Discussion - Member to Member Sales - Research Center
Discussion - Member to Member Sales - Research Center
We discovered over night that the Stamporama website has been hacked and data from the membership database has been taken. All of our emails, password and phone numbers were posted on a website called skymem.com on Sept 21. Arno found this after investigating Alyn's post re his password having been changed by someone. I have requested that the information be taken down from the skymem.com website, but it could well be posted there again. We have no knowledge about the stolen information being used apart from the fact that it was posted on the skymem site.
I believe that I have found where they got in and have closed the security hole. I apologize sincerely that the security hole existed and that I hadn't caught it before.
It is very important that you go onto the Members Area and change your password. Even more important than that, if you use the same password that you use on Stamporama on other websites, especially if you use the same email address on those other websites, you should go and change your password on those websites. This is especially important if you use your stamporama password for any banking websites etc.
To change your password on Stamporama, login and go to the Members Area and use the "Change Password" function, which is right underneath the Edit Profile function. Please let me know if you need help.
I have sent this message out to all active members, except those who have unsubscribed from the bulk emails.
Regards ... Tim.
4 Members
like this post.
Login to Like.
Thank you, Tim -
I'm sure I speak for others in saying we appreciate your prompt response in this.
...password changed!
Randy
3 Members
like this post.
Login to Like.
me2. thanks.
Login to Like
this post
Makes you wonder what these idiots get out of doing stuff like that. They ought to get a job! 
Anyway, my p/w now changed. Thanks for the update.
Login to Like
this post
pw changed --thanks, Tim.
I am concerned that members who do not read the DB will not know of this. Is there any way to do a mass email?
BOB
Login to Like
this post
Hi Bob,
There is an email going out to all active members right now (except to the members who have unsubscribed to the bulk emails). I have also posted the message on the SOR Facebook page.
Tim
Login to Like
this post
If there had been any widespread abuse, I believe we would have become aware of this issue much earlier. Great. Tim, that you have figured out and fixed the vulnerability.
What are you going to do about such lowlifes? We could consider requiring mandatory password changes every couple of months, but that is probably not very popular with most users. So, I believe that falls into the realm of the internet being a scary place and to always be guarded, i.e., to use different passwords for different places and to change them once in a while. Of course, me too is guilty of not doing so at all times.
Login to Like
this post
Maybe we need to consider to encrypt password.
Nobody should be able to decrypt it, even users can only reset, not recover.
Sam
Login to Like
this post
Sam,
You and I had the same thought. I'm looking into encrypting the passwords now.
Regards ... Tim.
Login to Like
this post
"Makes you wonder what these idiots get out of doing stuff like that."
If anything, practice for the big money hack jobs later. Scumbags, nonetheless.
This a good reason to update passwords on a regular basis and to use different ones on different sites.
Peter
Login to Like
this post
PW changed! Thanks for the warning!
biggeorge
Login to Like
this post
For all those sites that want a password but cannot hurt me - for example, a newspaper that requires a log-in but does not have my credit card - I use a single password.
At last count, there were dozens & dozens of such sites using that non-critical, non-financial, pretty-much-zero-impact password.
The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
I've tried password-generating software but, frankly, did not like the results, as I have to save the whole password in a convenient electronic place, and having a document on my desktop with a long list of URLs and passwords does not appeal to me.
Without giving away your family jewels, how do you manage your flock of passwords?
Cheers,
/s/ ikeyPikey
1 Member
likes this post.
Login to Like.
Changed mine!
Thanks for the warning!
Login to Like
this post
Thanks for keeping us all on our toes, Tim. Password(s) changed. We get too lax with changing them periodically.
Login to Like
this post
"The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
"
Famous last words.
Login to Like
this post
Back from current trip....Thanks have changed PW
Login to Like
this post
Changed mine, thanks for the warning Tim.
If anyone is using Firefox, all your saved passwords are available to see. Go to Options in the menu (3 bars) icon, top right of screen. Click on security, passwords and view passwords.
