Thank you, Tim -
I'm sure I speak for others in saying we appreciate your prompt response in this.
...password changed!
Randy
me2. thanks.
Makes you wonder what these idiots get out of doing stuff like that. They ought to get a job!
Anyway, my p/w now changed. Thanks for the update.
pw changed --thanks, Tim.
I am concerned that members who do not read the DB will not know of this. Is there any way to do a mass email?
BOB
Hi Bob,
There is an email going out to all active members right now (except to the members who have unsubscribed to the bulk emails). I have also posted the message on the SOR Facebook page.
Tim
If there had been any widespread abuse, I believe we would have become aware of this issue much earlier. Great. Tim, that you have figured out and fixed the vulnerability.
What are you going to do about such lowlifes? We could consider requiring mandatory password changes every couple of months, but that is probably not very popular with most users. So, I believe that falls into the realm of the internet being a scary place and to always be guarded, i.e., to use different passwords for different places and to change them once in a while. Of course, me too is guilty of not doing so at all times.
Maybe we need to consider to encrypt password.
Nobody should be able to decrypt it, even users can only reset, not recover.
Sam
Sam,
You and I had the same thought. I'm looking into encrypting the passwords now.
Regards ... Tim.
"Makes you wonder what these idiots get out of doing stuff like that."
PW changed! Thanks for the warning!
biggeorge
For all those sites that want a password but cannot hurt me - for example, a newspaper that requires a log-in but does not have my credit card - I use a single password.
At last count, there were dozens & dozens of such sites using that non-critical, non-financial, pretty-much-zero-impact password.
The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
I've tried password-generating software but, frankly, did not like the results, as I have to save the whole password in a convenient electronic place, and having a document on my desktop with a long list of URLs and passwords does not appeal to me.
Without giving away your family jewels, how do you manage your flock of passwords?
Cheers,
/s/ ikeyPikey
Changed mine!
Thanks for the warning!
Thanks for keeping us all on our toes, Tim. Password(s) changed. We get too lax with changing them periodically.
"The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
"
Back from current trip....Thanks have changed PW
Changed mine, thanks for the warning Tim.
If anyone is using Firefox, all your saved passwords are available to see. Go to Options in the menu (3 bars) icon, top right of screen. Click on security, passwords and view passwords.
Personally I keep mine in a book that is then hidden within other papers but mostly memory works well after a few entries.
Password changed - thanks for the info.
James
Thanks Tim............I'm changed
Changed mine, too!
Done!
Thank you for Tim
all changed now!!!
Changed. Thanks for the email!
Mark
Passord changed... thank-you for your diligence!
David
Thanks to SOR adminstrators for being open about this and addressing this so quickly!
I will add the following. I noticed an uptick in the number of spoofed emails from SoR members over the past 2 weeks. Oftentimes, the mailbox is actually correct but the domain name is different. The spoofing appears pretty convincing, otherwise, because they are using our full names rather than our username handles. I was concerned about this enough to contact at least one SoR member about this.
I think now I know why the uptick in the spoofed emails.
So please be advised to be extra careful to check the domain name in any emails you think you are receiving from SoR members. I'm not saying toss any emails from SOR members, but that you should check to make sure the domain name is the same as in the emails you received from them in the past.
Changed - thank you !!
Like khj, I've also gotten e-mails that seemed to come from SOR members; however, unlike real messages these latest e-mails have been routed to my spam box rather than my inbox. I'm not sure how the Yahoo spam filters detect the difference, but I've made a note not to open any items in the spam box. The two I did open didn't appear to have any clickable links, but had nothing to do with stamps. I've also changed my password.
Thanks, Tim for catching this quickly and closing the entry hole the hackers accessed. Keep up the good work.
Got my p/w changed.
Just changed mine. Thanks Tim.
Password changed....
