Mustang Ecoboost Forum banner
1 - 5 of 5 Posts

· Administrator
52 Posts
Discussion Starter · #1 ·
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,


Community Management

· Premium Member
387 Posts
So upon further research I discovered that a whole slew of automotive websites were HACKED and ALL the user passwords were stolen INCLUDING THIS WEBSITE!!!!

So the TRUTH is they were hacked and that's why their asking everyone to change their password. Bad form guys, bad form.



· Administrator
52 Posts
Discussion Starter · #5 ·
Hey there,

We're sorry we couldn't give you more information at the time as this is being dealt with on a legal level. The password reset was a legal requirement and we had to get it done on a timeline. So this was the first bit information passed on to you all.

The article doesn't mention that it was actually a 3rd party plug in provider used on this site and many others, that was hacked and scraped for basic account info. Passwords are encrypted, but accounts with simple passwords were still at risk once user id, username, and email were identified.

Quick summary of what happened:
- Data was breached back in Feb from a plugin from another company (email, username, some IP - that is all)
- The data was not used or made public until earlier this week (when we found out about it)
- We have locked down sites and requested all user update passwords

We had already been increasing increasing security measures on our end and will continue to do so, and the increased password complexity will protect your accounts from your end.

1 - 5 of 5 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.