Hacked? No, not the SH Forums. BUT: Compromised Staff Account!

So you think it was someone with a high level of familiarity with this forum?

 

That’s what he wants you to think!

 

Click on the X in the upper right hand corner

 

Ya know, I didn't even see that X until I was looking at it on my Kindle this morning.

 

I got a rather normal message from Steve stating the forum was hacked and to use stronger passwords and 2fa. I now know that was not the real Steve, but it’s good advice nonetheless.

 

I think that was the real Steve. The hacked message was the one with the "Hahahahahahah" and saying it was going to be fun around here.

 

What I don't get about using a random-generated password is don't you have to store that password somewhere other than in your brain? Hardly makes it secure.

 

There are two options, that I’m aware of:

1) Get a small alphabetized “binder”, your very own “little black book” if will and store that in a safe place.
2) There are online sites that will manage all of your passwords, for a fee I think.

 

Same here.

 

It wasn’t Steve..he has already said he sent no mass messages. It was the hacker basically laughing at people for not using 2 Factor as that would have stopped him from getting in. Hopefully that hole is now plugged and all Mods are required to use 2 factor going forward as unlike us regular members they have admin features and options that you wouldn’t want someone unauthorized to have access to.

 

I'm guessing John...

 

Who is the real Steve?
There's a Steve who I gather is a wizard engineer ( I saw his name just the other day on a Mamas and the Papas CD I have and it does indeed sound good).
And then there's another Steve who bugs me now and then about putting artist's names in my thread titles.
Who is the real Steve?

 

I heard that the real Steve died years ago and if you play various Audio Fidelity masterings backwards you can hear the clues

 

I'll need my ear trumpet for that!

 

More secure passwords is something everyone should at least attempt to do. With what just happened, it has given me the impetus to get this project in motion.

Problem is I can’t find the book I bought literally years ago to start this very project! I think it’s hiding under a pile of CDs in The Dungeon.

 

Was the 403 msg and the (non-working) popup username/password login part of the site's security feature?

 

This. I don't even share news about my recent purchases anywhere, for the same reason. This is a very high profile site, brimming with information about its users that could be valuable to those who work in retail, who have access to customer data and recent orders.
I have warned people against replying in those "tell us about your recent music purchases" threads. At the very least I expect that many vendors are doing market research here, under aliases.

Do you always believe the official story? You do take more risks that way.

The best practice would be creating an individual account for all sites. It's a pain, but worth it when **** hits the fan.

I like the way you think. We're through the looking glass, people...

You'd be surprised how often that happens, legit companies willingly selling customer info.

 

No surprise here. I assume every damn one of them, especially stuff like yahoo mail (which has already basically admitted it as part of their new agreement once they got taken over by "OATH" or whatever their name is) do this. Everything is about making $$. Our information is a commodity to sell all over the place for ad targeting and anything else you could imagine.

 

I got the 2fa PM as well.
I thought it was Steve telling me to enter a stronger password. Never thought it was a prank.

 

Selling information about users is a given with Microsoft and Google etc, but I think it's rarer that companies give away people's email addresses for profit. If the latter was more common, there would be more spam in fresh accounts that haven't been part of breaches.

 

I'm one of the most cynical people on the planet, so no. I'm not a conspiracy theorist, either. I believe what you say, but I still don't think, by and large, the incident was that big of a deal.

 

Deleted. I've sorted the problem out.

 

I couldn't get in this morning and had to reset my password.
All fixed now?