Anyway, as online security is part of my profession, I've got two (ok, three) suggestions
1) instead of asking users to change password, the system/admins should automatically update everybody's password in situations like this. Then ask users to simply reset their password (using email based opt-in/confirmation system). That way any further damages are immediately prevented instead of relying whether or not all users read the notification.
2) Hashing passwords in database is MUST DO action. Storing passwords as plain text (or with simple encryption) has been big no-no for the past decade. (Again, if it requires resetting everybody's passwords, so be it. )
3) In addition of member details, I'm bit worried if also private messages have been affected/leaked as well? Personally I would never share any sensitive information (such as credit card details) using anything as insecure as email or members messages, but I do know for a fact that some collectors do so.... If the messages have leaked as well, then it might be a good idea to ask users to kill their credit cards if they have shared their credit card details using private/members messages.
Just my 5 cents worth,
-k-
Hi Scb,
Thanks for your suggestions. It is much appreciated especially as you are an IT professional. Below are some comment/explanations re your comments.
1. As we stand today I don't have a way for a member to change their password unless they are logged in. If I globally changed everyone's password, which would have addressed the initial security breach, no-one would have been able to login. It was quickest to ask everyone to help get them changed.
2. I'm working today on implementing password encryption across all membership records so that even if someone manages to hack-in again, they will not be able to read the passwords.
3. I don't think that they got to the private messages, but I can't be sure. We should all keep a close eye out for anything strange.
Thanks again for you your comments.
Regards ... Tim.
Thanks for the information. My password is changed.
Appreciate all the hard work that has to be done.
Suzanne
Password changed, but I wonder if other sections on the system have been affected.
Tony
"... Famous last words ..."
Thanks Tim. PW changed
Greg
Changed - and I changed my password on all of my other selling sites that use the same email. At least my PAYPAL account I had already set up with a different password because I have been hit there a few times.That is the one that could cause the most issues - if they could get into there with the password from here.
Hi Tim,
Thanks for the warning - password changed
Merv
Changed my PW too
Done. Thanks for spotting the problem so soon, and hopefully no harm done to any members.
Thanks for the quick heads up on this Tim! PW changed.
Was our street addresses post on the site too? Stamporama is the only stamp forum I belong too that requires a street address for membership.
Hi Brian,
No the street addresses were not posted on the hacker site.
Regards ... Tim
Hi Tim,
Thanks for securing the site and plugging the leak. I am just wondering what exactly showed up on the hacker site?
All the best,
Alyn
Ikey-Pikey said;
"Without giving away your family jewels, how do you manage your flock of passwords?"
Thanks Tim. Job well done!
Well, this is ONE way to find out who is still active around here!
LOL
Randy
Great one, Randy!
PW changed. Mine was unique to SOR.
I too have received spoof email from supposedly SOR members. Arrived in my Spam. Didn't open the attachment, deleted the message, and performed an in-depth scan. No infection was found.
PW changed. Thanks for the update
Changed. Thanks
Hi Tim;
Changed my password too....
TuskenRaider
I am getting e mails from auction houses i am not familiar with..we may have been spread around the philatelic community !
"Without giving away your family jewels, how do you manage your flock of passwords?"
I got the rest of mine about 30 minutes ago. I wondered about that as well but it was mentioned that there is an automatic extension of a lot if there is a bid within a certain time of the lot ending. I was not aware of that feature.
Greg
Brian and Greg,
With the bulk email that I sent out yesterday re the website getting hacked, there was a big backup of emails to send. Brian, you have all your emails now, right?
Regards ... Tim.
Hi Brian,
I'm not sure what has happened to your auction emails. It all looks OK on the server. Could you please check your spam/junk folders in your email program?
Regards ... Tim.
Thanks for the email and notification. PW changed!
Vince
Hi all, I only just received the info this morning, Monday.
I could not log in(password invalid) so have created a new profile/username/password.
All my internet registrations/passwords are in software from coffeecup.com
Its called "Lockerbox" check it out, it works. Different passwords generated by the software. I have been using it for a long time. So in short, every internet account I use has a different password.
