R_Gtx Posted November 14, 2014 Share Posted November 14, 2014 Today, I received the following email from corsair.com: Last week, an unauthorized user logged into the Corsair Support Forums as a moderator which potentially exposed user names, passwords and email addresses. We have taken the action of resetting the passwords of those users and have reset all Corsair staff passwords. If you are unable to log into the forums using your previous password, your account may be one of those we reset. In this case, please follow the procedure for “forgot password” to create a new password: http://forum.corsair.com/forums/login.php?do=lostpw If you use the same user name and password used at the Corsair forums across multiple websites, we strongly encourage you to change those passwords on the other websites as well. We sincerely apologize for the inconvenience this has caused and we will continue to work on strengthening the security of our forums. Surprisingly, there is a dearth of posts on this subject. Why do moderators have access to our passwords? Did the unauthorized user(s) have access to rma details? Why is there no further information on this site? Link to comment Share on other sites More sharing options...
Corsair Employee jonnyguru Posted November 14, 2014 Corsair Employee Share Posted November 14, 2014 First off, the forum was not "hacked" (as per your title). The unauthorized user got in using a legitimate password. We've made sure to re-school our mods in proper Internet security practices (i.e. not using the same password for multiple sites). There's no further information on this site because there's no further information to report. Moderators don't have direct access to your password, but remember that the forums are not a "secure website" (not https, no little padlock icon, etc) so if you use "remember me" or auto complete to log in, it's very easy for someone with a script to lift your user name or password right off of your browser (I doubt even "incognito" browsing is safe). The unauthorized user did not have access to RMA details because RMAs are done through a completely different site. The forums are Vbulletin. The RMAs are done through SalesForce. Link to comment Share on other sites More sharing options...
R_Gtx Posted November 14, 2014 Author Share Posted November 14, 2014 In a strictly legalistic sense, you are correct, there is a distinction between hacking and unauthorized access. But, the end result is the same, an intrusion has occurred, of suffficient severity to necessitate the measures taken. Your "Nothing to see, now move along" attitude does little to assuage my gut feelings, that something more than a little light browsing with extended privileges may have occurred Link to comment Share on other sites More sharing options...
Yellowbeard Posted November 14, 2014 Share Posted November 14, 2014 We've complied with California state law on this. Keep in mind, the forum is COMPLETELY separate from any other Corsair network, internal or external. The ONLY things anyone potentially had access to are the forum user name, the forum password for that account, and the email address with which you registered. There is no access possible to ANY other Corsair network. Link to comment Share on other sites More sharing options...
Corsair Employee jonnyguru Posted November 14, 2014 Corsair Employee Share Posted November 14, 2014 Exactly. There's no information stored on these forums that would serve anyone any use (no CC#'s, SSN's, people's addresses, etc.). What our concern is is for those who tend to use the same login credentials used here on other sites, which is why someone went fishing for the information in the first place. Grab a few hundred user names and passwords, go onto sites like Chase or Citibank and try them all out and you're bound to get one or two hits. That's why the email suggests that IF YOU DO use the same password on another site, you should change that as well. Link to comment Share on other sites More sharing options...
R_Gtx Posted November 14, 2014 Author Share Posted November 14, 2014 Exactly, so why was the email sent with the low priority tag: Link to comment Share on other sites More sharing options...
Yellowbeard Posted November 14, 2014 Share Posted November 14, 2014 Exactly, so why was the email sent with the low priority tag: [ATTACH]19815[/ATTACH] What difference does it make? Change your password and move on. Link to comment Share on other sites More sharing options...
Corsair Employee jonnyguru Posted November 14, 2014 Corsair Employee Share Posted November 14, 2014 That is odd. An automated system sent those emails out. I received mine with no priority settings (high or low). That's something to look into. Link to comment Share on other sites More sharing options...
Lady Fitzgerald Posted November 14, 2014 Share Posted November 14, 2014 ...There is no access possible to ANY other Corsair network. Nothing is impossible, especially for a determined hacker or an entity (government) with enough computing power for a brute force attack. ;): Still, it's probably unlikely that anyone would be able to get into the more critical accounts. As long as one doesn't use the same password for everything, there isn't anything to worry about; just change the compromised password. Link to comment Share on other sites More sharing options...
Yellowbeard Posted November 14, 2014 Share Posted November 14, 2014 There are no other "more critical accounts" on the server where the forum resides. It is a completely separate entity from all other things Corsair. Link to comment Share on other sites More sharing options...
Lady Fitzgerald Posted November 15, 2014 Share Posted November 15, 2014 There are no other "more critical accounts" on the server where the forum resides. It is a completely separate entity from all other things Corsair. My point exactly. Link to comment Share on other sites More sharing options...
Dims Posted November 16, 2014 Share Posted November 16, 2014 We've complied with California state law on this. Keep in mind, the forum is COMPLETELY separate from any other Corsair network, internal or external. The ONLY things anyone potentially had access to are the forum user name, the forum password for that account, and the email address with which you registered. There is no access possible to ANY other Corsair network. What about employee's inbox on the forums. Any possible way that could of been accessed. Some employees requested select members shipping information towards the end of June 2014. Link to comment Share on other sites More sharing options...
thenosbod Posted November 16, 2014 Share Posted November 16, 2014 What about employee's inbox on the forums. Any possible way that could of been accessed. Some employees requested select members shipping information towards the end of June 2014. good question. Link to comment Share on other sites More sharing options...
Pirateguybrush Posted November 17, 2014 Share Posted November 17, 2014 How were passwords stored? Plaintext, or hashed? What kind of security was in place? Why do moderators have any access whatsoever to passwords? Link to comment Share on other sites More sharing options...
Administrators Technobeard Posted November 17, 2014 Administrators Share Posted November 17, 2014 How were passwords stored? Plaintext, or hashed? What kind of security was in place? Why do moderators have any access whatsoever to passwords?Please re-read what has already been posted. To reiterate: NO ONE on the staff has any type of access that would give them direct access to anyone's passwords. IIRC vBulletin double hashes and salts passwords. Link to comment Share on other sites More sharing options...
Pirateguybrush Posted November 18, 2014 Share Posted November 18, 2014 Thanks TechnoBeard. If that's the case, why did Corsair have reason to suspect passwords may have been compromised, as indicated in the email? Link to comment Share on other sites More sharing options...
Yellowbeard Posted November 18, 2014 Share Posted November 18, 2014 which potentially exposed user names, passwords and email addresses. We are erring to the side of caution. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.