Announcement

Collapse
No announcement yet.

Important Announcement: Developer update regarding recent forum attack and password reset email

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Important Announcement: Developer update regarding recent forum attack and password reset email

    Hi there Smurfs' Villagers,

    Recently a hacker attack could have compromised portions of the vBulletin forum software that we use. These attackers took advantage of a newly discovered exploit in the vBulletin Software platform that spread quickly on the internet. As a result, these third parties may have gained access to parts of our forum user database.

    During the attack, we acted quickly to limit potential damage and were successful in stopping things before they escalated. For everyone's protection, and to conduct maintenance and software upgrades, we made the choice to take down the forums. During the downtime, we implemented a software fix released by vBulletin to close the previously mentioned exploit and prevent it from being used in the future. The forum is once again secure, and we will remain ever vigilant going forward.

    Since everyone's account user data contains an e-mail address, password, and birthdate (if specified), we sent out a mass email advising everyone who was registered to monitor their forum account for irregularities from now on as a precaution. Furthermore, we highly recommend that all members immediately change their passwords not only for their forum account but wherever else they may have used the same password.

    If you have any trouble changing your password, please contact our Customer Support Team.

    We're sorry for any inconvenience this may cause,

    The Bongfish and PopReach Teams

  • #2
    Tagging you Phil Teo, Nestof3, skydiver118, and debbles smurf. Please see the message above regarding the email you recieved.

    Comment


    • Phil Teo
      Phil Teo commented
      Editing a comment
      Thanks Spelling Bee~ Glad to know this is in place.

    • Rjunior
      Rjunior commented
      Editing a comment
      Thank you Spelling Bee!

  • #3
    Tamsharleycat Please see this topic.

    Comment


    • #4
      I did not see a notice about this posted to your Facebook page. Will you be posting something soon? Many people rely on Facebook and not the forum for information. Thanks!

      Comment


      • #5
        Thanks Spelling Bee for the follow up. Now I know for sure that the email I received was genuine. Not everyone is on Facebook - certainly not me - and I come here to the Forum for updates, so I really appreciate it.

        Comment


        • #6
          Am I the only one to suddenly find that whole conversations with different people are missing from my Private Message inbox and sent areas?

          Comment


          • Chat noir
            Chat noir commented
            Editing a comment
            Also...and Twinkiepie says not to worry, so I’m not, BUT I have sent a few PMs to forum members, and they’re not registering as ‘sent’ when I go back to the inbox...hope they’re getting through!

          • Chat noir
            Chat noir commented
            Editing a comment
            However, things do seem to be getting back to normal...so thank you, Bongfish and Forum teams, for looking after us so well!

          • Schtroumpfette
            Schtroumpfette commented
            Editing a comment
            Yes, Chat noir, I have lost all previous conversations except one, and that one is very recent.

        • #7
          Yeah! I’m back! 😃

          I don’t know if there may be other people who are having this problem that can’t get back here but I thought I would mention it.
          I tried resetting my password yesterday and got locked out. I sent a ticket, but tried again today and it went through!

          Comment


          • #8
            why am i getting another email saying that the forum was hacked? figured that was old news by now...

            Comment


            • SolipsismSmurf
              SolipsismSmurf commented
              Editing a comment
              10/11. just got it this morning. same type of email about hack and pw change. not like it matters, since i already changed my pw and stuff. but, just makes it a little weird getting another warning after all is supposed to be settled.

            • Cupcake
              Cupcake commented
              Editing a comment
              Yup, weird...

            • skydiver118
              skydiver118 commented
              Editing a comment
              I got two and they stopped once I changed my password. Maybe they keep sending them until you do that?

          • #9
            SolipsismSmurf Cupcake skydiver118 Hi all. There was a total of two emails sent out. One generated by the Forum, and one manually by Bongfish's IT Team. The initial forum one is taking a few days to reach everyone, while the second one sent by Bongfish went out instantly. If you've already changed your password, then you can disregard the second one you receive.

            Comment


            • #10
              I already changed my password after you had stopped the hacker so should be fine so will disregard the email that just arrived.

              Comment


              • #11
                Duplicated post
                Last edited by Irene GR; 10-16-2019, 07:40 AM.

                Comment


                • #12
                  I had sent an email to support about the password change when i got the email,days have passed without a reply so i am asking here.

                  Twinkiepie Spelling Bee which of our info might have been hacked? ,our Facebook account which exists in your database? What about other accounts like Google,GMAIL account,instagram ,mobile phone number? I do use some of them for professional activities, of course I have changed pass in this forum,on Facebook and on Instagram,but,my mobile number is used as a FB recovery,is it hacked?
                  Last edited by Irene GR; 10-16-2019, 07:41 AM.

                  Comment


                  • Twinkiepie
                    Twinkiepie commented
                    Editing a comment
                    Hey Irene GR I will get back to you about it after I have spoken to one of our developers

                • #13
                  Originally posted by Irene GR View Post
                  I had sent an email to support about the password change when i got the email,days have passed without a reply so i am asking here.
                  Irene GR Customer Support did receive your ticket on October 7th and sent you a reply on October 8th. Please check your inbox and spam settings.

                  Originally posted by Irene GR View Post
                  Twinkiepie Spelling Bee which of our info might have been hacked? ,our Facebook account which exists in your database? What about other accounts like Google,GMAIL account,instagram ,mobile phone number? I do use some of them for professional activities, of course I have changed pass in this forum,on Facebook and on Instagram,but,my mobile number is used as a FB recovery,is it hacked?
                  It cannot be said for certain that your account was in-fact compromised. While the perpetrators of the attack on the forum were able to make surface-level changes to the forum page and topics, those were easily reversed, and no permanent damage was done.

                  There has been no evidence or member reports indicating that the individuals responsible were able to successfully access the personal data from anyone's forum account. With that said, as a precaution, everyone with an account here on the forum is being asked to change their password. You are similarly being asked to change the password on any other website where you have also used the same email/password combination that you used here.

                  The primary personal data contained in your forum account is your email, birthday (if provided,) and the password you've chosen. It does not contain your phone number. To sum things up, just change your passwords on any applicable accounts you have, and that should minimize the potential risk.


                  Comment


                  • #14
                    Is that what the "pwned" message was about? I was so confused...

                    Comment


                    • Spelling Bee
                      Spelling Bee commented
                      Editing a comment
                      Yes, but as explained above, everything has been restored, and software fixes have been implemented. All you need to do now is change your password as a precaution.
                  Working...
                  X