Security Incident - Please Change Your Password

Status
Not open for further replies.

TailGator911

Silent Key/KF4ANC
Joined
Feb 12, 2005
Messages
2,687
Location
Fairborn, OH
Well, it's a good thing I saw this thread and went in and changed my password. I noticed my Premium Subscription had expired while I was on vacation! So, done and done. :)

JD
kf4anc
 

wbswetnam

Member
Premium Subscriber
Joined
Oct 11, 2005
Messages
1,810
Location
DMR-istan
So, do I also need to log out and log back into my Broadcastify account for my online feed?
 

trentbob

W3BUX- Bucks County, PA
Premium Subscriber
Joined
Feb 22, 2007
Messages
6,302
BOBRR, when I tried to go to the database there was a easy prompt to change my password and it worked fine.
 
D

DaveNF2G

Guest
In a short time, any unchanged passwords will be "expired" by the system. Then you can change it right at the login prompt.
 
S

simpilo

Guest
Just because I have no camera on the computer for the perverted hacker I have changed my password. Takes a badly twisted sick mentally ill person to fabricate such emails and as sick in the head to hack people's websites for that pedophile purpose. I pray that individual gets thrown in prison.:mad:
 

V_A_R_I_A_B_L_E

CIA Agent
Feed Provider
Joined
Aug 23, 2011
Messages
112
Location
Portland, OR
1. To reply in this thread, I was apparently able to log in with the same username (not my actual email address, in case that makes a difference) and password, and I was not prompted that my credentials had expired or that I needed to change to a new password. Is that correct? Do some people here type their full email address into the "username" field when logging in?

2. As also asked in post #43 by wbswetnam, will I need to log out of and back into my streaming feed that I'm currently providing/will the "auto expiration" plan (that, as I mentioned above, hasn't seemed to work on me) interrupt my streaming feed?

3. Does this incident also mean I need to beware of my changing login credentials for the trouble ticket system at radioreference.Zendesk.com? Or is this vulnerability limited to only the radioreference.com domain?

Thanks.
 

blantonl

Founder and CEO
Staff member
Super Moderator
Joined
Dec 9, 2000
Messages
11,269
Location
San Antonio, Whitefish, New Orleans
1) Access your account at Your Account - you will be prompted to change your password there if your password needs changed

2) Yes, at some point you'll need to restart your feed to save the new login/password if you want it to properly auto-reconnect.

3) No change needed for Zendesk.
 

V_A_R_I_A_B_L_E

CIA Agent
Feed Provider
Joined
Aug 23, 2011
Messages
112
Location
Portland, OR
Ok, be advised that the link you posted (Your Account) does indeed prompt me to change my password, but clicking the "Log In" button (Log in) in the upper right of the screen while viewing this forum page did not...this allowed me to successfully log in with my old credentials. Clicking my own username (https://forums.radioreference.com/account/) in the upper right after I've already logged in also does not prompt me to change my password, just fyi.
 

GTR8000

NY/NJ Database Guy
Database Admin
Joined
Oct 4, 2007
Messages
16,054
Location
BEE00
Note that 2FA only applies to the forums; there is no 2FA currently available for the main RR login, or the wiki login, or Broadcastify login. Xenforo only. Still, it's better than nothing.
 

Firekite

Member
Joined
Apr 2, 2019
Messages
471
MD5 has been broken for nearly a decade. It’s perplexing and disappointing that a site like this would use it for password hashes, unsanitized SQL insertion 101 vulnerabilities aside. Hopefully others take note and catch up. Even SHA1 has been deprecated for a couple of years now.
 

N2AL

Member
Joined
Apr 11, 2008
Messages
417
Location
Tennessee
I am very much displeased with RR!!! I never received ANY type of communication about my personal information, email and password, being compromised. RR could have at least sent an email, but saying how I am only now receiving messages with my password, I would make a strong assumption our information is being sold on the dark web.
 
Status
Not open for further replies.
Top