01-06-2021, 09:49 AM
|
#21
|
|
Powerplay Quarterback
Join Date: Mar 2004
Location: Portland, OR
|
I didn't get a notice, but I have noticed the email I used to sign up for this site is getting 1-4 unfiltered spam emails a day, like someone signed me up for a bunch of crap mailing lists over the past two weeks. Before that, that happened maybe once a month or less. This is one of only a few select sites I've used this email for. I ended up creating a separate email like 15 years ago to sign up for most other sites that I know will be sending pointless spam emails.
|
|
|
|
01-06-2021, 10:09 AM
|
#22
|
|
Franchise Player
Join Date: Jul 2010
Location: Calgary - Centre West
|
Quote:
Originally Posted by CaptainYooh
This message popped up on my iPhone in Safari browser. I should have saved a screenshot, but I didn't. It asked me if I wanted to log in to calgarypuck.com under my user name and when I clicked on it, it gave me the second message advising that this user name was included in the data leak from this forum and that I should change my password immediately. It looked legit coming directly from Safari and was not a phishing email.
I will PM you separately. I posted this to warn others who might have been exposed if this data leak did actually happen.
|
Yeah, so this is exactly what I said above. iOS will determine if your credentials were listed in a password dump and notify you when using sites that leverage those credentials. It doesn't have to be that CalgaryPuck itself was compromised, just that your password used at CP was, which can be from pretty much any hacked website.
On your iPhone, go to Settings > Passwords and iOS will mention which saved passwords are compromised and you can go change them.
__________________
-James
GO FLAMES GO.
Quote:
|
Originally Posted by Azure
Typical dumb take.
|
|
|
|
|
|
01-06-2021, 10:32 AM
|
#23
|
|
Franchise Player
|
Passwords.Google.Com has the same checker FYI for any google saved passwords.
|
|
|
|
|
01-06-2021, 11:14 AM
|
#24
|
|
Retired
Join Date: May 2004
Location: Pacific Ocean
|
Quote:
Originally Posted by TorqueDog
Yeah, so this is exactly what I said above. iOS will determine if your credentials were listed in a password dump and notify you when using sites that leverage those credentials. It doesn't have to be that CalgaryPuck itself was compromised, just that your password used at CP was, which can be from pretty much any hacked website.,
On your iPhone, go to Settings > Passwords and iOS will mention which saved passwords are compromised and you can go change them.
|
I did that and CalgaryPuck.com was listed
|
|
|
|
|
01-06-2021, 11:16 AM
|
#25
|
|
Franchise Player
Join Date: Mar 2007
Location: Income Tax Central
|
Who would hack a hockey forum?
For why?
__________________
The Beatings Shall Continue Until Morale Improves!
This Post Has Been Distilled for the Eradication of Seemingly Incurable Sadness.
The World Ends when you're dead. Until then, you've got more punishment in store. - Flames Fans
If you thought this season would have a happy ending, you haven't been paying attention.
|
|
|
|
01-06-2021, 11:21 AM
|
#26
|
|
Powerplay Quarterback
|
Quote:
Originally Posted by Locke
Who would hack a hockey forum?
For why?
|
Rival hockey fans that hate CP? lol, just kidding, this is probably not a serious reason for attacking the forum.
Forums traditionally is an easier vector to a user's common credentials (or author authentication data) than hacking other sites. Also, anyone looking to stalk/harasses anyone might look for user information. For fun, lots of kids hack sites just to try it.
(None of my comments have any relevance to CP itself, and it's security measures, only the general nature of forums, in general, having lower security practices then sites like banks)
|
|
|
|
|
01-06-2021, 11:28 AM
|
#27
|
|
Franchise Player
Join Date: Mar 2007
Location: Income Tax Central
|
Quote:
Originally Posted by Krovikan
Rival hockey fans that hate CP? lol, just kidding, this is probably not a serious reason for attacking the forum.
Forums traditionally is an easier vector to a user's common credentials (or author authentication data) than hacking other sites. Also, anyone looking to stalk/harasses anyone might look for user information. For fun, lots of kids hack sites just to try it.
(None of my comments have any relevance to CP itself, and it's security measures, only the general nature of forums, in general, having lower security practices then sites like banks)
|
So you're saying it was probably MMF...
__________________
The Beatings Shall Continue Until Morale Improves!
This Post Has Been Distilled for the Eradication of Seemingly Incurable Sadness.
