Image of the day

From the
ATWB Customer Gallery

NGC 2170

My Account

New to Astromart?

Register an account...

Need Help?

Astronomyforum.net user details leaked. Please cha

Started by cathalferris, 08/12/2012 02:25PM
Posted 08/12/2012 02:25PM Opening Post

(unsure where to post this one properly, mods please move to the most appropriate location.)

Here's an example of how not to deal with security breaches with an online forum. I've told one forum they have a security problem and their reaction was to permaban me.

I use specific and separate email addresses for each web forum I sign up to. This allows me to segregate my email, and a side effect is that I get to see when a third party gets access to the email address.

Sometimes it's because the forum owners have sold the email list. Most often though it's an indication that the forum has had a security breach and the details of the users has been leaked to third parties. Selling the lists doesn't happen that much anymore, but happened a few times with my college email address back over a decade ago. Third parties that take advantage of security vulnerabilities to get the email list often get other useful information such as passwords or hashes of passwords, which could allow access to other accounts that the users have access to, if they use the same username and password across many web forums. It's bad practice but most people don't understand why it's bad.

I signed up to astronomyforum.net back in 2009, but I wasn't an active member as I spend too much time on here, and on CN, and on Stargazers Lounge. This morning I started receiving spam mails being sent to the email address that I used to sign up to the astronomyforum.net forums. So like any good net citizen I posted up on that forum warning them that it appeared that their user's email list was leaked to a third party. My posting was not the only posting noting that the forum-specific emails were being used to spam the users.

The moderators choice of how to deal with this? Permanent banning.

"You have been banned for the following reason:
supposed email problems
Date the ban will be lifted: Never"

Way to go to show that they support their users, if they ban anyone trying to help them to see that there is an issue. Personally, I'm not that bothered as I was a lurker on the site, but I think that a lot of people could be affected.

So, if you have an account on astronomyforum.net *please* go and change your password, and if you use that password on any other web forums, change those too. Please pass the message on in case others do not know that the user database has most likely been breached.
Posted 08/12/2012 07:27PM #1
Many thanks for this warning.

Good general advice.

Clears,
Joe

In lumine tuo videbimus lumen.

8O Home-made 10” Dob / Home-made 4” refractor

EPs: Konig 32mm (1.25") / Zhumell WF 30mm (2") / Nagler 13mm T1 / Orion Sirius Plossls 25 & 10mm / Zhumell Plossl 9 mm / Meade MA 9mm