Announcement

Collapse

Newsdesk Guidelines

The NEWSDESK is the area for TheologyWeb news and announcements. This is not a debate area. There will be times when you won't agree with certain official announcements and commentary. If so, do not argue or dispute in this area but take it up in an appropriate area of the forum or by Private Message. Threads may only be started by TheologyWeb leadership, but responses may be posted by the entire community.

General TheologyWeb forum rules: here.
See more
See less

Possible Data Breach

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible Data Breach

    Juvenal contacted me and said that Chrome had reported his unique password for Tweb as being found in a data breach.

    I haven't seen anything in my password checkers, (Last Pass, Have I been pwned, or Chrome) myself, nor have I seen any indications of a break in on our server, but I wanted to give a heads up to everyone about this.

    You should change your password to be safe (you should change it often as well regardless for good security. And don't use the same password here as you do other sites, especially anything financial). I have changed the root password on our server and server account login.



  • #2
    Changed my password, I already used a different one for other sites fortunately if this were the case.

    Comment


    • #3
      Originally posted by Cerebrum123 View Post
      Changed my password, I already used a different one for other sites fortunately if this were the case.
      Always a good practice.

      I also suggest using a password manager to keep track of all of your passwords.

      Firefox and Chrome have built in password managers, but there are other ones that will work across various devices and apps so you don't have to keep storing passwords in multiple places. most have good free versions with paid versions for extra features, like automatic password changing, etc.

      https://www.lastpass.com
      https://bitwarden.com/
      https://1password.com

      Most work by having a Master password to access the rest of your passwords. Just make sure your master password is very secure and not one you use anywhere else. Best practices is to use a password phrase. Just make up some nonsense phrase that you can remember and type easy but make it at least 12 characters long. Something like "I eat cardboard" or "Unicorns fart chocolate" "My dog is a moron"



      Rats! Now I have to change all of my passwords again!

      Comment


      • #4
        Oh and just for everyone's peace of mind: We don't store any personal information about anyone. All a data breach would give anyone would be your tweb username/encrypted password and email address.

        Also on the Vbulletin forum, Vbulletin was asked about the encryption on the password database and they replied.

        "Salted* and MD5 hashed; it is next to impossible to retrieve and view a password even if the database is compromised."

        So I am still not convinced we have had an actual breach. This thread is just to be safe.

        *In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Salts are used to safeguard passwords in storage. ... Salting is one such protection. A new salt is randomly generated for each password. https://en.wikipedia.org/wiki/Salt_(cryptography)
        Last edited by Sparko; 07-19-2021, 07:36 AM.

        Comment

        Related Threads

        Collapse

        Topics Statistics Last Post
        Started by Sparko, 07-19-2021, 12:41 PM
        46 responses
        164 views
        1 like
        Last Post rogue06
        by rogue06
         
        Started by Sparko, 07-18-2021, 08:41 AM
        3 responses
        48 views
        0 likes
        Last Post Sparko
        by Sparko
         
        Working...
        X