Attention - Password and Security Update - ClubTread Community

User Tag List

 15Likes
Reply
 
LinkBack Thread Tools
post #1 of (permalink) Old 06-14-2016, 10:50 AM Thread Starter
Administrator
 
VSadmin's Avatar
 
Join Date: Jun 2014
Location: Toronto, Ontario, Canada.
Interest: Poutine-lovin', maple syrup junkie.
Posts: 409
Default Attention - Password and Security Update

Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management

admin..
VSadmin is offline  
Quote
Sponsored Links
Advertisement
 
post #2 of (permalink) Old 06-17-2016, 04:52 AM
Headed for the Mountains
 
Join Date: Jul 2008
Location: , , .
Posts: 462
cutthroat22 is offline  
post #3 of (permalink) Old 07-12-2016, 08:36 PM
Headed for the Mountains
 
Join Date: Jan 2006
Location: Vancouver, BC, Canada.
Interest: Err, need you ask? Hiking :-)
Posts: 222
Default

I only just saw this thanks to the email from VerticalScope. Since the breach was back in FEBRUARY (apologies for shouting...), could there have been a more obvious way to attract people's attention, like when they revisit the site? Or emailing users as soon as the breach was discovered? I must admit I didn't see the original story, and unfortunately even if I had I doubt I would have twigged that the VerticalScope hack meant that it was my Club Tread account that was at risk as I'd long since forgotten the name of the company that took over...

One question I have about resetting passwords: the connection to forums.clubtread.com is not over https, so using the profile page to reset the password seems somewhat insecure. Am I missing something here? I know that doesn't guarantee secure password *storage* but it's the first step to knowing the new password won't be intercepted.

Going forward, I assume passwords will be stored using a more robust encryption method?

https://www.leakedsource.com/blog/verticalscope
aspersa is offline  
Sponsored Links
Advertisement
 
post #4 of (permalink) Old 07-12-2016, 09:59 PM
Summit Master
 
zeljkok's Avatar
 
Join Date: May 2009
Location: Anywhere but social media
Posts: 4,817
Default

I want to say that effects of this security breach are being felt. Lately I've received several bogus emails; one inviting me to "click the attachment", and latest classic phishing attempt to extract sensitive info:



If you receive this & click link, it redirects to some site in India I believe.& asks you for login/password

Reason I suspect this is from CT security breach is because CT is only site I registered at a time with personal email -- usually I use some yahoo or hotmail accounts I don't care about. Only close contacts know this email & I never received in 10+ years anything till now


So be careful
Attached Images
 

Last edited by zeljkok; 07-12-2016 at 10:03 PM.
zeljkok is online now  
post #5 of (permalink) Old 07-13-2016, 03:04 PM Thread Starter
Administrator
 
VSadmin's Avatar
 
Join Date: Jun 2014
Location: Toronto, Ontario, Canada.
Interest: Poutine-lovin', maple syrup junkie.
Posts: 409
Default

For the official security breach press, please go here: http://www.verticalscope.com/about-u...ta-breach.html

Lee

admin..
VSadmin is offline  
post #6 of (permalink) Old 07-14-2016, 03:51 AM
Summit Master
 
Join Date: Dec 2001
Posts: 6,120
Default

Please delete my account and if possible all my postings and photos .
I went to the CP to try and change my email and did not have any luck ... same deal with changing my password.
Frankly I don't have the time to screw around.
Your data breach has me very concerned.

Last edited by 19351; 07-14-2016 at 12:00 PM.
19351 is offline  
post #7 of (permalink) Old 07-14-2016, 10:36 AM
Headed for the Mountains
 
Join Date: May 2012
Location: Edmonton, Alberta, Canada.
Interest: Adventure travel
Posts: 329
Default

Bit confused with the above announcement. If we change our password now, will we be changing it again with the forced reset?

Trail Talk
"Retired but not yet tired"
Trail Talk is offline  
post #8 of (permalink) Old 07-14-2016, 05:06 PM Thread Starter
Administrator
 
VSadmin's Avatar
 
Join Date: Jun 2014
Location: Toronto, Ontario, Canada.
Interest: Poutine-lovin', maple syrup junkie.
Posts: 409
Default

Quote:
Originally Posted by The Hiker View Post
Please delete my account and if possible all my postings and photos .
I went to the CP to try and change my email and did not have any luck ... same deal with changing my password.
Frankly I don't have the time to screw around.
Your data breach has me very concerned.
Hey there

We've noticed this on our other communities and it seems if you are attempting to update your email AND password at the same time, you will not be able to. Please update one, and then update the other.

As for deleting your content, we do not do this as it causes holes in the database and breaks thread conversation. I can deactivate your account by removing the associated email and changing the username, but all your history will remain. You will not be able to regain access to this account if you choose to return in the future. Please confirm if you would really like to go through with this.


