Thursday, November 22nd 2012
Please Reset Your TechPowerUp Forums Password
Earlier today (22/11), TechPowerUp servers were hacked. The attacker gained access to the forums user database, the one which stores user information. Details such as usernames, hashed and salted passwords fell into the wrong hands. Thanks to GPGPU, the passwords are as good as compromised. We have undertaken a security review, and are mandating a password change for all users. Your old password will not work, click on "forgot password" link and follow the instructions to reset it. If you use the same password (as your old TPU password) elsewhere (other sites), change it to something completely different. We sincerely apologize for the inconvenience, and promise to improve our security infrastructure.
If you no longer have access to the email account you used to register, please email w1zzard@techpowerup.com and mention your username, old e-mail, new e-mail and IP address you typically use to post on the forums.
If you no longer have access to the email account you used to register, please email w1zzard@techpowerup.com and mention your username, old e-mail, new e-mail and IP address you typically use to post on the forums.
221 Comments on Please Reset Your TechPowerUp Forums Password
I was under the impression that the user database for vBulletin (3.6 and up) was encrypted by default? I remember examining some of my databases and sensitive details couldn't be seen.
The main problem is it's saying I'm entering the wrong current password when trying to reset it, and it won't send me my password or a temporary one.
Make sure your email address is correct or working before attempting the following:
It'll give you a temp password, but you have to wait for the server to email you the generated key.
www.techpowerup.com/forums/login.php?do=lostpw
I gotta say though, it was a bit scary when right after I posted about it in the feedback forum, what appears to be a SPAM bot answered with jibberish.
Wizzard, You can disregard the email I sent, its ok now.
When the computer manufactrurers get serious they will adopt a standard for login procedures which cannot be compromised by simply hacking a site and stealing information.
Some complain it will be to costly to implement such a solution but I suggest the cost will sharply drop when millions of orders are placed for the equipment required to implement a solution.
The bigger problem for users is how to get those building the computers and those writing the software to REALLY CARE about our security online. If they don't get away from this grade school approach of identity verification all we as users can expect is more of this in the future.
maybe the hacker came to my house, held my hamster hostage and forced me to give him the admin password?
With all of the trouble people around the globe are having with security breaches, some leading to identity theft and other nefarious ends, any simple minded person can recognize the need for the industry to come togather and agree on a simple system which is much more difficult to break than a code word.
If a new system cost us a small (one time) amount to prepare our PC's that would be a reasonable cost, considering we each pay a heafty monthly rate for internet access anyway. The success of such a system would be upon the software houses and PC manufacturers to make it a standard in all new equipment. This also will be the tough part of any plan because most PC makers and software houses don't care diddly about end user security beyond the most simple of implementations.
Edit: As an example, I have not had my E-Bay or PayPal passwords compromised since I began using their electronic key fobs, for that matter my bank has also not been compromised diue to the same security. The problem with key fobs is they are too costly to implement into all online entities requireing secure access. There are other forms of identification which is not as costly and more secure like retna scanners, finger print id's and so on that can be used over a broad range of equipment and still identifies a unique user.
I doubt a TPU account would ever be a matter of national security. :p
Fine work to the admin staff catching the problem so quickly:rockout:, hopefully those responsible are found soon and dealt with severely. :shadedshu
As for catching the intruders, Tech Power Up has a small chance of finding who is responsible. My guess is these people may be hackers or they may also be a foreign government, like China, with a reputation for hacking sites. The worrysome thing is in the past few months several tech oriented sites have been compromised making myself ask what purpose might these folks have in mind? I would bet the intent goes far beyond any joy they may feel by having hacked the site.
Edit: Looking at your quote from Benjamin Franklin... I also remember it was Franklin who thought the Turkey should be named as our national bird instead of the eagle. Franklins thoughts have many times been on the fringes of rational thinking. This is not to say what Frankilin said about liberty is wrong, but making something more secure would not cost us any liberty at all. It would cost those who abuse liberty some pain but isn't that the intention with any security be it passwords or something else?
2) Lol at china
3) Turkeys are awesome
Would you want to receive (and pay for) an SMS each time you access TPU? and then you have to enter that code?
:roll:
Just for discussion, I wouldn't mind seeing something like SteamGuard used more often.
Just to clear this up on my end, the internet began after PC's were invented in 1981 (I think). That is somewhere between 20 to 30 yerrs we have lived with passwords to protect us and every year they become weaker and weaker as a protection.
My whole point is times have changed and along with that the industry should change how we protect our identity, and access to web sites.