RadioMan0520
Newbie
- Joined
- Nov 28, 2017
- Messages
- 1
I believe it is possible that RadioReference.com has been breached, most likely this forum. I am not only an ARRL member with a General license, but I am a certified Cyber Security Analyst. I deal with Cyber Security everyday. Here is what has happened:
Today, I received some common SPAM about "you are being watched, we have recorded video, ........ please submit bitcoin" .... This is obviously SPAM. No big deal. But what made it unique is that this one also had a Password in it that I have used in the past. Doing some digging, the only two places where I used that particular password with the email address that the SPAM came into, was Udemy.com (a website for education and one that teaches security so that I would hope it is not them) and register.RadioReference.com . I made my account with RR before I had my call sign but changed my account profile to use my callsign@arrl.net once I got it.
Now it seems that the forum.radioreference.com is administered separately because it is still using that older email address that got the SPAM and the same old Password that was reported in the SPAM email to log me in as RadioMan0520, (which I don't even remember setting up). Interestingly, I can also log in with my new call sign email address and a different password. I purposely logged in with the old one for this post to prove a point; it still exists when it shouldn't.
So I believe these forums got breached and that these forums are storing passwords in a PLAIN-TEXT format which is a huge no-no in the Cyber Security field. Another possibility is that there is an old database that is exposed on the Internet.
But this does need investigating.
Today, I received some common SPAM about "you are being watched, we have recorded video, ........ please submit bitcoin" .... This is obviously SPAM. No big deal. But what made it unique is that this one also had a Password in it that I have used in the past. Doing some digging, the only two places where I used that particular password with the email address that the SPAM came into, was Udemy.com (a website for education and one that teaches security so that I would hope it is not them) and register.RadioReference.com . I made my account with RR before I had my call sign but changed my account profile to use my callsign@arrl.net once I got it.
Now it seems that the forum.radioreference.com is administered separately because it is still using that older email address that got the SPAM and the same old Password that was reported in the SPAM email to log me in as RadioMan0520, (which I don't even remember setting up). Interestingly, I can also log in with my new call sign email address and a different password. I purposely logged in with the old one for this post to prove a point; it still exists when it shouldn't.
So I believe these forums got breached and that these forums are storing passwords in a PLAIN-TEXT format which is a huge no-no in the Cyber Security field. Another possibility is that there is an old database that is exposed on the Internet.
But this does need investigating.