|
carolinarider09
|
 |
« on: March 30, 2021, 07:55:10 AM » |
|
Just logged in using my iPhone. Got the message in the title of this post. I will change the password when I get to a safe place. Anyone else get this message.
|
|
|
|
|
Logged
|
|
|
|
Valkorado
Member
Posts: 10493
VRCC DS 0242
Gunnison, Colorado (7,703') Here there be twisties.
|
|
« Reply #1 on: March 30, 2021, 08:10:35 AM » |
|
Both my vpn and Google flagged the site as compromised, and identified VRCC as potentially leaking user data to the dark web. I've been using a common password on a few sites I considered non essential, where no financial or paid service information was involved. The VRCC is one of those. I'll be changing my password immediately, and start mixing them up better.
|
|
|
|
|
Logged
|
Have you ever noticed when you're feeling really good, there's always a pigeon that'll come sh!t on your hood? - John Prine 97 Tourer "Silver Bullet" 01 Interstate "Ruby"  |
|
|
Wizzard
Member
Posts: 4043
Bald River Falls
Valparaiso IN
|
|
« Reply #2 on: March 30, 2021, 09:40:20 AM » |
|
this forum is on a platform that is pretty old. Version 1.1.20 and latest is from March 16 version 2.0.18.
Wonder if they patched the leak?
Further if its not fixed what is to say the password you change to wont be leaked again?
|
|
|
|
« Last Edit: March 30, 2021, 09:43:20 AM by Wizzard »
|
Logged
|
 VRCC # 24157 |
|
|
Rams
Member
Posts: 16212
So many colors to choose from yet so few stand out
Covington, TN
|
|
« Reply #3 on: March 30, 2021, 02:07:33 PM » |
|
Just curious but, has anyone informed the Staff of this transgression?
Rams
|
|
|
|
|
Logged
|
VRCC# 29981
Learning the majority of life's lessons the hard way.
Every trip is an adventure, enjoy it while it lasts.
|
|
|
|
carolinarider09
|
|
« Reply #4 on: March 30, 2021, 02:21:30 PM » |
|
I have not since I was not sure it was "real". Also, I sort of figured the staff montoried our posts pretty regularly and I figured the title would cause a reaction.
|
|
|
|
|
Logged
|
|
|
|
Valkorado
Member
Posts: 10493
VRCC DS 0242
Gunnison, Colorado (7,703') Here there be twisties.
|
|
« Reply #5 on: March 30, 2021, 03:14:56 PM » |
|
Hard to say what's up. This site was one of several listed on my Nord VPN Dark web Monitor including Pluto.TV, Last.FM, Bolt.cd, Dropbox.com and Netflix.
Exact wording:
Vrccservices.com
Compromised data: Password
Validity of leaked database couldn't be verified. Yet we're still informing you about a potential data beach -- but keep in mind there's a chance of it producing false positives.
|
|
|
|
|
Logged
|
Have you ever noticed when you're feeling really good, there's always a pigeon that'll come sh!t on your hood? - John Prine 97 Tourer "Silver Bullet" 01 Interstate "Ruby" |
|
|
BigInSeattle
Member
Posts: 163
VRCC #6615
Auburn WA
|
|
« Reply #6 on: March 30, 2021, 03:33:57 PM » |
|
OF COURSE this site has the potential of leaking data. This site doesn't even require an HTTPS connection which means everything you send via HTTP instead of HTTPS is not encrypted. If you are on this site at a free or public wifi spot, everything you do can be picked up by someone using a network sniffing tool like WireShark.
It is also using an ancient version of SMF from 2013 that is full of security leaks and SQL Injection vulnerabilities. The main VRCC site, not the forums, was probably written in a very old version of PHP and I'm sure is also full of holes due to age and lack of security awareness when some of the custom features were written.
If people on the "Dark Web" have found this site it doesn't matter if you change your password or not. They are going to use your email address and password to try to login to other more important web sites.
They don't care about the data here, they want emails and passwords.
|
|
|
|
« Last Edit: March 30, 2021, 03:44:12 PM by BigInSeattle »
|
Logged
|
|
|
|
Willow
Administrator
Member
Posts: 16614
Excessive comfort breeds weakness. PttP
Olathe, KS
|
|
« Reply #7 on: March 30, 2021, 06:05:39 PM » |
|
...
If people on the "Dark Web" have found this site it doesn't matter if you change your password or not. They are going to use your email address and password to try to login to other more important web sites.
They don't care about the data here, they want emails and passwords.
The site doesn't have your email password. |
|
|
|
|
Logged
|
|
|
|
|
scooperhsd
|
|
« Reply #8 on: March 30, 2021, 06:07:42 PM » |
|
...
If people on the "Dark Web" have found this site it doesn't matter if you change your password or not. They are going to use your email address and password to try to login to other more important web sites.
They don't care about the data here, they want emails and passwords.
The site doesn't have your email password. Unless you're foolish enough to use your email password as your password for the site.... |
|
|
|
|
Logged
|
|
|
|
|
