Security Incident - Please Change Your Password

[TailGator911]

Well, it's a good thing I saw this thread and went in and changed my password. I noticed my Premium Subscription had expired while I was on vacation! So, done and done.

JD
kf4anc

 

[N0ZQR]

I have done so and now I can’t login at all what do I need to do?

 

[wbswetnam]

So, do I also need to log out and log back into my Broadcastify account for my online feed?

 

[slicerwizard]

I have done so and now I can’t login at all what do I need to do?

You managed to create a post without logging in?

 

[trentbob]

BOBRR, when I tried to go to the database there was a easy prompt to change my password and it worked fine.

 

[DaveNF2G]

In a short time, any unchanged passwords will be "expired" by the system. Then you can change it right at the login prompt.

 

[simpilo]

Just because I have no camera on the computer for the perverted hacker I have changed my password. Takes a badly twisted sick mentally ill person to fabricate such emails and as sick in the head to hack people's websites for that pedophile purpose. I pray that individual gets thrown in prison.

 

[N0ZQR]

You managed to create a post without logging in?

Don't know! When I went back to look at the rest of the posts I could not get in. They fixed it for me now!

Thanks!!!

 

[V_A_R_I_A_B_L_E]

1. To reply in this thread, I was apparently able to log in with the same username (not my actual email address, in case that makes a difference) and password, and I was not prompted that my credentials had expired or that I needed to change to a new password. Is that correct? Do some people here type their full email address into the "username" field when logging in?

2. As also asked in post #43 by wbswetnam, will I need to log out of and back into my streaming feed that I'm currently providing/will the "auto expiration" plan (that, as I mentioned above, hasn't seemed to work on me) interrupt my streaming feed?

3. Does this incident also mean I need to beware of my changing login credentials for the trouble ticket system at radioreference.Zendesk.com? Or is this vulnerability limited to only the radioreference.com domain?

Thanks.

 

[blantonl]

1) Access your account at Your Account - you will be prompted to change your password there if your password needs changed

2) Yes, at some point you'll need to restart your feed to save the new login/password if you want it to properly auto-reconnect.

3) No change needed for Zendesk.

 

[V_A_R_I_A_B_L_E]

Ok, be advised that the link you posted (Your Account) does indeed prompt me to change my password, but clicking the "Log In" button (Log in) in the upper right of the screen while viewing this forum page did not...this allowed me to successfully log in with my old credentials. Clicking my own username (https://forums.radioreference.com/account/) in the upper right after I've already logged in also does not prompt me to change my password, just fyi.

 

[ScannerDude244]

2 step verification or even authenticator for an option for future use would be nice.

 

[kruser]

2 step verification or even authenticator for an option for future use would be nice.

See post #15 in the thread: Possible Security Breach of email addresses and passwords

Not sure they still offer it but probably worth a try if you really want it.

 

[doctordialtone]

2 step verification or even authenticator for an option for future use would be nice.

They offered it here:

Possible Security Breach of email addresses and passwords

 

[GTR8000]

Note that 2FA only applies to the forums; there is no 2FA currently available for the main RR login, or the wiki login, or Broadcastify login. Xenforo only. Still, it's better than nothing.

 

[Tech1]

I changed my password.

 

[Firekite]

MD5 has been broken for nearly a decade. It’s perplexing and disappointing that a site like this would use it for password hashes, unsanitized SQL insertion 101 vulnerabilities aside. Hopefully others take note and catch up. Even SHA1 has been deprecated for a couple of years now.

 

[N2AL]

I am very much displeased with RR!!! I never received ANY type of communication about my personal information, email and password, being compromised. RR could have at least sent an email, but saying how I am only now receiving messages with my password, I would make a strong assumption our information is being sold on the dark web.

 

[iMONITOR]

I have done so and now I can’t login at all what do I need to do?

Did you use the new password?

 

[iMONITOR]

I would make a strong assumption our information is being sold on the dark web.

Even if that were true, and I doubt it is, what would they be able to do with your password for Radio Reference?