[ecoboostadmin]

Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management

 

[Uncle Meat]

Hey admin.... you need to start checking your "Report Post" inbox and start banning these spammers like caj767314922.


U.M.

 

[Uncle Meat]

So upon further research I discovered that a whole slew of automotive websites were HACKED and ALL the user passwords were stolen INCLUDING THIS WEBSITE!!!!


So the TRUTH is they were hacked and that's why their asking everyone to change their password. Bad form guys, bad form.





U.M.

 

[Uncle Meat]

Read this: 45 Million Accounts Hacked At Some Of The Biggest Car Forums

Then check to see what other automotive forums you may belong to that were also hacked: VerticalScope.com

U.M.

 

[ecoboostadmin]

Hey there,

We're sorry we couldn't give you more information at the time as this is being dealt with on a legal level. The password reset was a legal requirement and we had to get it done on a timeline. So this was the first bit information passed on to you all.

The article doesn't mention that it was actually a 3rd party plug in provider used on this site and many others, that was hacked and scraped for basic account info. Passwords are encrypted, but accounts with simple passwords were still at risk once user id, username, and email were identified.

Quick summary of what happened:
- Data was breached back in Feb from a plugin from another company (email, username, some IP - that is all)
- The data was not used or made public until earlier this week (when we found out about it)
- We have locked down sites and requested all user update passwords

We had already been increasing increasing security measures on our end and will continue to do so, and the increased password complexity will protect your accounts from your end.

Dayle