Personally I keep mine in a book that is then hidden within other papers but mostly memory works well after a few entries.
Login to Like
this post
Password changed - thanks for the info.
James
Login to Like
this post
Thanks Tim............I'm changed
Login to Like
this post
Changed mine, too!
Login to Like
this post
Done!
Login to Like
this post
Thank you for Tim
all changed now!!!
Login to Like
this post
Done thanks !
Login to Like
this post
Changed. Thanks for the email!
Mark
Login to Like
this post
Passord changed... thank-you for your diligence!
David
Login to Like
this post
Thanks to SOR adminstrators for being open about this and addressing this so quickly!
I will add the following. I noticed an uptick in the number of spoofed emails from SoR members over the past 2 weeks. Oftentimes, the mailbox is actually correct but the domain name is different. The spoofing appears pretty convincing, otherwise, because they are using our full names rather than our username handles. I was concerned about this enough to contact at least one SoR member about this.
I think now I know why the uptick in the spoofed emails.
So please be advised to be extra careful to check the domain name in any emails you think you are receiving from SoR members. I'm not saying toss any emails from SOR members, but that you should check to make sure the domain name is the same as in the emails you received from them in the past.
Login to Like
this post
Changed - thank you !!
Login to Like
this post
Like khj, I've also gotten e-mails that seemed to come from SOR members; however, unlike real messages these latest e-mails have been routed to my spam box rather than my inbox. I'm not sure how the Yahoo spam filters detect the difference, but I've made a note not to open any items in the spam box. The two I did open didn't appear to have any clickable links, but had nothing to do with stamps. I've also changed my password.
Login to Like
this post
Thanks, Tim for catching this quickly and closing the entry hole the hackers accessed. Keep up the good work.
Got my p/w changed.
Login to Like
this post
Thanks, changed this one and 3 others that were minor.
1 Member
likes this post.
Login to Like.
Hi Everyone,
We discovered over night that the Stamporama website has been hacked and data from the membership database has been taken. All of our emails, password and phone numbers were posted on a website called skymem.com on Sept 21. Arno found this after investigating Alyn's post re his password having been changed by someone. I have requested that the information be taken down from the skymem.com website, but it could well be posted there again. We have no knowledge about the stolen information being used apart from the fact that it was posted on the skymem site.
I believe that I have found where they got in and have closed the security hole. I apologize sincerely that the security hole existed and that I hadn't caught it before.
It is very important that you go onto the Members Area and change your password. Even more important than that, if you use the same password that you use on Stamporama on other websites, especially if you use the same email address on those other websites, you should go and change your password on those websites. This is especially important if you use your stamporama password for any banking websites etc.
To change your password on Stamporama, login and go to the Members Area and use the "Change Password" function, which is right underneath the Edit Profile function. Please let me know if you need help.
I have sent this message out to all active members, except those who have unsubscribed from the bulk emails.
Regards ... Tim.
4 Members
like this post.
Login to Like.
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thank you, Tim -
I'm sure I speak for others in saying we appreciate your prompt response in this.
...password changed!
Randy
3 Members
like this post.
Login to Like.
re: The Stamporama website has been hacked. PLEASE READ NOW.
me2. thanks.
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Makes you wonder what these idiots get out of doing stuff like that. They ought to get a job!
Anyway, my p/w now changed. Thanks for the update.
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
pw changed --thanks, Tim.
I am concerned that members who do not read the DB will not know of this. Is there any way to do a mass email?
BOB
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Hi Bob,
There is an email going out to all active members right now (except to the members who have unsubscribed to the bulk emails). I have also posted the message on the SOR Facebook page.
Tim
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
If there had been any widespread abuse, I believe we would have become aware of this issue much earlier. Great. Tim, that you have figured out and fixed the vulnerability.