To get any of my info one would have to hack my personal computer and then hack lockerbox.
On forums I always use a postal address of a Jail/Goal, after all I would say any communication on Forums is by email.
Bicolor04,
Of course, creating a new username/profile will wipe out your history here (history of lots sold and won, invoicing, discussions you participated under your old name etc. etc. etc.). It will also duplicate our member count (?). Better really not to become a 'new' member, but to use the "change password" function for your old username, which is now located below the login box. Perhaps Tim should make the link a little more prominent to avoid that members believe they must create new profiles.
Arno
I put a note on each of the Login screens to bring peoples attention to the Forgotten Password link.
Regards ... Tim.
I've been using LastPass for several years now. It's a great password generator and password vault program. You need to remember only one password - that's the one to access LastPass itself.
There is a free version available. I use the premium version ($12/year) so that I can access my passwords on my phone and tablet.
Please forgive me if it isn't appropriate to give publicity to other programs here.
Hi David,
It is all good. LastPass sounds like a solution that would work for many of our members.
Regards ... Tim.
...in the end, I changed it!!
If you have trouble remembering passwords AND serial numbers AND other data numbers...........::
The password holder "Web Confidential" works very well for me also "PassDiary" for iPad and iPhone work in the same way................
Cheers
Steve.
Hi Milko,
Don't I know you from somewhere else?
Steve.
Hi, Thanks for the email. Pasword successfully changed. Please note that skymem does not want confidential data on their website and according to their faq you can delete documents from their site by clicking on the Remove Button above each document. Don't know if that's true. You cana lso remove data from google search results, etc.
http://www.skymem.com/faq
Hi Jim,
You are quite correct. I did make use of their "Remove" function. They don't guarantee that the data will stay removed, so I'm keeping an eye on it every couple of days.
Regards ... Tim.
Not sure if related but note a debit of $24.10 on my Visa account dated today from a source I do not recognize.. It shows as pending so no use calling until Monday. I of course did not have this card # as part of my information on here but maybe someone used my password to access my account.
Hi,
I had not reset the password earlier but it was working fine till today when I was unable to login to SOR.My password was saved so whenever I used to open SOR it always used to open the page with me logged in, but today it was not logging me in. I remembered my password but still it was not logging me in with my password. So, I had to reset the password and log in again.
Few questions to Admin:
1. Can anyone change my password without any email communication to the email address which is updated in SOR.
2. Assuming someone hacked the password of SOR and changed the email address from my profile, would not be an email communication sent to the earlier email ID which was there providing the info that your email address has been changed.
3. As I worked in the technical field earlier in server-networking,curious to know was there any technical gap which was opened when we were moved from the old to the new server of SOR.
4. We discussed about encryption, any update on it.
Thanks
Auro
Hi Boseauro,
Here are the answers to your questions:
1. Only you can change your password either by using the Change Password function in the members area or by using the Forgot Password link on the Login page.
2. Had your email address been changed?
3. We don't know if any technical gap that was opened up by moving to the new server.
4. All passwords are encrypted.
Regards ... Tim.
Hi Tim,
Thanks for your response.
Coming back to my first question:
When we change our password, is there any email communication sent? In this case I did not get any email when my password was changed,so I probably assuming my password was compromised.
After I reset my password it is working fine now.
Thanks
Auro
Tim,
Please excuse me if these questions were already answered. I didn't see it if it was.
I just did a google search for my email address and I found where my email address, password and phone number were on the skymem website. Is there any way to get it off of there or is it just "tough luck"?
I saw the previous answer to this question, thanks.
Also, what else did they get? Do they have my name and address? I couldn't tell from what I saw.
What in the world is skymem.com anyway?
Thanks in advance,
-Ernie
My old one is still listed in Google search too.
