01-05-2021, 10:28 PM
|
#1
|
Franchise Player
Join Date: Jan 2010
Location: Calgary
|
CP User Data Leak?
A message popped up on my phone today that my username was among other usernames identified in the data leak from this forum.
1) Did anyone else receive this message?
2) Was there a data leak?
3) If yes, what information has been leaked/breached?
Can the administrators comment, please?
__________________
"An idea is always a generalization, and generalization is a property of thinking. To generalize means to think." Georg Hegel
“To generalize is to be an idiot.” William Blake
|
|
|
01-05-2021, 10:31 PM
|
#2
|
#1 Goaltender
|
I didn’t get a message but Google Says my password was compromised and recommend I change it so I did.
|
|
|
01-05-2021, 10:35 PM
|
#3
|
That Crazy Guy at the Bus Stop
Join Date: Jun 2010
Location: Springfield Penitentiary
|
What data? It’s CP. hackers can take everything and it would make no difference to me. It’s not like CP stores my bank records and credit card numbers.
I guess my name and/or email address but neither of those are confidential.
Edit: forgot the salacious and erotic (but definitely unsolicited) PMs that peter12 keeps sending me. Definitely don’t want those getting out. But I feel that’s more a concern for him than it is me.
Last edited by Cecil Terwilliger; 01-05-2021 at 10:38 PM.
|
|
|
The Following User Says Thank You to Cecil Terwilliger For This Useful Post:
|
|
01-05-2021, 10:42 PM
|
#4
|
Truculent!
|
Quote:
Originally Posted by Cecil Terwilliger
What data? It’s CP. hackers can take everything and it would make no difference to me. It’s not like CP stores my bank records and credit card numbers.
I guess my name and/or email address but neither of those are confidential.
Edit: forgot the salacious and erotic (but definitely unsolicited) PMs that peter12 keeps sending me. Definitely don’t want those getting out. But I feel that’s more a concern for him than it is me.
|
He's sending YOU those too! My goodness, I thought he only had eyes for me!
__________________
Quote:
Originally Posted by Poe969
It's the Law of E=NG. If there was an Edmonton on Mars, it would stink like Uranus.
|
|
|
|
01-05-2021, 10:43 PM
|
#5
|
First Line Centre
Join Date: Jul 2013
Location: Calgary
|
Quote:
Originally Posted by Cecil Terwilliger
What data? It’s CP. hackers can take everything and it would make no difference to me. It’s not like CP stores my bank records and credit card numbers.
I guess my name and/or email address but neither of those are confidential.
Edit: forgot the salacious and erotic (but definitely unsolicited) PMs that peter12 keeps sending me. Definitely don’t want those getting out. But I feel that’s more a concern for him than it is me.
|
That's odd. I had to give my credit card numbers, SIN, and a picture of my passport when I signed up.
|
|
|
The Following 3 Users Say Thank You to bob-loblaw For This Useful Post:
|
|
01-05-2021, 10:43 PM
|
#6
|
Franchise Player
Join Date: Apr 2013
Location: Cowtown
|
Quote:
Originally Posted by Cecil Terwilliger
What data? It’s CP. hackers can take everything and it would make no difference to me. It’s not like CP stores my bank records and credit card numbers.
I guess my name and/or email address but neither of those are confidential.
Edit: forgot the salacious and erotic (but definitely unsolicited) PMs that peter12 keeps sending me. Definitely don’t want those getting out. But I feel that’s more a concern for him than it is me.
|
Let me guess, a clowns nose between 2 grapefruits
__________________
Quote:
Originally Posted by oilboimcdavid
Eakins wasn't a bad coach, the team just had 2 bad years, they should've been more patient.
|
|
|
|
01-06-2021, 01:00 AM
|
#7
|
Franchise Player
Join Date: Nov 2009
Location: Section 203
|
Quote:
Originally Posted by Cecil Terwilliger
What data? It’s CP. hackers can take everything and it would make no difference to me. It’s not like CP stores my bank records and credit card numbers.
I guess my name and/or email address but neither of those are confidential.
|
You should see the current sign up process for CP. They ask for way more than just a screen name and email address. It sounds like a passport application.
__________________
My thanks equals mod team endorsement of your post.
Quote:
Originally Posted by Bingo
Jesus this site these days
|
Quote:
Originally Posted by Barnet Flame
He just seemed like a very nice person. I loved Squiggy.
|
Quote:
Originally Posted by dissentowner
I should probably stop posting at this point
|
|
|
|
The Following 2 Users Say Thank You to squiggs96 For This Useful Post:
|
|
01-06-2021, 03:38 AM
|
#8
|
Scoring Winger
Join Date: May 2008
Location: Syracuse, NY
|
I guess hackers will now know if my tp goes over or under. The horrors.
__________________
...Rob
The American Dream isn't an SUV and a house in the suburbs;
it's Don't Tread On Me.
|
|
|
01-06-2021, 07:06 AM
|
#9
|
Franchise Player
Join Date: Dec 2016
Location: Alberta
|
Quote:
Originally Posted by CaptainYooh
A message popped up on my phone today that my username was among other usernames identified in the data leak from this forum.
1) Did anyone else receive this message?
2) Was there a data leak?
3) If yes, what information has been leaked/breached?
Can the administrators comment, please?
|
I didn't receive a notification of any kind.
Not too worried though.
|
|
|
01-06-2021, 07:11 AM
|
#10
|
Franchise Player
|
I checked to see if my CP password was on any pwned lists, and it was not. And I haven't changed it in a long time. So I don't think this was part of the Cit0day release, which would be the most likely source.
|
|
|
01-06-2021, 07:18 AM
|
#11
|
Powerplay Quarterback
|
PII probably isn't the big concern if the data was leaked, most data people sign up with is public domain PII. You could associate a person's username with their real name, which could be a huge PII issue if they have posted their political beliefs, religious beliefs, gender identity, sexuality, request for advice on sensitive topics, etc. on the forum. For some users, not a big deal, in my case, it's easy to figure out who I am from my username for others this could have an impact. This assumes they signed up with a real name.