What are you going to do about such lowlifes? We could consider requiring mandatory password changes every couple of months, but that is probably not very popular with most users. So, I believe that falls into the realm of the internet being a scary place and to always be guarded, i.e., to use different passwords for different places and to change them once in a while. Of course, me too is guilty of not doing so at all times.
Login to Like
this post
10:19:35am
re: The Stamporama website has been hacked. PLEASE READ NOW.
Maybe we need to consider to encrypt password.
Nobody should be able to decrypt it, even users can only reset, not recover.
Sam
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Sam,
You and I had the same thought. I'm looking into encrypting the passwords now.
Regards ... Tim.
Login to Like
this post
11:05:49am
re: The Stamporama website has been hacked. PLEASE READ NOW.
"Makes you wonder what these idiots get out of doing stuff like that."
If anything, practice for the big money hack jobs later. Scumbags, nonetheless.
This a good reason to update passwords on a regular basis and to use different ones on different sites.
Peter
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
PW changed! Thanks for the warning!
biggeorge
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
For all those sites that want a password but cannot hurt me - for example, a newspaper that requires a log-in but does not have my credit card - I use a single password.
At last count, there were dozens & dozens of such sites using that non-critical, non-financial, pretty-much-zero-impact password.
The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
I've tried password-generating software but, frankly, did not like the results, as I have to save the whole password in a convenient electronic place, and having a document on my desktop with a long list of URLs and passwords does not appeal to me.
Without giving away your family jewels, how do you manage your flock of passwords?
Cheers,
/s/ ikeyPikey
1 Member
likes this post.
Login to Like.
11:25:00am
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed mine!
Thanks for the warning!
Login to Like
this post
11:36:35am
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks for keeping us all on our toes, Tim. Password(s) changed. We get too lax with changing them periodically.
Login to Like
this post
11:54:00am
re: The Stamporama website has been hacked. PLEASE READ NOW.
"The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
"
Famous last words.
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Back from current trip....Thanks have changed PW
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed mine, thanks for the warning Tim.
If anyone is using Firefox, all your saved passwords are available to see. Go to Options in the menu (3 bars) icon, top right of screen. Click on security, passwords and view passwords.
Personally I keep mine in a book that is then hidden within other papers but mostly memory works well after a few entries.
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Password changed - thanks for the info.
James
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks Tim............I'm changed
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed mine, too!
Login to Like
this post
12:32:58pm
re: The Stamporama website has been hacked. PLEASE READ NOW.
Done!
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thank you for Tim
all changed now!!!
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Done thanks !
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed. Thanks for the email!
Mark
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Passord changed... thank-you for your diligence!
David
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks to SOR adminstrators for being open about this and addressing this so quickly!
I will add the following. I noticed an uptick in the number of spoofed emails from SoR members over the past 2 weeks. Oftentimes, the mailbox is actually correct but the domain name is different. The spoofing appears pretty convincing, otherwise, because they are using our full names rather than our username handles. I was concerned about this enough to contact at least one SoR member about this.
I think now I know why the uptick in the spoofed emails.
So please be advised to be extra careful to check the domain name in any emails you think you are receiving from SoR members. I'm not saying toss any emails from SOR members, but that you should check to make sure the domain name is the same as in the emails you received from them in the past.
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Changed - thank you !!
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Like khj, I've also gotten e-mails that seemed to come from SOR members; however, unlike real messages these latest e-mails have been routed to my spam box rather than my inbox. I'm not sure how the Yahoo spam filters detect the difference, but I've made a note not to open any items in the spam box. The two I did open didn't appear to have any clickable links, but had nothing to do with stamps. I've also changed my password.
Login to Like
this post
02:26:13pm
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks, Tim for catching this quickly and closing the entry hole the hackers accessed. Keep up the good work.
Got my p/w changed.
Login to Like
this post
re: The Stamporama website has been hacked. PLEASE READ NOW.
Thanks, changed this one and 3 others that were minor.
1 Member
likes this post.
Login to Like.