The Student Room Group

Scroll to see replies

Original post by EierVonSatan
It looks as though the banner is currently using an image hosted on a restricted site - nothing to worry about just press cancel. I'm sure they'll get around to fixing that :smile:


Yeah, I'm seeing an empty space with a small red cross next to the, ''IMPORTANT - Your Password has been compromised. You need to act.'' message at the top. Looks similar to other websites where theres a broken link to an image
Reply 21
Original post by pinkangelgirl
i have literally just this second created a new password and already ive forgotten it!! what is wrong with me and my memory.


Try using a service such as Lastpass: https://lastpass.com/

It will synchronise your passwords across whatever computers you might use, and allows you to create and save long, random passwords to use for every site. And because it saves them automatically, you need never forget them!
Just seen the email address I used to sign up to TSR :mmm: The hackers can take that email address if they want because it has absolutely nothing useful. I use different email addresses for unimportant websites
Reply 23
Original post by Iqbal007
"IMPORTANT - Your Password has been compromised. You need to act.
Unfortunately it has come to our attention that TSR has been compromised in a similar way to the recently publicised Linked In attack. At a minimum, username, hashed password and email addresses have been taken. Although the passwords were hashed/salted, they were unfortunately not secured to a level which would prevent them being cracked with modern approaches. You therefore need to act as if your actual password has been compromised.
We therefore recommend that everyone changes their password immediately not only on TSR, but anywhere else they have used the same password.
We will be reviewing our security measures over the coming days and communicating in a range of ways with all members to ensure that everyone receives this message.
We are really sorry for the nuisance that this will cause."


All I got was this to change my password.

But seriously, what would a bunch people want to do with our user accounts.....seriously :K:

They are either very dumb "hackers" or the trolls are back for revenge :troll:


I'd say it's more so they can get a hold of peoples' email addresses along with their password for this site, since a lot of people use the same password for multiple things: Facebook, email, Twitter etc...

Edit: Just realised that I pretty much echoed what people were saying earlier in the thread; apologies! I really need to read these things in their entirety before contributing... :facepalm:
(edited 11 years ago)
Reply 24
Original post by SecondHand
Here's an article which will explain the vulnerability (or what I imagine the vulnerability was).

http://krebsonsecurity.com/2012/06/how-companies-can-beef-up-password-security/


<3 tptacek

But that article doesn't explain the vulnerability here, it discusses the problem with storing passwords in the way that TSR does. The whole article could probably be reduced to "Use bcrypt" anyway.
Reply 25
So, hackers know my password but I don't? This is an outrageous situation!
Reply 26
Original post by zedbrar
Just seen the email address I used to sign up to TSR :mmm: The hackers can take that email address if they want because it has absolutely nothing useful. I use different email addresses for unimportant websites


TSR is unimportant??! :cry:
Original post by I Kant Spall
Changed my TSR password.
Changed my e-mail password.
Installed noscript.
Ran a virus scan.
Turned off laptop.
Turned off router.
Fled the country.
Renounced citizenship.
Joined a monastery.

Guess I had the last laugh--shows you, hackers.


Yeah I changed my e-mail address as well. I changed it to a random one I set up to give to strangers on omegle use for internet forums and messageboards.
Original post by zedbrar
Just seen the email address I used to sign up to TSR :mmm: The hackers can take that email address if they want because it has absolutely nothing useful. I use different email addresses for unimportant websites


same, this is where my [email protected] comes in for use :lol:
Why is there a woman smiling at us? I almost feel trolled. :colonhash:
Reply 30
Original post by RyJ
I'd say it's more so they can get a hold of peoples' email addresses along with their password for this site, since a lot of people use the same password for multiple things: Facebook, email, Twitter etc...


I use different passwords and emails..........but even then what would you do apart from spamming
Reply 31
Original post by estel
A huge percentage of people use their same account details for their email and forums such as TSR. Given access to someone's email account it's usually quite possible to find most of their other passwords, and quite likely access their Paypal / other bank details, or give a wealth of information that would allow the hacker to steal your identity.


luckily I use different passwords :smile:
Reply 32
wut?!?! da internetz not safe???

I changed my password and email (probably too late anyways, did it out of fear).

I use a different password for everything so JOKES ON THEM, HA!

Also, when can we expect the prompt to enter our username and password unencrypted to disappear? I sense this is another hacker plot to steal more useless info from me...
Reply 33
Original post by Iqbal007
I use different passwords and emails..........but even then what would you do apart from spamming


Some people might (stupidly) use the same password for something pretty serious like internet banking.

Peoples' bank accounts can pretty much be emptied in less than a minute...
Reply 34
Original post by RyJ
Some people might (stupidly) use the same password for something pretty serious like internet banking.

Peoples' bank accounts can pretty much be emptied in less than a minute...


people should think twice about that stuff, especially anything linked to your email should be different
Reply 35
Original post by KasanDude
wut?!?! da internetz not safe???

I changed my password and email (probably too late anyways, did it out of fear).

I use a different password for everything so JOKES ON THEM, HA!

Also, when can we expect the prompt to enter our username and password unencrypted to disappear? I sense this is another hacker plot to steal more useless info from me...


Click the close button on its top right corner?
Reply 36
Original post by Iqbal007
people should think twice about that stuff, especially anything linked to your email should be different


I know, it's quite scary how this **** can happen...
Reply 37
Original post by estel
Click the close button on its top right corner?


Yep tried that a few times but it comes back up when I go to a new thread. Atleast it did... hasnt done it for the past few minutes.
Reply 38
Original post by Mr Dangermouse
I have an email address that's only used to sign up to TSR but my old TSR password is used in other places. Should it still be changed everywhere?


Yes you should.
WHY IS THERE AN IMAGE OF A SMILING GIRL NEXT TO THE WARNING?! It's like TSR saying "Ha! Your password's compromised. nyeeeeer!" Makes me scared.

Latest