Attention – Security Issue - Pontiac Solstice Forum
 1Likes
Reply
 
LinkBack Thread Tools Display Modes
post #1 of 20 (permalink) Old 06-18-2016, 09:38 AM Thread Starter
Administrator
 
Administrator's Avatar
 
Join Date: Mar 2008
Posts: 336
Attention – Security Issue

Hey Team,

Over the 2 weeks we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a onetime reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 180 day basis. When you login on the 181st day, you will have to change it. You guys and girls all have the highest level of access in our communities and this will help protect your accounts.

All other users on the community will have 365 day expirations. We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

We are testing and rolling out the changes slowly to ensure that they do not cause unforeseen issues with current plug-ins and products on the site, we will let you all know the day before it goes live.

I also ask that you help us with ensuring all users are being heard and we are answering everyone’s questions. We will be posting an announcement up to the community shortly and want to keep all chatter about this issue and any potential security issues in one place. If you see a user talking about this topic in a section outside of the announcement, please either move the post, or remove it and direct the user to the original thread. We greatly appreciate your help in this. If you have any questions please post them below.

Thanks all,

Helena Barclay

Community Management
Administrator is offline  
Sponsored Links
Advertisement
 
post #2 of 20 (permalink) Old 06-18-2016, 11:29 AM
Administrator
 
MomsSol's Avatar
 
Join Date: Nov 2005
Location: Sweet Home Alabama
Posts: 9,046
Quote:
Originally Posted by RedOne07 View Post
Wow, I would think moderators and admins have a higher level access ?!?

You give me the feeling this message is not for the general forum user but for the forum-team.
Yes, mods have a high level of access and I have acces to a bit higher.

The Moderation team did receive this message prior to the general forum.

I don't suffer from insanity, I enjoy every minute of it!

#139640 '07 NA Sly Fully Loaded 12/1/07- Wester's Tune, CAI, Magnaflow Stainless Catback Exhaust, Carolina Custom Armrests and Door Pockets, Custom Painted Engine Cover, Carbon Flash Painted Grills, Custom Painted Guage Bezel, Air Oulets Bezels and Shifter Bezel. DDM Backbone and Brace
#106614 12/15/05 NA Sly Traded @ 35k Miles


"Life's not the breaths you take but the moments that take your breath away" ~ George Strait

Team Solstice

NASSOA(TM)
Founding Member
MomsSol is offline  
post #3 of 20 (permalink) Old 06-18-2016, 12:47 PM
Member
 
MARVIC 1's Avatar
 
Join Date: Apr 2011
Location: SkyRoadster.com
Posts: 370
Our way of life these days....

After signing into Fort Knots I mean the SolsticeForum.com and now fighting my way through a dilemma..

As a "Life Time Member" I was NOT able to post a message on this site.
As a "Life Time Member" my PM Box was full with only 5 Personnel posted messages by me occupying the folder.

All these functions showed that they were turned off:
You may NOT post new threads
You may NOT post replies
You may NOT post attachments
You may NOT edit your posts
BB code is Off
Smilies are Off
[IMG] code is Off
HTML code is Off

As of now I don't even know if this message will be posted in this "Attention – Security Issue Reply to Thread" thread.
Here are some pic's of a "Life Time Member" accessibility's to the Solstice Forum..

Welcome, MARVIC 1. Visited Yesterday 09:59 PM Private Messages: Unread 0, Total 10.
Your PM box is 100% full.
Verification Required You are not fully registered. Please follow this link or check the email inbox associated with your account to complete your registration process.



This Picture here shows my: Join Date, Registration Status and membership access.



A PM message was left to the Administrator by me with no reply or fix as of yet.



.

.

.

.
Attached Thumbnails
Click image for larger version

Name:	Login Solstice 002.jpg
Views:	442
Size:	298.6 KB
ID:	60033   Click image for larger version

Name:	Login Solstice 001.jpg
Views:	448
Size:	221.4 KB
ID:	60041  
MARVIC 1 is offline  
post #4 of 20 (permalink) Old 06-25-2016, 07:26 PM
Member
 
Join Date: May 2015
Location: Detroit
Posts: 384
Just got had to reset password again, did we get hacked again?

