IMPORTANT: Community security breach

[SpyDie]

What steps are being done to avoid this in the future?

[kat]

FWIW - I... the "Drama Queen"... see no benefit what so ever of outting the admin who made this mistake.  We are all human and dumping on the guy (or gal) serves no good purpose.

Nicely put.

What steps are being done to avoid this in the future?

I think the person responsible's sense of guilt will cover that.

[Deaks]

spydie we have implemented various new steps the main one is creating a stronger password policy for admins on this site.

[KVL]

 Thanks for the report.

Everything is under control.

Don't worry, be happy.

[brianharrell]

Good job on security amateurs!

[floridaflatlander]

Good job on security amateurs!

Kids

[Deaks]

brianharrell, please dont attack, accuse or call anyone amateurs, this attack has happened to other larger sites who have more to lose than us, with alot more money for better security measures, no website is 100% secure.

[[yub] Lazo]

Good job on security amateurs!

Please show me one site that is 100% secure.

[kat]

Exactly.

Brian, if you think that your security's 100%, you're deluded.

Yeah, OK. This was a pretty silly mistake. But, can you say, hand on heart, that you've never made a silly mistake?

[[yub] Lazo]

It is not really a matter of mistakes, it is more a matter of the security level of a page. This wasn't really a security issue in the begin, it was more a mistake that caused all that. A security issue is when your system is made in a way which someone can use for his own advantage.

I think this whole discussion goes in a wrong direction.

[bloc]

It is not really a matter of mistakes, it is more a matter of the security level of a page. This wasn't really a security issue in the begin, it was more a mistake that caused all that. A security issue is when your system is made in a way which someone can use for his own advantage.

+1

(a like button would be nice now )

[kat]

Oh, I think that we've confessed, quite rightly, that one of our guys goofed.

If they hadn't used the same password, here, as they do on their own site, the hack MAY not have happened.

My belief is that it would've happened, anyway, eventually.

The problem with anti spyware/virus/security software is that it's always playing catch-up.

[Chalky]

Agreed.  The hacker seems pretty determined on his spree, I think he would have found a way in eventually.  Better security breeds better hackers.

[ARG01]

Okay, I have put this off too long. Other than Craigs List I have never encountered so many whining babies. If you want your account removed the remove it. So your username and password "may" have been compromised. So what? You are just 1 (one) out of 320,331 members here. The chances of your username and/or password being used to infiltrate your own websites are extremely slim. You would have better luck winning the lottery. I am sure that who ever did this was not here on a mission to hack into your account. And, if you use the same login info on multiple sites then you deserve to be hacked.

As for those that are dumping on the admin who may have caused this, shame on you. Like you have never made a mistake or used bad judgement at some point in your life. Are you in some sort of pain or agony over this? Do you need psychological help due to stress over this situation? Has your website been compromised? Are you losing sleep because of this? I think not.
Dump the high mighty attitude and find something worth while to complain about.

[kat]

[Deaks]

ARG I soo agree

and for future here is an official response about the Admin, and I will type it in caps so everyone can see:

WE WILL NOT BE TAKING ACTION ON THE ADMIN AND WE WILL NOT BE SHARING THE IDENTITY OF THE ADMIN!

[kat]

Damned right, too.

Dunno who it was and I don't want to, either.

[MarkRH]

Thanks for the head's up. Changed my password here. I used that password only here and the email address I have here is the only place I used it.  Since my webhost allows unlimited email forwarding I make a separate email for each place I register which makes it really easy to tell where a leaked/sold email address came from if I start getting spam on it.

[The Craw]

Okay, I have put this off too long. Other than Craigs List I have never encountered so many whining babies. If you want your account removed the remove it. So your username and password "may" have been compromised. So what? You are just 1 (one) out of 320,331 members here. The chances of your username and/or password being used to infiltrate your own websites are extremely slim. You would have better luck winning the lottery. I am sure that who ever did this was not here on a mission to hack into your account. And, if you use the same login info on multiple sites then you deserve to be hacked.

As for those that are dumping on the admin who may have caused this, shame on you. Like you have never made a mistake or used bad judgement at some point in your life. Are you in some sort of pain or agony over this? Do you need psychological help due to stress over this situation? Has your website been compromised? Are you losing sleep because of this? I think not.
Dump the high mighty attitude and find something worth while to complain about.

Couldn't have said it better myself.

[bacanzito]

OMG !!