For passwords updated before the reset, they will be lost at the time of reset again.

Dayle

admin..
VSadmin is offline  
post #9 of (permalink) Old 07-14-2016, 10:04 PM
Super Moderator
 
KARVITK's Avatar
 
Join Date: Apr 2005
Location: Abbotsford, B.C., Canada.
Interest: Hiking, Snowshoeing, and Photography. Enjoying the outdoors fresh air and fitness experience.
Posts: 17,919
Default

Hiker, there is great value in all the content of trip reports you have posted. And very enjoyable to go back in history and view pictures and read about trips at a time for some people exploring the same areas, coming 10 or more years later.

K
alpalmer likes this.

Hiking is what keeps you young of mind and heart. When the going gets tough, the tough get going..............
KARVITK is offline  
post #10 of (permalink) Old 07-14-2016, 11:30 PM
High on the Mountain Top
 
xj6response's Avatar
 
Join Date: Jul 2010
Location: Sunshine Coast, BC, Canada.
Posts: 2,189
Default

Quote:
Originally Posted by The Hiker View Post
Please delete my account and if possible all my postings and photos .
I went to the CP to try and change my email and did not have any luck ... same deal with changing my password.
Your data breach has me very concerned.
Not to diminish the severity of a breach like this but I'd hope you reconsider. Your TR's have often been a useful source of good info and many of your pics have been very enjoyable to view. I recently used one of your TR's for info on Diez Vistas trail.
alpalmer likes this.

________________________________
xj6response is offline  
post #11 of (permalink) Old 07-15-2016, 09:29 AM Thread Starter
Administrator
 
VSadmin's Avatar
 
Join Date: Jun 2014
Location: Toronto, Ontario, Canada.
Interest: Poutine-lovin', maple syrup junkie.
Posts: 409
Default

Let us know how you would like us to proceed with your account Hiker.
As mentioned above, you have made some great contributions to the site.

Thank you,

Richard.

admin..
VSadmin is offline  
post #12 of (permalink) Old 07-15-2016, 09:53 AM
High on the Mountain Top
 
Join Date: Sep 2008
Location: Fraser Valley
Interest: Photography, Nature Observation, Health & Fitness, Nutrition, Shinrin-yoku
Posts: 1,667
Default

Quote:
Originally Posted by VSadmin View Post
1) We are asking everyone to change their passwords (and will force a one time reset).
I don't know anything about website security but other website use a secure (https) login popup window and register forms which I don't see here. Does it matter?
solo75 is offline  
post #13 of (permalink) Old 07-15-2016, 11:04 AM Thread Starter
Administrator
 
VSadmin's Avatar
 
Join Date: Jun 2014
Location: Toronto, Ontario, Canada.
Interest: Poutine-lovin', maple syrup junkie.
Posts: 409
Default

Quote:
Originally Posted by solo75 View Post
I don't know anything about website security but other website use a secure (https) login popup window and register forms which I don't see here. Does it matter?

You will be prompted when the password reset goes out. it will force you to change your password. make sure your email in your UserCP is updated to your latest email as well so you do not get locked out. if you get locked out, you will have to have an admin manually change it for you.

~Shane

admin..
VSadmin is offline  
post #14 of (permalink) Old 07-15-2016, 12:03 PM
High on the Mountain Top
 
Join Date: Sep 2008
Location: Fraser Valley
Interest: Photography, Nature Observation, Health & Fitness, Nutrition, Shinrin-yoku
Posts: 1,667
Default

Quote:
Originally Posted by VSadmin View Post
You will be prompted when the password reset goes out. it will force you to change your password. make sure your email in your UserCP is updated to your latest email as well so you do not get locked out. if you get locked out, you will have to have an admin manually change it for you.

~Shane
I was actually wondering about the login process. Is it secure since I don't see the customary HTTPS or a lock icon to denote that.
solo75 is offline  
post #15 of (permalink) Old 07-15-2016, 03:30 PM
Summit Master
 
Join Date: Dec 2001
Posts: 6,120
Default

Yes please deactivate my account . I guess for the good of the site the trip reports can stay. This site has changed a lot since it started and most of the people I know have now moved onto Facebook. I very seldom come here so I think it is time for me to move on.
again today I tried to change just my email with no luck. So I would prefer that it be removed to prevent any other spam that may come from here or having my info breached. One has to wonder why these security measures were not put in place when the site was first taken over.

The other concern I have is my photos are copyrighted . When this site first started I had an agreement with Hamlin that any content was not to be used outside of C. T. I surely hope that is the case here !
I still post shots on the Club Tread Flickr site & will continue to do so.
Happy Trails everyone .
Russ
19351 is offline  
Reply

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome
 

Search Engine Optimization by vBSEO 3.6.1