"You are the product" - Autoguide.com group forums
Steelmesh is offline  
post #5 of 20 (permalink) Old 06-26-2016, 06:26 PM
Member
 
80sbikedude's Avatar
 
Join Date: Apr 2016
Location: North Texas
Posts: 86
Garage
Quote:
Originally Posted by Steelmesh View Post
Just got had to reset password again, did we get hacked again?
I had to reset my password two days in a row. Now I try not top close the browser so it will not log me out. Has worked for now........have closed it and reopened in the same day with no problems so far.

If at first you don't succeed, do it like your mom told you.
"Do or do not, there is no try."~~Yoda
Next time you are feeling perfect, try walking on water!
80sbikedude is offline  
post #6 of 20 (permalink) Old 06-27-2016, 08:42 AM
Member
 
druid-2's Avatar
 
Join Date: Aug 2005
Location: buzzard..what buzzard..do you see a buzzard..I didn't see a buzzard...or that little sparrow either- or dat squirrel
Posts: 8,252
Every time I request a new password (multiple times) and log in

I then try to change my password to one I WANT

I do it all properly (have been a forum member 10 years now)
but when I click on Save changes...the yellow box goes to "fade" but does not accept my changes

W H Y ????

********************
NEOKAPPA's


Some people grow old before their time...I choose to die before I grow old !

Druid (Cool) MERLIN came home 11-15-05 VIN 4495
Clear bra, Stubby antenna, Kappashield, mudguards, Black wheels with Hankook Ventus tires...CAI..SOLO SQR-2 with free flow CAT & SS header DDM Racing backbone and Pro-beam ..painted calipers and wheel center decals. 25% tint windshield ... Vertical Chrome billet grille .. 95K - stay tuned
druid-2 is offline  
post #7 of 20 (permalink) Old 06-27-2016, 09:36 AM
Member
 
Join Date: May 2015
Location: Detroit
Posts: 384
Quote:
Originally Posted by druid-2 View Post
Every time I request a new password (multiple times) and log in

I then try to change my password to one I WANT

I do it all properly (have been a forum member 10 years now)
but when I click on Save changes...the yellow box goes to "fade" but does not accept my changes

W H Y ????
Possibly try a different browser and/or clear all the cookies in your current browser to see if problem is with those.

"You are the product" - Autoguide.com group forums
Steelmesh is offline  
post #8 of 20 (permalink) Old 06-27-2016, 10:06 AM
Member
 
Rusty Boltz's Avatar
 
Join Date: Jan 2011
Location: Fort Worth, TX
Posts: 690
After getting the e-mail with my temporary password, I logged on and changed it. I logged off yesterday, and just logged on again today with no problem.


'07 Sky
2.4L
5 speed
limited slip
chrome
leather
bright interior trim
Monsoon audio
AM/FM/XM/CD changer
Rusty Boltz is offline  
post #9 of 20 (permalink) Old 06-27-2016, 10:39 AM
AKA SolWhat?
 
DaveOC's Avatar
 
Join Date: Oct 2005
Location: SE Wisconsin
Posts: 10,070
Garage
Quote:
Originally Posted by druid-2 View Post
Every time I request a new password (multiple times) and log in

I then try to change my password to one I WANT

I do it all properly (have been a forum member 10 years now)
but when I click on Save changes...the yellow box goes to "fade" but does not accept my changes

W H Y ????
Are you sure your NEW password meets all the requirements?

Must be at least 10 characters
Must contain lower-case characters
Must contain upper-case characters
Must contain numbers
Must contain symbols

Have you reentered your old password (the one assigned by the administrators)?
Have you entered the new Password twice (in both the spaces provided)



.



1st 1K - #741
DaveOC is offline  
post #10 of 20 (permalink) Old 07-02-2016, 08:49 PM
Member
 
gz9gjg's Avatar
 
Join Date: Jun 2007
Location: Michigan
Posts: 397
This isn't a bank web site and the new password rules are irritating.

Every site that I join, from banks, credit cards, utilities billing, to forums, has different rules and I get tired of making up and remembering new passwords. It's gotten to the point that I have to write them down, making my passwords less secure.

While I appreciate the increased attention to security, I think the new password rules go too far.
Rusty Boltz likes this.
gz9gjg is offline  
post #11 of 20 (permalink) Old 07-05-2016, 11:43 AM Thread Starter
Administrator
 
Administrator's Avatar
 
Join Date: Mar 2008
Posts: 336
Hey guys,

I just want to post here to shed a little more light on the situation, at least as much as we can provide at the moment.
As mentioned below, if you guys have any questions feel free to ask.

