This discussion is now closed.
Check out other Related discussions
- Make it More Breakfast-ey !!
- Someone created
- The London Clinic: Hospital where Kate treated responds after alleged privacy breach
- Urgent - nottingham or warwick
- Ethical Research Misconduct (continued discussion)
- 5 ways how AI is improving cloud computing
- Data breach
- idk what to do
- GAMSAT 2024 is online
- Could my bf live with me in student accommodation?
- Guaranteed University Managed Accommodation at Winchester - Clearing 2023
- what are your most unfair detentions or any punishment in school
- Hayloft Point lease transfer
- Leicester Takeover Tenancy 2023/24
- Urgent tenancy takeover
- Uni houses
- Student Apartment Sublet - KCL Guy's Campus, April to Early September
- Student Accomodation Summer Re-let (May 2024 - 31st August 2024)
- Private uni accommodation problem
- Accomodation in plymouth
The Student Room – security breach
Scroll to see replies
Original post by Tycho
Anyone who has access to your password from this site will also have access to your email address. Any websites where you have used the same password as here you should change your password. You should also change the password of your email account.
Thanks Tycho
Original post by TheHansa
OK I've changed this thing, but still have the message, has it happened again?
Click the X in the top right corner of the message.
Original post by TheHansa
OK I've changed this thing, but still have the message, has it happened again?
Not to my knowledge. The message on the top of the site is a generic message which isn't specifically tied to your account.
Original post by ChrisN
Just the current one
Posted from TSR Android App
Posted from TSR Android App
If we've used multiple email addresses in the past on our TSR account do they have them all?
(edited 11 years ago)
Original post by TheHansa
If we've used multiple email addresses in the past do they have them all?
No, they won't have.
Original post by Tycho
No, they won't have.
You know an awful lot about this
suspicious
(edited 11 years ago)
Original post by TheHansa
You know an awful lot about this
suspicious
suspicious
I'm a web developer.
Should we continue to change passwords regularly over the next 24-48 hours?
Original post by Mr Dangermouse
Should we continue to change passwords regularly over the next 24-48 hours?
No, this is taking it a bit far. Just change all your passwords everywhere and make your password on here different to your other ones. This means that any subsequent cracks on here will result in them only being able to access your account here, which isn't such a huge problem. What they gonna do - login and post a message?
Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.
Sloppy sloppy sloppy to risk members passwords like that
Sloppy sloppy sloppy to risk members passwords like that
Original post by electriic_ink
One of the first things these people will do, once they've worked out your password, is search your email address on FB to find out who you are IRL. I would make sure you have this feature turned off if you haven't already.
For identity theft or for the lulz?
Original post by tufc
Probably wouldn't have happened if the staff spent more time working on security, instead of warning people for literally every pro-Israel post there is. Typical, farcical TSR really, and someone should be sacked over this.
There's always one.
Empire Total War people moaned they were releasing DLC when there were still bugs, not the same people dude, not the same people.
(edited 11 years ago)
I use my TSR password for everything else on the internet. Do I really need to change all my passwords? Like do they know my ebay and Amazon user name and can use my password with it? I don't see how they could know my other user names for other sites, but the TSR message is telling me to change all my passwords for everything.
(edited 11 years ago)
Original post by Flyteryder
I use my TSR password for everything else on the internet. Do I really need to change all my passwords? Like do they know my ebay and Amazon user name and can use my password with it? I don't see how they could know my other user names for other sites, but the TSR message is telling me to change all my passwords for everything.
Do you really want to take the risk of not changing them? If I were you I'd change them all, but if you really don't want to then at least secure up sites like Amazon, Ebay, Paypal etc... and definately change your email account password.
The inconvenience of changing your passwords is far less than the inconvenience if someone gains access to them.
Original post by Tycho
Do you really want to take the risk of not changing them? If I were you I'd change them all, but if you really don't want to then at least secure up sites like Amazon, Ebay, Paypal etc... and definately change your email account password.
The inconvenience of changing your passwords is far less than the inconvenience if someone gains access to them.
The inconvenience of changing your passwords is far less than the inconvenience if someone gains access to them.
But how on Earth could they have my Amazon and Paypal usernames if they've only stolen information from this site?
Original post by GenerationX
Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.
Sloppy sloppy sloppy to risk members passwords like that
Sloppy sloppy sloppy to risk members passwords like that
Original post by GenerationX
Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.
Sloppy sloppy sloppy to risk members passwords like that
Sloppy sloppy sloppy to risk members passwords like that
Hashing is a very common method of storing passwords, and it's not as easy to crack as you are suggesting. It's specifically designed to not be decrypted, and indeed can't be. To the best of my knowledge the only way to crack a password which is hashed using md5 is via a brute force method.
Original post by Flyteryder
But how on Earth could they have my Amazon and Paypal usernames if they've only stolen information from this site?
Related discussions
- Make it More Breakfast-ey !!
- Someone created
- The London Clinic: Hospital where Kate treated responds after alleged privacy breach
- Urgent - nottingham or warwick
- Ethical Research Misconduct (continued discussion)
- 5 ways how AI is improving cloud computing
- Data breach
- idk what to do
- GAMSAT 2024 is online
- Could my bf live with me in student accommodation?
- Guaranteed University Managed Accommodation at Winchester - Clearing 2023
- what are your most unfair detentions or any punishment in school
- Hayloft Point lease transfer
- Leicester Takeover Tenancy 2023/24
- Urgent tenancy takeover
- Uni houses
- Student Apartment Sublet - KCL Guy's Campus, April to Early September
- Student Accomodation Summer Re-let (May 2024 - 31st August 2024)
- Private uni accommodation problem
- Accomodation in plymouth
Latest
Trending
Last reply 1 month ago
The Student Room Update: New Look, New Homepage and More!Trending
Last reply 1 month ago
The Student Room Update: New Look, New Homepage and More!