Hi Ernie,
Skymem.com seems to be a website where hackers like to post their scalps (if you will excuse the term). If you are seeing a page on their website with your details, there should be a Remove button that you can use. I have done so and I thought that it had removed all of our information. I did a search using your email address and it seemed to be removed, but that could just have been the view that Google is giving me. Try clicking on the Remove button.
Regards ... Tim
I think the data is still in the Google cache, but no longer on the Skymem site. I checked for my info, and that's what happened. Showed up in the Google search, but did not show up on the Skymem site.
I am very disappointed by the lack of security on this site. This is not the first issue I have had with the site and must consider it the third strike.
I would hope that Tim would continue to check skymem.com to be sure our information is not re-posted. I am not sure we have heard the last of this yet.
How can I have my personal information removed from StampoRama? I no longer care to be a member of this site. Please advise me on how to proceed and how to document that my personal data is removed from this site.
Charlie,
There is no personal data on Stamporama that anyone with even a beginner's knowledge of the internet could not find out elsewhere. Anyone who believes that their private lives are safe from intrusion by a determined data miner is living in a fool's paradise. The internet is a dangerous place, but then so are the dark alleys of most of our cities. Good luck trying to find a safe haven on the WWW, you have a monumental task before you!
" Anyone who believes that their private lives are safe from intrusion by a determined data miner is living in a fool's paradise."
How very true. Remember when many people put their social security numbers on their checks and the police recommended that you engrave your social security number on expensive items?
Now we are told to do whatever it takes to keep that number from anyone and to make sure you don't carry your social security card in your wallet. And yet the government uses your social security number for your Medicare number and you are supposed to carry that card with you. Add in that it appears on all of your medical records which cannot be referred to as "secure" by any stretch of the imagination.
Try tracking down an old classmate on the internet - you can usually find them easily. Even the difficult ones who have moved several times can generally be found in less than half an hour.
@cfc1967,
I understand your frustration. We have done everything that we can to secure the website, but we are not hackers and don't have the same type of knowledge as the people who broke into the website. My focus has always been on building not breaking. I continue to look for possible break-ins on a regular basis and I scan the internet to try and find our private information out there. But don't just leave this to me. I strongly encourage you to to be scanning the internet for your personal information. Do regular Google scans for your email address. This was how Arno originally discovered that we had been hacked.
Regards ... Tim.
The SOR is highly unstable today. I am unable to post elsewhere, and only after 1/2 hour of tries can I hope to issue this warning. Highly unstable. Login, edit, posts etc all seem to have issues.
Started at 10:30 am more or less CA time.
Rrr. Posting now in desperation before loosing the connection.
Hi Everyone,
We discovered over night that the Stamporama website has been hacked and data from the membership database has been taken. All of our emails, password and phone numbers were posted on a website called skymem.com on Sept 21. Arno found this after investigating Alyn's post re his password having been changed by someone. I have requested that the information be taken down from the skymem.com website, but it could well be posted there again. We have no knowledge about the stolen information being used apart from the fact that it was posted on the skymem site.
I believe that I have found where they got in and have closed the security hole. I apologize sincerely that the security hole existed and that I hadn't caught it before.
It is very important that you go onto the Members Area and change your password. Even more important than that, if you use the same password that you use on Stamporama on other websites, especially if you use the same email address on those other websites, you should go and change your password on those websites. This is especially important if you use your stamporama password for any banking websites etc.
To change your password on Stamporama, login and go to the Members Area and use the "Change Password" function, which is right underneath the Edit Profile function. Please let me know if you need help.
I have sent this message out to all active members, except those who have unsubscribed from the bulk emails.
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thank you, Tim -
I'm sure I speak for others in saying we appreciate your prompt response in this.
...password changed!
Randy
re: The Stamporama website has been hacked. PLEASE READ NOW.
me2. thanks.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Makes you wonder what these idiots get out of doing stuff like that. They ought to get a job!
Anyway, my p/w now changed. Thanks for the update.
re: The Stamporama website has been hacked. PLEASE READ NOW.
pw changed --thanks, Tim.
