy View Post
I got this notice banner when I logged on the site, should I be clicking it or not!


It is safe to open, so it is up to you if you want to read it or not.
Roverlike is offline  
post #90 of 135 (permalink) Old 25-06-2016, 11:40
Registered User
 
Join Date: Apr 2016
Location: Manchester
Car: Rover 75
Posts: 109
Quote:
Originally Posted by Roverlike View Post
It is safe to open, so it is up to you if you want to read it or not.

OK thanks for the reply.
skeleboy is offline  
post #91 of 135 (permalink) Old 26-06-2016, 13:38
gnu
Registered User
 
Join Date: Mar 2010
Location: Bristol
Car: MG ZS & Rover 200
Posts: 3,833
Blog Entries: 14
Back on again after being locked out and not having time to sort out access

btw - no email received; inbox, spam, other accounts, wherever. Just had to go through the reset procedure on the home page...
gnu is offline  
post #92 of 135 (permalink) Old 09-07-2016, 23:37
Registered User
 
Join Date: Jul 2016
Car: MG TF
Posts: 2
Unhappy

I have not received an email.....unable to log in at all...'forgot password' function is also no use...I probably now have a different email address to when I signed up 12 years ago! Totally locked out.
OriginalMike is offline  
post #93 of 135 (permalink) Old 09-07-2016, 23:47
Registered User
 
Join Date: Jul 2016
Car: MG TF
Posts: 2
I never received an email. I have been unable to access my account or even get as far as using the 'forgotten password' facility. Even if I could, it'probably linked to an email address I no longer use (probably why I never got an email)..so have had to start afresh. Not a regular user, but been here since 2001 with the username 'Mike'. A shame to have no access to that. If one of the mods is able to fix that or send me a PM over what to do, then that would be nice. Many thanks.
OriginalMike is offline  
post #94 of 135 (permalink) Old 10-07-2016, 00:17
Administrator
 
Chris T's Avatar
 
Join Date: Feb 2005
Location: Leicestershire
Car: MG TF 135 Platinum Silver, Skoda Roomster
Posts: 32,558
Garages
You should now have a password "reminder" sent your new email address
Chris T is online now  
post #95 of 135 (permalink) Old 12-07-2016, 15:16 Thread Starter
Administrator
 
AdminC's Avatar
 
Join Date: Jul 2012
Car: CityRover
Posts: 748
Quote:
Originally Posted by NikTheGeek View Post
Verticalscope say I should address any questions to the board(s) I frequent, so here goes:

Why were't users notified of the breach when it occured in February? Why wait until they found the data for sale in June? The data could have been made available for several months before it was "found" and that time could have led to hacked accounts, lost money and more.

They phrased it thus: "On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online"

That implies they were aware of the data breach in Feb.

Can you escalate the question and get an answer please? (Disclaimer: I work in IT and specialise in security - so I'm interested).

Nick
You can read more about this here: VerticalScope.com

Quote:
Originally Posted by skeleboy View Post
I got this notice banner when I logged on the site, should I be clicking it or not!


This is safe to click.

Quote:
Originally Posted by OriginalMike View Post
I have not received an email.....unable to log in at all...'forgot password' function is also no use...I probably now have a different email address to when I signed up 12 years ago! Totally locked out.
Quote:
Originally Posted by OriginalMike View Post
I never received an email. I have been unable to access my account or even get as far as using the 'forgotten password' facility. Even if I could, it'probably linked to an email address I no longer use (probably why I never got an email)..so have had to start afresh. Not a regular user, but been here since 2001 with the username 'Mike'. A shame to have no access to that. If one of the mods is able to fix that or send me a PM over what to do, then that would be nice. Many thanks.
If this was posted before, ill post here to help others out. If you are unable to get your password resets properly sorted out due to old emails on your account still after the notice was sent out, we ask that you go down to the contact us area, and with the subject line of "password reset" add the following contents for me:

- Account Name
- Email On the account
- Email You need it changed to if need be

add all this, then hit send, and someone on our team will answer that email and fix your account up no problem.

