Возможная утечка данных пользователей с WUS (watchuseek)
Надеюсь что никому ничего нового не сообщу, но, вдруг данная информация мимо кого-то прошла... Просьба перенести или удалить тему, если ошибся с разделом или информация уже проходила.
You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you. VerticalScope owns and operates a number of community websites. You are receiving this email because you are a registered user of the following community website(s) involved in the data breach:
forums.watchuseek.com
forums.watchuseek.com
What Happened?
On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.
What Information Was Involved?
Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.
What We Are Doing
We have invalidated passwords of all VerticalScope user accounts. We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security. We have implemented stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes. We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords). We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API's of the February breach to allow their own security teams to investigate. We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.
VerticalScope is taking steps to strengthen account security. We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security. We are taking steps to investigate and test new encryption and security technologies to further protect our users.
What You Can Do
To keep your account as safe as possible, we recommend that you regularly change your VerticalScope community password, and that you use a unique password for each of your online accounts. Using the same password for multiple online accounts significantly increases your chances of being compromised. Even though the passwords stolen in February were hashed, we recommend that if you were using (or are currently using) your VerticalScope community password across multiple online accounts, that you change your password for such other online accounts. We encourage you to regularly review your accounts and report any suspicious or unrecognized activity immediately.
For More Information
If you have any questions, please feel free to contact our Community Management team by email at cmsupport@verticalscope.com or on the website that you frequent. A support thread has been created on each website, and our support teams are on there to help you through the process and answer any questions you may have. A Notice of Data Breach is also available on community websites involved in the data breach.
This email was sent by VerticalScope Inc., 111 Peter Street, Suite 700, Toronto, ON, M5V2H1. If you have any questions regarding the communications you receive from us, please contact us.
Сначала не обратил внимания, подумал - наверное, спам, а затем всё-таки решил прочитать. Вкратце - с VerticalScope ушла база данных от февраля 2016 с логинами/почтой/хэшами паролей и, поскольку WUS использовал данный сервис, то, возможно, что утечка касается и их тоже.
до меня дошло но толку ноль, не могу установить новый пароль у них на сайте.
Я попытался под старым залогиниться - мне сообщили, что пароли сброшены, а новые разосланы всем на почту. Моё письмо в пути где-то потерялось , поэтому сбросил просто вот через эту форму, благо регистрационный e-mail не забыл: http://forums.watchuseek.com/login.php?do=lostpw
По идее, если доступ к e-mail есть, то после этой операции приходит письмо со ссылкой, нажав на которую (из письма) вы подтверждаете отправку нового пароля, который придёт уже в следующем. У меня так получилось.
Если, конечно, аккаунт не перерегистрирован на новый адрес, но без взлома старого это маловероятно... Если через форму не получится, единственное предложение - написать администрации WUS...