The bigger concern was the passwords leaked, a lot of non-technical users probably use a few passwords for everything. Forums are quite often a vector of attack for other more sensitive credentials like email, bank, etc. password. The main vector of attack on World of Warcraft accounts when I played the game was via 3rd party forums not associated with Blizzard.
There is another risk IP can be considered PII, and I would assume that the forum has IP tracking, so theoretically if the audit logs were exposed someone could trace someone's movements by the geolocation of the IP address. It isn't GPS level tracing; however, it can give you city data which could be an issue depending on the person. With secondary access (to the ISP's network) a malicious actor, could in theory utilize the IP address to track the person to houses or public access points.
(None of this is saying suggesting there was a breach, this could be a fishing email, just trying to lay out some of the personal risks I could see to CP's data being leaked if it happened.)
(I personally am changing my password just to be on the safe side)
|
|
|
The Following 2 Users Say Thank You to Krovikan For This Useful Post:
|
|
01-06-2021, 07:33 AM
|
#12
|
Franchise Player
Join Date: Jul 2010
Location: Calgary - Centre West
|
If you have used the username and password that you use with CP on other websites, then it’s possible that one of those sites got hacked and your phone is alerting you that the credentials have been compromised.
iOS has this built in, you can look in Settings > Passwords and it’ll tell you if any of your credentials are compromised and need to be changed. It’ll also suggest you use different passwords for every account if you have some common ones.
__________________
-James
GO FLAMES GO.
|
|
|
01-06-2021, 07:36 AM
|
#13
|
Franchise Player
|
If you want to see if your password has been used elsewhere(by you or someone else) you can enter it here:
https://haveibeenpwned.com/Passwords
WARNING!
Once you do this, that password is compromised. Not officially, he's not going to use it for nefarious stuff(probably), but you just entered it on a random internet form. Untrusted. So if you use this, make sure you change it after.
|
|
|
The Following 2 Users Say Thank You to Fuzz For This Useful Post:
|
|
01-06-2021, 08:06 AM
|
#14
|
Powerplay Quarterback
|
LastPass also has a checker if you don't want a random web forum, just create a free account and do the security check.
|
|
|
01-06-2021, 08:08 AM
|
#15
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Quote:
Originally Posted by CaptainYooh
A message popped up on my phone today that my username was among other usernames identified in the data leak from this forum.
1) Did anyone else receive this message?
2) Was there a data leak?
3) If yes, what information has been leaked/breached?
Can the administrators comment, please?
|
Where was this message from? Was it the browser? If so what browser?
1) I've never seen it, though I have seen the Google message fundmark19 mentions before.
2) Not to my knowledge. Many years ago we did have an issue with site files being updated to introduce code onto the webpage of the site, but that never touched the database server or software to my knowledge
Krovikan's post sums it up if some had gotten access to the database.
They would have a list of email addresses and password hashes and with enough effort they could reverse engineer the passwords one by one. The big risk there is if people don't practice good password hygiene and use the same password from the forum and on their email, which would give someone access to a lot of stuff (since most sites use email to do password resets). Always have different passwords on different sites, but at the very least always make sure your email is different than everything else and use a very strong password and 2 factor authentication if your email provider offers it (and switch to one that does if they don't).
They'd also have a list of IPs a person has posted from which as mentioned isn't overly accurate in terms of determining location and likely not overly useful for what such hackers would be looking for.
And any other information that was provided during the registration process.
If you have any other questions or want to let me know more details you can post here or PM me.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
The Following 3 Users Say Thank You to photon For This Useful Post:
|
|
01-06-2021, 09:08 AM
|
#16
|
Lifetime In Suspension
|
Everyone else appears fine, sounds like it’s a Yooh problem.
|
|
|
The Following 10 Users Say Thank You to ResAlien For This Useful Post:
|
|
01-06-2021, 09:19 AM
|
#17
|
Norm!
|
Nothing from my side. All my pron sites are safe.
__________________
My name is Ozymandias, King of Kings;
Look on my Works, ye Mighty, and despair!
|
|
|
01-06-2021, 09:22 AM
|
#18
|
Powerplay Quarterback
|
Quote:
Originally Posted by ResAlien
Everyone else appears fine, sounds like it’s a Yooh problem.
|
|
|
|
01-06-2021, 09:23 AM
|
#19
|
Franchise Player
Join Date: Jan 2010
Location: Calgary
|
Quote:
Originally Posted by photon
Where was this message from? Was it the browser? If so what browser?...
If you have any other questions or want to let me know more details you can post here or PM me.
|
This message popped up on my iPhone in Safari browser. I should have saved a screenshot, but I didn't. It asked me if I wanted to log in to calgarypuck.com under my user name and when I clicked on it, it gave me the second message advising that this user name was included in the data leak from this forum and that I should change my password immediately. It looked legit coming directly from Safari and was not a phishing email.
I will PM you separately. I posted this to warn others who might have been exposed if this data leak did actually happen.
__________________
"An idea is always a generalization, and generalization is a property of thinking. To generalize means to think." Georg Hegel
“To generalize is to be an idiot.” William Blake
|
|
|
01-06-2021, 09:40 AM
|
#20
|
Threadkiller
Join Date: Oct 2003
Location: 51.0544° N, 114.0669° W
|
I think the latest version of Firefox checks the email addresses/logins and warns you...
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 02:30 AM.
|
|