No announcement yet.

Forced Password Reset

  • Filter
  • Time
  • Show
Clear All
new posts

  • Announcement - Forced Password Reset

    As regulars know, we had security issues with the site on a couple of occasions, last year and this year, which most recently forced an upgrade of the forum software to vbulletin 5.

    We've recently been contacted by someone who has a copy of the (salted) passwords from the users table.

    Because of this, I am going to set a forced password change within the next 24 hours for everyone.

    • The information seems to date back to the previous incidents. It is to be hoped that the current version of the forum (vb5) is secure.
    • The information includes login names, emails and encrypted (salted) passwords. Despite this, it is still possible to crack these passwords using dictionary attacks etc, especially if simple passwords were used.
    • The forum server and database are completely isolated from the rest of Aria's infrastructure; on a different platform entirely unconnected from the shop sites etc. Furthermore, Aria has a policy of not storing credit card details at any stage along the line, so the sensitivity of the information which may have been accessed is limited.
    • Nevertheless, if you have used the same username/password on the aria forum as you have used on a different site I would strongly advise that you change your passwords on those other sites also.
    About these forums in general:

    The forums are not really a profit-making activity for the company, nevertheless I'd like to keep them going. Activity on the forums are lower than they have been in the past, largely because of the general trend towards social media and away from forums such as these which are in some ways 'old fashioned' - nevertheless we would like to keep this forum open as a service to some of our most loyal customers and the community which has been built around this forum over the past 10 years or so.

    I'm the only developer here, and don't have much time to get involved in the forums - particularly recently. The forum is moderated by volunteers, and the maintenance side of things is also done partly on a volunteer basis by DoubleTop, and with what little spare time I have. I'm hoping that the current versions of the forum software (vb5) proves to be secure, however historically these forums have been a target for malicious activity, and if it keeps reoccurring it's not outside the realms of possibility that Aria might make the decision to pull the plug on the site entirely. I'm hoping that doesn't happen.

    I apologise for the inconvenience, and that we were not able to prevent these breaches in the past.


    Andy N

  • #2
    Addendum: I am also aware that the forum performance is pretty poor lately. That's something I'm looking at separately - again, time allowing!


    • #3
      Thanks Andy
      Originally posted by Aaron
      I want those sweet cherries


      • #4
        Another re-iteration - please check all other account on different site that you use the same email password combo on. We know we shouldn't re-use password, but a lot of people do.
        Please see thread, here for how post reports are dealt with.
        Forum Guidelines here