Back to Pedigree Query
It is currently Sun Mar 24, 2019 12:59 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Mon Feb 25, 2019 10:01 am 
Offline
Starters Handicap

Joined: Sun Jan 30, 2005 7:49 pm
Posts: 728
Location: Nor Cal
Just received this message from Kredit Karma of this data breach and Kredit Karma informed me that the password I use to pay for my subscription with my credit card on this site has been hacked. Yes, they showed me my password, and I only use it for this site because it is of course a race horse related password! :) Change your password!


'Collection #2 is a combolist — someone put together info from individual data breaches and then shared that combined list publicly or on the dark web. This is one of a series of 5 'Collections' of combolists that were sold online in January 2019.

This collection has over 3 billion unique records, including millions of exposed emails and passwords. While much of the info came from previous breaches, several million records could be new.

Criminals use passwords from combolists to try to gain access to your other accounts. That’s why you should never re-use passwords, especially in places with sensitive personal or financial info — like your banking app, health insurance site, tax software, email account, etc.'


Top
 Profile  
 
PostPosted: Tue Mar 12, 2019 3:45 pm 
Offline
Site Admin
User avatar

Joined: Thu Sep 16, 2004 10:46 am
Posts: 41
Location: San Diego
Hi Jeff,

Thanks for bringing this to our attention. We take security very seriously and would like to know more information about this. We currently have absolutely zero indication that our services have been accessed by an unauthorized third party, so any claim to this is very important to us. Additionally, we hash all of our users' database passwords using a very secure modern hashing algorithm where it would be virtually impossible for someone to determine our users' plaintext passwords even if they were to be compromised.

I'd also like so say that I personally use a unique password for PQ and the PQ forums, and I have not received any notifications from the various security services that I am signed up for that the password I use for the forum or database is part of any password dumps. These services include Credit Karma and Troy Hunt's very reputable https://haveibeenpwned.com/

Lastly, I have spot checked many of our users' email addresses in Troy Hunt's https://haveibeenpwned.com service, and many of them *do not* appear in any breaches, which would indicate that our database has not been compromised in any way.

I'm not saying the email you received was not legitimate, but I'd like to make a note to anyone reading this that it's very important to be wary of scam/phishing emails that claim you are a part of a database breach. These emails will target random email addresses and try to extort money or bitcoin from the email owner.

With all that said, I have a few questions if you don't mind. Was this password used on our forum, database account, or both? Do you know the last time you changed your password on the PQ forum or database (prior to the supposed breach)? I know you mentioned that this password was unique to our website, but is it possible you accidentally entered this password into any other website while trying to log in? Lastly, is it at all possible your computer was/is compromised? If so, any information you enter into your browser is susceptible to being harvested by a malicious 3rd party.

Thanks again for bringing this to our attention. I will continue to dig to see if there's any indication that our services have been compromised, but as mentioned earlier we have no reason to believe this to be the case right now.

- Jeff


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group