Subaru Enthusiasts Car Club of the Sierras - View Single Post

sperry · 2017-05-13, 06:43 PM

On approximately April 10, 2017 our server was compromised by a hacker attempting to extort us with a Ransomware attack that locked us out of our files and brought down our site. Though we restored from backup, undoing the attacker's damage, there is the possibility that data from the server was stolen during the attack.

Anyone with an account here should be aware of the risk to your compromised personal data.In order to operate our forum software, we store usernames, email addresses, and encrypted forum passwords. Additionally if you participate in the SECCS Fantasy F1 league, your username, email address, and entrypted FF1 password for all seasons you've participated in have also been compromised. Furthermore, we store the paypal email addresses used for FF1 registration payments in order to facilitate the payout of season-ending prizes. We DO NOT store, nor have access to, any other paypal related personal data other than the email address used to signup with. Because we store all passwords in an encrypted format, the attacker does not have immediate access to your password. However, given enough time, they may be able to crack the encryption and access your password.

While we have no specific evidence that the hacker has either stolen or decrypted your data, we recommend that you immediately change your forum and FF1 password(s). Additionally, if you use the same username (or email address) and password on other sites, we recommend that you change your password there as well. Security experts recommend that you never use the same password for more than one account, and instead use a password manager to help you use strong, unique passwords on all your accounts.

We take the security of your personal information very seriously and apologize for this breach of trust. Since the attack, we have reported this incident to the FBI, and have passed along all available information to help in their investigation. We have also audited our server's security and reduced our exposure through improvements to the system. Additionally we are in the process of investigating a new hosting solution that will allow us to run newer, more secure software.

Once again, please accept our apology for any inconvenience this causes you. If you have any questions, please feel free to ask them in this forum, or contact me directly via email.

Scott Perry
SECCS.org Administrator
administrator@seccs.org

Please note, a version of this message will be emailed to our members.

2017-05-13, 06:43 PM	#1
sperry The Doink Real Name: Scott Join Date: Nov 2002 Location: Portland, OR Posts: 20,335 Car: '09 OBXT, '02 WRX, '96 Miata Class: PDX/TT-6 The way out is through	Security Notice On approximately April 10, 2017 our server was compromised by a hacker attempting to extort us with a Ransomware attack that locked us out of our files and brought down our site. Though we restored from backup, undoing the attacker's damage, there is the possibility that data from the server was stolen during the attack. Anyone with an account here should be aware of the risk to your compromised personal data.In order to operate our forum software, we store usernames, email addresses, and encrypted forum passwords. Additionally if you participate in the SECCS Fantasy F1 league, your username, email address, and entrypted FF1 password for all seasons you've participated in have also been compromised. Furthermore, we store the paypal email addresses used for FF1 registration payments in order to facilitate the payout of season-ending prizes. We DO NOT store, nor have access to, any other paypal related personal data other than the email address used to signup with. Because we store all passwords in an encrypted format, the attacker does not have immediate access to your password. However, given enough time, they may be able to crack the encryption and access your password. While we have no specific evidence that the hacker has either stolen or decrypted your data, we recommend that you immediately change your forum and FF1 password(s). Additionally, if you use the same username (or email address) and password on other sites, we recommend that you change your password there as well. Security experts recommend that you never use the same password for more than one account, and instead use a password manager to help you use strong, unique passwords on all your accounts. We take the security of your personal information very seriously and apologize for this breach of trust. Since the attack, we have reported this incident to the FBI, and have passed along all available information to help in their investigation. We have also audited our server's security and reduced our exposure through improvements to the system. Additionally we are in the process of investigating a new hosting solution that will allow us to run newer, more secure software. Once again, please accept our apology for any inconvenience this causes you. If you have any questions, please feel free to ask them in this forum, or contact me directly via email. Scott Perry SECCS.org Administrator administrator@seccs.org Please note, a version of this message will be emailed to our members. __________________ Is you is, or is you ain't, my con-stit-u-ints? Last edited by sperry; 2017-05-13 at 06:54 PM.