The World Ends when you're dead. Until then, you've got more punishment in store. - Flames Fans
If you thought this season would have a happy ending, you haven't been paying attention.
|
|
|
|
|
The Following 2 Users Say Thank You to Locke For This Useful Post:
|
|
|
01-06-2021, 11:28 AM
|
#28
|
|
Powerplay Quarterback
Join Date: Aug 2002
Location: Mayor of McKenzie Towne
|
Quote:
Originally Posted by socalwingfan
I did that and CalgaryPuck.com was listed
|
It's actually telling you that the password you are using has been compromised before (in some other hack).
Rather than 'brute forcing' a password, they will first try a list of known passwords obtained from other breaches.
Apple/google is just letting you know that your password for CP is included in one of those databases (not that it was obtained from a hack of CP).
Best practice is to use a unique password for each site and ideally a password that hasn't been used by anyone for any site previously.
__________________
"Teach a man to reason, and he'll think for a lifetime"
~P^2
|
|
|
|
|
The Following User Says Thank You to firebug For This Useful Post:
|
|
|
01-06-2021, 12:01 PM
|
#29
|
|
Franchise Player
Join Date: Feb 2011
Location: Somewhere down the crazy river.
|
Quote:
Originally Posted by gallione11
I didn't get a notice, but I have noticed the email I used to sign up for this site is getting 1-4 unfiltered spam emails a day, like someone signed me up for a bunch of crap mailing lists over the past two weeks. Before that, that happened maybe once a month or less. This is one of only a few select sites I've used this email for. I ended up creating a separate email like 15 years ago to sign up for most other sites that I know will be sending pointless spam emails.
|
Different email, but tons of spam for ShoppersDrugMart surveys. I think maybe related to the Linkedin hack.
There was that vBulletin hack a number of years back, which I think is related to the forum, but I think everybody was notified about that and passwords were reset.
|
|
|
|
|
01-06-2021, 04:26 PM
|
#30
|
|
#1 Goaltender
|
Quote:
Originally Posted by Fuzz
If you want to see if your password has been used elsewhere(by you or someone else) you can enter it here:
https://haveibeenpwned.com/Passwords
WARNING!
Once you do this, that password is compromised. Not officially, he's not going to use it for nefarious stuff(probably), but you just entered it on a random internet form. Untrusted. So if you use this, make sure you change it after. |
Well that was fun, but there's no way I'm putting my passwords in there.
I guess plural is the solution.
pwnage found
4ppl3 - 35 times
0r4ng3 - 390 times
B4n4n4 - 23 times
k1w1 - 23 times
M4ng0 - 2 times
4ppl35 - 75 times
0r4ng35 - 22 times
B4n4n45 - 8 times
No pwnage found
P43r
M4ng05
k1w15
P34r5
|
|
|
|
|
01-06-2021, 04:42 PM
|
#31
|
|
Franchise Player
Join Date: Mar 2015
Location: Pickle Jar Lake
|
Quote:
Originally Posted by #-3
Well that was fun, but there's no way I'm putting my passwords in there.
I guess plural is the solution.
pwnage found
4ppl3 - 35 times
0r4ng3 - 390 times
B4n4n4 - 23 times
k1w1 - 23 times
M4ng0 - 2 times
4ppl35 - 75 times
0r4ng35 - 22 times
B4n4n45 - 8 times
No pwnage found
P43r
M4ng05
k1w15
P34r5
|
I was curious if mine was in it, and it's only used here, so it seemed a good excuse to test it and update my password.
|
|
|
|
|
01-06-2021, 06:49 PM
|
#32
|
|
Franchise Player
|
Looks like 1234567890 has be pwned 2,293,209 times. Damn. I thought that bad boy was air tight.
|
|
|
|
|
01-06-2021, 07:12 PM
|
#33
|
|
Franchise Player
Join Date: Aug 2005
Location: Violating Copyrights
|
Quote:
Originally Posted by Locke
Who would hack a hockey forum?
For why?
|
The Russians are coming for us because of Wanamaker.
|
|
|
|
|
01-06-2021, 10:30 PM
|
#34
|
|
Franchise Player
Join Date: Mar 2007
Location: Income Tax Central
|
Quote:
Originally Posted by Barnes
The Russians are coming for us because of Wanamaker.
|
The Russians never forget. And they never Forgive.
And their Babushkas have a lot of free time!
__________________
The Beatings Shall Continue Until Morale Improves!
This Post Has Been Distilled for the Eradication of Seemingly Incurable Sadness.
The World Ends when you're dead. Until then, you've got more punishment in store. - Flames Fans
If you thought this season would have a happy ending, you haven't been paying attention.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 10:41 PM.
|
|
