HACKED By SMAIL MAX
- Thread starter Mina
- Start date
I'm sure there's a waiver in the TOS that you had to accept before opening an account made for this very reason
Yea but negligence cant be negated by a TOS. If the owners of the site arnt up front about what was taken and what potential risks are you are still very liable.
I still don't feel that Paul has done enough to inform the board on what was done and what they are at risk for.
What was taken is not a mystery for anyone anymore (see wheelie-machine post and proof above). The question is why the yellow message under the header here only prompts people to change their password at GTAM, as if that is the big issue at all. As already mentioned, some people (probably many) are using the same credentials to log into multiple sites (myself included in terms of low-importance places, like some general forums and the like, but I can definitely imagine that there are individuals using the same on paypal, facebook, linkedin, etc.). Everybody should be informed that their accounts in those other sites are now compromised, and not just by means of displaying a message above, but actually shooting a mass email announcement. It's the only right thing to do.
100% agree.
If Paul and Donna think they are not going to be held liable if something comes out of it, they are wrong.
And whats with answering a question everytime you post now? Like that is some sort of security measure now .. lol ..
does not happen to me.
banning someone with lots of $$$$$$ might have reason or revenge to play with Paul's stuff.
you don't really need money to do this stuff. A little bit of knowledge and access to the internet is all you need.
i think that is a "Infernobuster" special feature just for you lol
What is it you'd like to know? You guys know as much as I do right now.
We aren't happy this is happening any more than you are...however...if you feel your personal information on this forum is at risk....then I suggest you log out now...and email me at paul@gtamotorcycle.com and I will delete your email and account from the database so this can not happen again to you.
Let me know...and once I find out more...Ill be sure to post here.
Thanks
Well heres what you do know. A database dump was taken with Hashed passwords and email addresses was taken. - So its prudent to assume all the passwords have been compromised. The first steps of forcing password changes is a good one but all it does is protect this account from being accessed.
The point we are making is that you haven't made an announcement telling the community what has been taken and what steps should be followed to protect ourselves. What happened and who's is doing this realy isn't any of your users bases business thats between you, the Hacker and i would assume the RCMP.
But to cover yourself legally you should be making a reasonable effort to inform your users base of what info what compromised.
Emails to the user base (To email accounts and PM's), Stickies in the the general section and in that yellow announcement box.
You will want to include info such as. The Database was compromised with a List of emails and Passwords taken. I have forced password resets on the all accounts but if you use the same password anywhere else on the internet you are advised to change it as it has probably been compromised.
I don't care to know the details of this event but i hope for the forums sake you can get it under control. But please consider doing these steps just to let everyone know.
I would also consider locking out and accounts that haven't changed there passwords after a few weeks
I am just offering the following as a suggestion.
-Disclosure of what information GTAM has for every account holder. I'm not saying this is a big secret, but just to outline it in black and white so that it is very clear. E.g. password hash, date of birth, email address, PMs. Things posted in Trash Talk that were technically not in the public eye (though I'm aware we don't exactly trade our social insurance numbers in there)
-Communicate clearly to as many people as possible that there was an intrusion, and when that happened. Mass email, a link to a post in that yellow banner, etc.
-Communicate what is happening now - does someone have responsibility for investigating the intrusion? Is there any information that would lead people to believe this will be less likely in the future? This doesn't have to be specific or detailed
-Disclosure of what information GTAM has for every account holder. I'm not saying this is a big secret, but just to outline it in black and white so that it is very clear. E.g. password hash, date of birth, email address, PMs. Things posted in Trash Talk that were technically not in the public eye (though I'm aware we don't exactly trade our social insurance numbers in there)
-Communicate clearly to as many people as possible that there was an intrusion, and when that happened. Mass email, a link to a post in that yellow banner, etc.
-Communicate what is happening now - does someone have responsibility for investigating the intrusion? Is there any information that would lead people to believe this will be less likely in the future? This doesn't have to be specific or detailed
This TBH you just need to be upfront with people about what was taken it reduces you legal exposure just incase. You can show you made best effort to inform people.
Last edited:
Thanks - I'll get the email out as soon as I have more information. My priority right now is stopping this from happening again for good.
banning someone with lots of $$$$$$ might have reason or revenge to play with Paul's stuff.
or how about repeatedly banning someone who does computers for a living?
That person also made a duplicate forum, so I'm sure they're familiar with the coding
He's posting in this thread, it's not him. Stop being so paranoid.
For those trying to lynch Paul, consider this latest attack as a wake up call to your own online security.
One email address for important ****.
Another email address for forums, porn sites etc etc.
wheeliemachine
Banned
I asked a few people more knowledgeable than me about how to keep track of all the randomly generated strong passwords you'd use on different sites (because it's an option I'm going to start using). Three out of three people recommended http://keepass.info lol. I haven't asked about which random password generator to use but random.org has one that seems to be popular. That'll allow you to use different strong passwords on each site that you use and keep track of them easily. If you want to be able to generate random e-mail addresses for each site you use look for the "catch all" option the domain you purchased 
I recommend NameCheap over GoDaddy, mostly for ethical reasons, not price. This link (non aff) will get you WHOIS Guard free for a year with NameCheap, $10/yr for the domain name: http://www.shivarweb.com/go/namecheap/
Be safe.
I recommend NameCheap over GoDaddy, mostly for ethical reasons, not price. This link (non aff) will get you WHOIS Guard free for a year with NameCheap, $10/yr for the domain name: http://www.shivarweb.com/go/namecheap/Be safe.