I am concerned that members who do not read the DB will not know of this. Is there any way to do a mass email?
BOB
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Bob,
There is an email going out to all active members right now (except to the members who have unsubscribed to the bulk emails). I have also posted the message on the SOR Facebook page.
Tim
re: The Stamporama website has been hacked. PLEASE READ NOW.
If there had been any widespread abuse, I believe we would have become aware of this issue much earlier. Great. Tim, that you have figured out and fixed the vulnerability.
What are you going to do about such lowlifes? We could consider requiring mandatory password changes every couple of months, but that is probably not very popular with most users. So, I believe that falls into the realm of the internet being a scary place and to always be guarded, i.e., to use different passwords for different places and to change them once in a while. Of course, me too is guilty of not doing so at all times.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Maybe we need to consider to encrypt password.
Nobody should be able to decrypt it, even users can only reset, not recover.
Sam
re: The Stamporama website has been hacked. PLEASE READ NOW.
Sam,
You and I had the same thought. I'm looking into encrypting the passwords now.
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
"Makes you wonder what these idiots get out of doing stuff like that."
re: The Stamporama website has been hacked. PLEASE READ NOW.
PW changed! Thanks for the warning!
biggeorge
re: The Stamporama website has been hacked. PLEASE READ NOW.
For all those sites that want a password but cannot hurt me - for example, a newspaper that requires a log-in but does not have my credit card - I use a single password.
At last count, there were dozens & dozens of such sites using that non-critical, non-financial, pretty-much-zero-impact password.
The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
I've tried password-generating software but, frankly, did not like the results, as I have to save the whole password in a convenient electronic place, and having a document on my desktop with a long list of URLs and passwords does not appeal to me.
Without giving away your family jewels, how do you manage your flock of passwords?
Cheers,
/s/ ikeyPikey
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed mine!
Thanks for the warning!
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks for keeping us all on our toes, Tim. Password(s) changed. We get too lax with changing them periodically.
re: The Stamporama website has been hacked. PLEASE READ NOW.
"The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
"
re: The Stamporama website has been hacked. PLEASE READ NOW.
Back from current trip....Thanks have changed PW
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed mine, thanks for the warning Tim.
If anyone is using Firefox, all your saved passwords are available to see. Go to Options in the menu (3 bars) icon, top right of screen. Click on security, passwords and view passwords.
Personally I keep mine in a book that is then hidden within other papers but mostly memory works well after a few entries.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Password changed - thanks for the info.
James
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks Tim............I'm changed
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed mine, too!
re: The Stamporama website has been hacked. PLEASE READ NOW.
Done!
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thank you for Tim
all changed now!!!
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed. Thanks for the email!
Mark
re: The Stamporama website has been hacked. PLEASE READ NOW.
Passord changed... thank-you for your diligence!
David
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks to SOR adminstrators for being open about this and addressing this so quickly!
I will add the following. I noticed an uptick in the number of spoofed emails from SoR members over the past 2 weeks. Oftentimes, the mailbox is actually correct but the domain name is different. The spoofing appears pretty convincing, otherwise, because they are using our full names rather than our username handles. I was concerned about this enough to contact at least one SoR member about this.
I think now I know why the uptick in the spoofed emails.
So please be advised to be extra careful to check the domain name in any emails you think you are receiving from SoR members. I'm not saying toss any emails from SOR members, but that you should check to make sure the domain name is the same as in the emails you received from them in the past.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed - thank you !!
re: The Stamporama website has been hacked. PLEASE READ NOW.
Like khj, I've also gotten e-mails that seemed to come from SOR members; however, unlike real messages these latest e-mails have been routed to my spam box rather than my inbox. I'm not sure how the Yahoo spam filters detect the difference, but I've made a note not to open any items in the spam box. The two I did open didn't appear to have any clickable links, but had nothing to do with stamps. I've also changed my password.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks, Tim for catching this quickly and closing the entry hole the hackers accessed. Keep up the good work.