You can do the same and send us a PM privately to have it manually changed, but due to the influx and us tackling a lot of issues, this would be a slower way of getting it reset. we recommend you use the contact us form to get it resolved if you can. If that does fail though and you have waited too long, send us a PM and we will Manually reset it. Just make sure you supply the information above for a quicker fix.

Also, If you do have the right email on your account, I would ask you to please check your spam/junk folders as sometimes with certain email providers, it tends to land in there.

if you all need anything else, please let me know.

~Shane
AdminC is offline  
post #96 of 135 (permalink) Old 12-07-2016, 17:59
Registered User
 
Join Date: Feb 2009
Location: Wigan
Car: MG TF
Posts: 163
That doesn't answer my question. You referred me to the verticalscope article, but I'd already read that. It states that they became aware that data stolen in Feb 2016 was been made available in June 2016. I want to know why I wasn't told in Feb 2016 - that would have given me at least a 3 months head start.

It's not like the hacker(s) was going to sit on the stolen data for ever. It would have been made available at some point so we should have been told immediately.

tnx

Nik
NikTheGeek is offline  
post #97 of 135 (permalink) Old 12-07-2016, 18:55
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Not sure you will get a straight answer to be honest Nik. As the admins we have been asking all of these questions repeatedly and not getting a response which is consistent or complete.

We have challenged over the complexity, but it looks like it is what it is at a corporate level for all sites and no exceptions will be made to have an acceptable level of user experience

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #98 of 135 (permalink) Old 12-07-2016, 19:20
Registered User
 
Join Date: Feb 2009
Location: Wigan
Car: MG TF
Posts: 163
Quote:
Originally Posted by Stu View Post
Not sure you will get a straight answer to be honest Nik. As the admins we have been asking all of these questions repeatedly and not getting a response which is consistent or complete.

We have challenged over the complexity, but it looks like it is what it is at a corporate level for all sites and no exceptions will be made to have an acceptable level of user experience
I know it's nothing to do with you guys and you do a sterling job, so please don't think I'm having a go or anything!

thanks for your replies (from all the admins)

Nik
NikTheGeek is offline  
post #99 of 135 (permalink) Old 12-07-2016, 19:27
Registered User
 
Join Date: Feb 2005
Location: Near Lincoln
Car: 06 MG ZR+120
Posts: 8,189
I am afraid it comes across to me as typical of the usual North American corporate attitude - our private details have been hacked because of the poor standard of security at Verticalscope, and because they are not keeping the forum software up to date and as secure as possible; but it is all OUR fault because we didn't have complicated enough passswords.

They then send out emails which lots of people never recieved (in spite of having a fully functioning current email address registered with the forum), and when you follow their advice to use the 'Contact us' limk, you get no reply for nearly a week

And even now, nearly a month later, Verticalscope still haven't grasped that they are the ones who have screwed up bigtime, and it is fairly obvious from the smallish number of regular posters who are still active since the changes, that there are still a significant number who are finding themselves locked out, and presumably not getting any response from the 'forgotten password' request link (has anyone actually got this to work at all - I tried multiple times without success), and probably not getting very far with the 'Contact us' link either (Simcor reported it took five days for him to recieve a response, and it was a similar timescale in my own case too!).

Verticalscope, and its IT department in particular are giving a very good impression of having limited IT skills, and not knowing much about the general workings of computers and the internet in general.

Last edited by Man in the Car; 12-07-2016 at 19:35.
Man in the Car is offline  
post #100 of 135 (permalink) Old 13-07-2016, 10:52
Registered User
 
Join Date: Jul 2016
Location: notts
Car: Other Manufacturer
Posts: 46
Quote:
Originally Posted by the chauffer View Post
I to think the same as Dakta and others, the new security measure are just over kill. My bank is easier to log on to.
i must agree,
Glyn Scothern is offline  
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the MG-Rover.org Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password on PC? StreetBoy PC Gen Chat & Help 5 23-06-2008 22:14

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome