This discussion is now closed.
Check out other Related discussions
- Make it More Breakfast-ey !!
- Someone created
- The London Clinic: Hospital where Kate treated responds after alleged privacy breach
- Urgent - nottingham or warwick
- Ethical Research Misconduct (continued discussion)
- 5 ways how AI is improving cloud computing
- Data breach
- GAMSAT 2024 is online
- idk what to do
- sfe help
- Could my bf live with me in student accommodation?
- what are your most unfair detentions or any punishment in school
- Guaranteed University Managed Accommodation at Winchester - Clearing 2023
- Hayloft Point lease transfer
- Leicester Takeover Tenancy 2023/24
- Urgent tenancy takeover
- Uni houses
- Private uni accommodation problem
- Student Accomodation Summer Re-let (May 2024 - 31st August 2024)
- Student Apartment Sublet - KCL Guy's Campus, April to Early September
The Student Room – security breach
Scroll to see replies
Original post by rmhumphries
I am still wondering how/why this happened. Why was the data not secure enough?
I doubt the how and why will be made public, unfortunately.
Original post by Chrosson
Well yes now that you've posted that information here. Probably want to change those passwords.
*facepalm*
My new password now has an insane character length.
I thought, for example, an 8 digit string of numbers was easier to obtain than an 8 digit string of letters? I started reading about cryptology a while ago, but never got past the basics. I guess this is a good incentive for me to go get some further reading done, even though it's not the main security issue.
I'm just glad TSR came out and said it instead of farting about for ages like Sony did.
Original post by Deyesy
The joys of my bank using numbers and not letters for it's passwords. I am safe on the bank account front 
I think I'll just change everything that uses old TSR password to my new one
Though my password is different for YT and other places. I don't think hackers could do that much damage to me to be honest 
My Amazon password needs changing I think though >.>
I think I'll just change everything that uses old TSR password to my new one
Though my password is different for YT and other places. I don't think hackers could do that much damage to me to be honest My Amazon password needs changing I think though >.>I thought, for example, an 8 digit string of numbers was easier to obtain than an 8 digit string of letters? I started reading about cryptology a while ago, but never got past the basics. I guess this is a good incentive for me to go get some further reading done, even though it's not the main security issue.
I'm just glad TSR came out and said it instead of farting about for ages like Sony did.
Original post by Metrobeans
I've changed my password as suggested, but I was wondering - do you guys know if details have been taken for everyone on the site or just a certain number? When did this happen?
We can only see evidence of 100k being taken.
Posted from TSR Android App
Original post by Sgt.Incontro
Oh deary me...
Why on earth weren't the passwords and data stored more securely??!!
Seems that even an A-Level computing student could have hacked this then.
This was posted from The Student Room's Android App on my HTC Sensation Z710e
Why on earth weren't the passwords and data stored more securely??!!
Seems that even an A-Level computing student could have hacked this then.
This was posted from The Student Room's Android App on my HTC Sensation Z710e
We just used what vbulletin gave us unfortunately. As we do with many things. We dont store much personal data really so never thought to do more. With hindsight...
Posted from TSR Android App
The nasty man got in originally through a compromised password.
All (hopefully) vulnerabilities were fixed quickly. Our hosting partner in canada has worked all night locking everything down. (thanks guys). Our mods and staff have also done their part over night.
We have some more secondary tasks to do today.
We will be changing password storage shortly and have put in place a range of security features that would prevent this occurring again. Hopefully.
I hate to add those caveats, but we have to be realistic and it wouldnt make sense to start implementing bank like security considering how little personal or financial data we store on users.
Sorry for the inconvenience though. It is a right pain.
Posted from TSR Android App
All (hopefully) vulnerabilities were fixed quickly. Our hosting partner in canada has worked all night locking everything down. (thanks guys). Our mods and staff have also done their part over night.
We have some more secondary tasks to do today.
We will be changing password storage shortly and have put in place a range of security features that would prevent this occurring again. Hopefully.
I hate to add those caveats, but we have to be realistic and it wouldnt make sense to start implementing bank like security considering how little personal or financial data we store on users.
Sorry for the inconvenience though. It is a right pain.
Posted from TSR Android App
Original post by estel
Are changes being made at the moment, or are the instances of people being repeatedly logged out and needing to reset their passwords examples of cracked passwords being exploited?
Please can you expand on this issue
Posted from TSR Android App
Original post by pinkangelgirl
i dont get it!! if ive changed my password will i be ok now?
Yup
Posted from TSR Android App
Original post by pinkangelgirl
Also, do they only have our current password or will they have all the passwords weve ever used.
Also, do they only have our current password or will they have all the passwords weve ever used.
Just the current one
Posted from TSR Android App
Original post by alaska.
Is there an issue with my account? I fail to see many of the flags in the top right hand corner.... but that is the only problem I've noticed so far (might be a stupid thought, but I thought I better ask!).
That is unrelated and you can solve it by clearing your browser cache. You are unlikely to see any direct impact of the data hack and it is unlikely that anyone will try to access your account. However, as a precaution it is recommended that you change your password on this site and on any other site which uses the same password/email combination.
One of the first things these people will do, once they've worked out your password, is search your email address on FB to find out who you are IRL. I would make sure you have this feature turned off if you haven't already.
(edited 11 years ago)
Original post by pinkangelgirl
i dont get it!! if ive changed my password will i be ok now?
Also, do they only have our current password or will they have all the passwords weve ever used.
Ive just had to log in everywhere and change everything to brane new passwords
Also, do they only have our current password or will they have all the passwords weve ever used.
Ive just had to log in everywhere and change everything to brane new passwords
I doubt they'll have every password that you've ever used on here. From my experiences of working with forums like these your new password overwrites your previous one and the previous one is no longer stored. It's obviously the most secured way of doing it to keep as few passwords stored as possibly possible.
Original post by Sgt.Incontro
Oh deary me...
Why on earth weren't the passwords and data stored more securely??!!
Seems that even an A-Level computing student could have hacked this then.
This was posted from The Student Room's Android App on my HTC Sensation Z710e
Why on earth weren't the passwords and data stored more securely??!!
Seems that even an A-Level computing student could have hacked this then.
This was posted from The Student Room's Android App on my HTC Sensation Z710e
The trouble is that the more secure you make the site the less convenient it becomes. You can't have the best of both worlds. Considering TSR doesn't store any particularly sensitive data, I don't think bank-level security is really needed. Having said that, this should now clearly call for a re-think of their security mechanism.
As far as I know A-Level computing doesn't teach how to break a hashed password? Correct me if I'm wrong... ?
Original post by tehforum
. Although the passwords were hashed/salted, they were unfortunately not secured to a level which would prevent them being cracked with modern approaches.
Why not?
Is TSR not a modern website? Is TSR benevolent towards the threat of cyber-hacking? Evidently so.
Does it not care about the millions of users personal information?
Please do not lecture me with cries of "oh, all you have to do is change your password", it is a case of principle and the mere reality that this has occurred.
I have changed my password.
Why not?
Is TSR not a modern website? Is TSR benevolent towards the threat of cyber-hacking? Evidently so.
Does it not care about the millions of users personal information?
Please do not lecture me with cries of "oh, all you have to do is change your password", it is a case of principle and the mere reality that this has occurred.
I have changed my password.
Since we don't know that this is really you speaking, I'll wait for you to supply a fingerprint and blood sample before responding properly. It's the only secure way of doing it, however inconvenient it is.
Original post by madders94
Did they get our email addresses or will they be able to hack every site we're on just with our username and password 
because TSR is virtually the only thing I use this email address for, so I've changed my password on here but do I need to change it everywhere else too?
because TSR is virtually the only thing I use this email address for, so I've changed my password on here but do I need to change it everywhere else too?Anyone who has access to your password from this site will also have access to your email address. Any websites where you have used the same password as here you should change your password. You should also change the password of your email account.
Related discussions
- Make it More Breakfast-ey !!
- Someone created
- The London Clinic: Hospital where Kate treated responds after alleged privacy breach
- Urgent - nottingham or warwick
- Ethical Research Misconduct (continued discussion)
- 5 ways how AI is improving cloud computing
- Data breach
- GAMSAT 2024 is online
- idk what to do
- sfe help
- Could my bf live with me in student accommodation?
- what are your most unfair detentions or any punishment in school
- Guaranteed University Managed Accommodation at Winchester - Clearing 2023
- Hayloft Point lease transfer
- Leicester Takeover Tenancy 2023/24
- Urgent tenancy takeover
- Uni houses
- Private uni accommodation problem
- Student Accomodation Summer Re-let (May 2024 - 31st August 2024)
- Student Apartment Sublet - KCL Guy's Campus, April to Early September
Latest
Trending
Last reply 1 month ago
The Student Room Update: New Look, New Homepage and More!Trending
Last reply 1 month ago
The Student Room Update: New Look, New Homepage and More!