Got my p/w changed.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Just changed mine. Thanks Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Password changed....
Anyway, as online security is part of my profession, I've got two (ok, three) suggestions
1) instead of asking users to change password, the system/admins should automatically update everybody's password in situations like this. Then ask users to simply reset their password (using email based opt-in/confirmation system). That way any further damages are immediately prevented instead of relying whether or not all users read the notification.
2) Hashing passwords in database is MUST DO action. Storing passwords as plain text (or with simple encryption) has been big no-no for the past decade. (Again, if it requires resetting everybody's passwords, so be it. )
3) In addition of member details, I'm bit worried if also private messages have been affected/leaked as well? Personally I would never share any sensitive information (such as credit card details) using anything as insecure as email or members messages, but I do know for a fact that some collectors do so.... If the messages have leaked as well, then it might be a good idea to ask users to kill their credit cards if they have shared their credit card details using private/members messages.
Just my 5 cents worth,
-k-
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Scb,
Thanks for your suggestions. It is much appreciated especially as you are an IT professional. Below are some comment/explanations re your comments.
1. As we stand today I don't have a way for a member to change their password unless they are logged in. If I globally changed everyone's password, which would have addressed the initial security breach, no-one would have been able to login. It was quickest to ask everyone to help get them changed.
2. I'm working today on implementing password encryption across all membership records so that even if someone manages to hack-in again, they will not be able to read the passwords.
3. I don't think that they got to the private messages, but I can't be sure. We should all keep a close eye out for anything strange.
Thanks again for you your comments.
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks for the information. My password is changed.
Appreciate all the hard work that has to be done.
Suzanne
re: The Stamporama website has been hacked. PLEASE READ NOW.
Password changed, but I wonder if other sections on the system have been affected.
Tony
re: The Stamporama website has been hacked. PLEASE READ NOW.
"... Famous last words ..."
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks Tim. PW changed
Greg
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed - and I changed my password on all of my other selling sites that use the same email. At least my PAYPAL account I had already set up with a different password because I have been hit there a few times.That is the one that could cause the most issues - if they could get into there with the password from here.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Tim,
Thanks for the warning - password changed
Merv
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed my PW too
re: The Stamporama website has been hacked. PLEASE READ NOW.
Done. Thanks for spotting the problem so soon, and hopefully no harm done to any members.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks for the quick heads up on this Tim! PW changed.
Was our street addresses post on the site too? Stamporama is the only stamp forum I belong too that requires a street address for membership.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Brian,
No the street addresses were not posted on the hacker site.
Regards ... Tim
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Tim,
Thanks for securing the site and plugging the leak. I am just wondering what exactly showed up on the hacker site?
All the best,
Alyn
re: The Stamporama website has been hacked. PLEASE READ NOW.
Ikey-Pikey said;
"Without giving away your family jewels, how do you manage your flock of passwords?"
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks Tim. Job well done!
re: The Stamporama website has been hacked. PLEASE READ NOW.
Well, this is ONE way to find out who is still active around here!
LOL
Randy
re: The Stamporama website has been hacked. PLEASE READ NOW.
Great one, Randy!
PW changed. Mine was unique to SOR.
I too have received spoof email from supposedly SOR members. Arrived in my Spam. Didn't open the attachment, deleted the message, and performed an in-depth scan. No infection was found.
re: The Stamporama website has been hacked. PLEASE READ NOW.
PW changed. Thanks for the update
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed. Thanks
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Tim;
Changed my password too....
TuskenRaider
re: The Stamporama website has been hacked. PLEASE READ NOW.
I am getting e mails from auction houses i am not familiar with..we may have been spread around the philatelic community !
re: The Stamporama website has been hacked. PLEASE READ NOW.
"Without giving away your family jewels, how do you manage your flock of passwords?"
re: The Stamporama website has been hacked. PLEASE READ NOW.
