The hackers are currently working fervently with their gathered information to find a way to search multiple time in two minutes!
Have the mods changed the log out timer? Every time I come back to the SDMB via a new browser tab I have to log in again. It used to be if I’d checked the “remember me” box on login I could close and open a tab and the board would remember I’d logged in. I’m OK with having to log in all the time, but I chose a random password and it’s a minor annoyance. Much more minor than having my info stolen or my other accounts hacked!
There’s nothing. I went hunting, couldn’t find it. No biggie, I only use Tapatalk® for accessing two message boards. It won’t kill me if I have to reinstall. But that’s a fine idea. Lemme try that now !
It worked. Thank you, good idea.
It just occurred to me that this might be why I got spam in my Google Hangouts for the first time ever. One “Blanche Mings”, at blanchem589@gmail.com, who sports an improbable pair of “chesticles” barely restrained by a much-too-small bikini top. I’ve banned her (and her portable flotation devices) from my Google Hangouts and reported the account to gmail. Three messages from that account in about 12 hours, a day or so AFTER my password was already changed.
So anyway, one of the things the hackers may have been going for was simple email harvesting. We’ve all gotten stuff “from” people we know (I’m pretty sure my husband, for example, has never sent me a link to an unknown site with no comment). I’d bet we see more of this in the upcoming weeks.
ETA: no qualms whatsoever about posting that name and email. A google search turns up zero hits (though that’ll change once the bots hit this thread), and the only person of that name has apparently been dead for 25 years.
Where did the HACK originate from?
Well… it’s nice to be back, just to change your password.
Changed mine as well.
Most of the time I just scan the threads without logging in; I figure that it saves me the temptation of spending three hours responding to things instead of doing what I’m supposed to be doing. Usually, it’s the right call, as historical surveys do not write themselves …but I think that the next time I find myself mindlessly re-editing the same #@^&@&#$ paragraph in my work in progress for the third !*&^@!&# time, I’m going to log in here instead of cough Faceberk.
More intelligent company, and no chance of posting something which will annoy my mother.
Your mother deserves to be annoyed. Give in to the Dark Side, young Hobbit… We have cookies. [/DV]
Likely =|= always.
Which is why I said “likely” instead of “always”. That said, I guarantee that my passwords are better than yours.
I also (foolishly) used the same email and password for Twitter as for the SDMB.
I didn’t get the random feed subscriptions, but a few days ago my account did start sending out spam in DMs to most of my followers. Fortunately I was alerted to it within a few minutes and quickly changed my password (the hackers hadn’t changed it).
Now I’m racking my brains trying to think of any other sites that I use the same combo for. I think all my banking sites are safe because (a) I don’t log on using my email, and (b) they tend to require bank-generated passcodes.
If they were able to login to your twitter account then, unless it was a coincidental hack, that means they’ve been able to crack the passwords.
Must admit this was a real PITA for me – changed most of my log-ins and since I had the Firefox password saver off, for the life of me I couldn’t remember all 2,000 of them when it came back to log-in again. Finally coughed-up for RoboForm and back to normal.
What a freaking week of set and resets and e-mails!
Why did you need to change all of your passwords? Unless you did it as part of a general maintenance that you normally do, if they are different than the password you use here they wouldn’t be affected.
I only use/d three/four variations 
Correction: It means they’ve been able to crack that particular password. That says nothing at all about whether they’ve been able to crack other passwords. A truly secure password will remain secure, even though the attackers have the password file and have cracked some of the other passwords in it.
Are not all the passwords in the stolen file encrypted in the same manner?
Okay, where am I at here? I use the same password for SDMB as for a lot of low/medium-security stuff like message boards that I like, and I use the same yahoo email for some but not all of the same. I don’t use this username anywhere else, and I use different and better passwords for anything to do with money.
Does this hack put me at any real risk? I’d might as well change this password because it’s ancient anyway, but is my email address on various sites actually something that hackers can find out easily without having to hack those sites too?
They are, but that’s not how passwords are cracked. Hackers aren’t somehow finding the “key” that allows them to decrypt every password. (And to be exact, the passwords are hashed, which is different than encrypted.)
The article linked upthread is a great look at how passwords are cracked, and will demonstrate why cracking some doesn’t mean cracking all.
Thanks, Troutman.