I got the rest of mine about 30 minutes ago. I wondered about that as well but it was mentioned that there is an automatic extension of a lot if there is a bid within a certain time of the lot ending. I was not aware of that feature.
Greg
re: The Stamporama website has been hacked. PLEASE READ NOW.
Brian and Greg,
With the bulk email that I sent out yesterday re the website getting hacked, there was a big backup of emails to send. Brian, you have all your emails now, right?
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Brian,
I'm not sure what has happened to your auction emails. It all looks OK on the server. Could you please check your spam/junk folders in your email program?
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks for the email and notification. PW changed!
Vince
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi all, I only just received the info this morning, Monday.
I could not log in(password invalid) so have created a new profile/username/password.
All my internet registrations/passwords are in software from coffeecup.com
Its called "Lockerbox" check it out, it works. Different passwords generated by the software. I have been using it for a long time. So in short, every internet account I use has a different password.
To get any of my info one would have to hack my personal computer and then hack lockerbox.
On forums I always use a postal address of a Jail/Goal, after all I would say any communication on Forums is by email.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Bicolor04,
Of course, creating a new username/profile will wipe out your history here (history of lots sold and won, invoicing, discussions you participated under your old name etc. etc. etc.). It will also duplicate our member count (?). Better really not to become a 'new' member, but to use the "change password" function for your old username, which is now located below the login box. Perhaps Tim should make the link a little more prominent to avoid that members believe they must create new profiles.
Arno
re: The Stamporama website has been hacked. PLEASE READ NOW.
I put a note on each of the Login screens to bring peoples attention to the Forgotten Password link.
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
I've been using LastPass for several years now. It's a great password generator and password vault program. You need to remember only one password - that's the one to access LastPass itself.
There is a free version available. I use the premium version ($12/year) so that I can access my passwords on my phone and tablet.
Please forgive me if it isn't appropriate to give publicity to other programs here.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi David,
It is all good. LastPass sounds like a solution that would work for many of our members.
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
...in the end, I changed it!!
re: The Stamporama website has been hacked. PLEASE READ NOW.
If you have trouble remembering passwords AND serial numbers AND other data numbers...........::
The password holder "Web Confidential" works very well for me also "PassDiary" for iPad and iPhone work in the same way................
Cheers
Steve.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Milko,
Don't I know you from somewhere else?
Steve.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi, Thanks for the email. Pasword successfully changed. Please note that skymem does not want confidential data on their website and according to their faq you can delete documents from their site by clicking on the Remove Button above each document. Don't know if that's true. You cana lso remove data from google search results, etc.
http://www.skymem.com/faq
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Jim,
You are quite correct. I did make use of their "Remove" function. They don't guarantee that the data will stay removed, so I'm keeping an eye on it every couple of days.
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Not sure if related but note a debit of $24.10 on my Visa account dated today from a source I do not recognize.. It shows as pending so no use calling until Monday. I of course did not have this card # as part of my information on here but maybe someone used my password to access my account.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi,
I had not reset the password earlier but it was working fine till today when I was unable to login to SOR.My password was saved so whenever I used to open SOR it always used to open the page with me logged in, but today it was not logging me in. I remembered my password but still it was not logging me in with my password. So, I had to reset the password and log in again.
Few questions to Admin:
1. Can anyone change my password without any email communication to the email address which is updated in SOR.
2. Assuming someone hacked the password of SOR and changed the email address from my profile, would not be an email communication sent to the earlier email ID which was there providing the info that your email address has been changed.
3. As I worked in the technical field earlier in server-networking,curious to know was there any technical gap which was opened when we were moved from the old to the new server of SOR.
4. We discussed about encryption, any update on it.
Thanks
Auro
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Boseauro,
Here are the answers to your questions:
1. Only you can change your password either by using the Change Password function in the members area or by using the Forgot Password link on the Login page.
2. Had your email address been changed?
3. We don't know if any technical gap that was opened up by moving to the new server.
4. All passwords are encrypted.
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Tim,
Thanks for your response.
Coming back to my first question:
When we change our password, is there any email communication sent? In this case I did not get any email when my password was changed,so I probably assuming my password was compromised.
After I reset my password it is working fine now.
Thanks
Auro
re: The Stamporama website has been hacked. PLEASE READ NOW.
Tim,
Please excuse me if these questions were already answered. I didn't see it if it was.
I just did a google search for my email address and I found where my email address, password and phone number were on the skymem website. Is there any way to get it off of there or is it just "tough luck"?
I saw the previous answer to this question, thanks.
Also, what else did they get? Do they have my name and address? I couldn't tell from what I saw.
What in the world is skymem.com anyway?
Thanks in advance,
-Ernie
re: The Stamporama website has been hacked. PLEASE READ NOW.
My old one is still listed in Google search too.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Ernie,
Skymem.com seems to be a website where hackers like to post their scalps (if you will excuse the term). If you are seeing a page on their website with your details, there should be a Remove button that you can use. I have done so and I thought that it had removed all of our information. I did a search using your email address and it seemed to be removed, but that could just have been the view that Google is giving me. Try clicking on the Remove button.
Regards ... Tim
re: The Stamporama website has been hacked. PLEASE READ NOW.
I think the data is still in the Google cache, but no longer on the Skymem site. I checked for my info, and that's what happened. Showed up in the Google search, but did not show up on the Skymem site.
re: The Stamporama website has been hacked. PLEASE READ NOW.
I am very disappointed by the lack of security on this site. This is not the first issue I have had with the site and must consider it the third strike.
I would hope that Tim would continue to check skymem.com to be sure our information is not re-posted. I am not sure we have heard the last of this yet.
How can I have my personal information removed from StampoRama? I no longer care to be a member of this site. Please advise me on how to proceed and how to document that my personal data is removed from this site.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Charlie,
There is no personal data on Stamporama that anyone with even a beginner's knowledge of the internet could not find out elsewhere. Anyone who believes that their private lives are safe from intrusion by a determined data miner is living in a fool's paradise. The internet is a dangerous place, but then so are the dark alleys of most of our cities. Good luck trying to find a safe haven on the WWW, you have a monumental task before you!
re: The Stamporama website has been hacked. PLEASE READ NOW.
" Anyone who believes that their private lives are safe from intrusion by a determined data miner is living in a fool's paradise."
How very true. Remember when many people put their social security numbers on their checks and the police recommended that you engrave your social security number on expensive items?
Now we are told to do whatever it takes to keep that number from anyone and to make sure you don't carry your social security card in your wallet. And yet the government uses your social security number for your Medicare number and you are supposed to carry that card with you. Add in that it appears on all of your medical records which cannot be referred to as "secure" by any stretch of the imagination.
Try tracking down an old classmate on the internet - you can usually find them easily. Even the difficult ones who have moved several times can generally be found in less than half an hour.
re: The Stamporama website has been hacked. PLEASE READ NOW.
@cfc1967,
I understand your frustration. We have done everything that we can to secure the website, but we are not hackers and don't have the same type of knowledge as the people who broke into the website. My focus has always been on building not breaking. I continue to look for possible break-ins on a regular basis and I scan the internet to try and find our private information out there. But don't just leave this to me. I strongly encourage you to to be scanning the internet for your personal information. Do regular Google scans for your email address. This was how Arno originally discovered that we had been hacked.
Regards ... Tim.
re: The Stamporama website has been hacked. PLEASE READ NOW.
The SOR is highly unstable today. I am unable to post elsewhere, and only after 1/2 hour of tries can I hope to issue this warning. Highly unstable. Login, edit, posts etc all seem to have issues.
Started at 10:30 am more or less CA time.
Rrr. Posting now in desperation before loosing the connection.