A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

Their system was compromised and they grabbed user data for us and thousands of others.
We cleared our part of the breach and went this route to further security.
This is also in place as many members on the internet use the same or similar passwords across all things they use.

Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used.
Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Though this breech happened in Feb, we were not notified until very recently. We worked hard to find a solution for this mess, and acted on it. Though it may not be ideal in some eyes, it is the best we have access to ATM.
Once the storm settles we may look into other methods for our security, but right now we ask that you be patient with us.

As for us not responding to members, you have to understand our community support team watches over many sites. Luckily this week and last, we have had many members from other teams offer help. With that said all emails sent to our Contact Us email will be dealt with. Granted, it may take a little time for us to get to all of them, but please be patient with us as we are working really hard to catch up and help everyone.

If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you for your patience and understanding,

Richard.
Administrator is offline  
post #12 of 20 (permalink) Old 01-16-2017, 02:19 PM
Member
 
stevebot39's Avatar
 
Join Date: Dec 2016
Location: Cleveland Heights OH in summer, Tucson AZ in Winter
Posts: 339
Garage
Too much security?

I LOVE this forum but it seems like the security is excessive. It logs me off in less time than my bank or PayPal and I really do not have much to hide here, a user name and what car I drive. Sites with similar levels of info let me log in for two weeks at a time. And to top that off I cannot easily log on from a new device. I am traveling currently and away from my desktop and have had to go through a separate IP address verification for my phone, iPad and laptop. Really? I can log on to eBay and buy a new Solstice with less effort. Let's make the forum user and mobile device friendly, please.

SteveBot39
Winter Solstice, Tucson AZ - '09 NA Automatic Cool Silver Coupe; DDM Supercharger, MagnaFlow cat and exhaust, ESTuned; GXP sway bars, DDM chassis kit; Stoptech brakes; Michelin PSS tires; Pioneer radio w/ NAV and b/u camera. Plate SOL N AZ

Summer Solstice, Cleveland Heights OH - '09 NA Auto Mysterious Black Coupe; DDM Supercharger, MagnaFlow, DDM chassis kit, Hawk brake pads, Conti EC Sport tires on Black ASA wheels, Advent radio w/ NAV and b/u camera. Plate SOL 4 OH
stevebot39 is offline  
post #13 of 20 (permalink) Old 01-17-2017, 08:32 AM
Member
 
Sting Ya's Avatar
 
Join Date: Nov 2010
Posts: 3,539
After the dust settled with the security changes ( I had some issues ) when I have to re log in after a clean up program I click the remember me box and don't have a problem
Sting Ya is offline  
post #14 of 20 (permalink) Old 01-17-2017, 09:26 AM Thread Starter
Administrator
 
Administrator's Avatar
 
Join Date: Mar 2008
Posts: 336
Quote:
Originally Posted by stevebot39 View Post
I LOVE this forum but it seems like the security is excessive. It logs me off in less time than my bank or PayPal and I really do not have much to hide here, a user name and what car I drive. Sites with similar levels of info let me log in for two weeks at a time. And to top that off I cannot easily log on from a new device. I am traveling currently and away from my desktop and have had to go through a separate IP address verification for my phone, iPad and laptop. Really? I can log on to eBay and buy a new Solstice with less effort. Let's make the forum user and mobile device friendly, please.
It is a tougher password that is required for the site, however you can always simplify them so its not so hard to remember.

for example Password#1

Thank you so much for your feedback

~ Glenda
Administrator is offline  
post #15 of 20 (permalink) Old 01-22-2017, 08:10 PM
Member
 
AeroDave2's Avatar
 
Join Date: Jan 2017
Location: Discovery Bay, CA
Posts: 4
Hi all,

This is AeroDave from the older forums. I am one of the founding members, owner of Solstice first 1K #0051. I can no longer log on with my old account because I don't come here often anymore and my old password has apparently been erased. I can't use the usual password reset procedure because I have since changed my email from what is on file from nearly 12 years ago.

I still like to check in every now and then and have more questions now that my daily driver Solstice is getting up there in age. I cerated this account just to ask for help getting back to my old account.

Thanks in advance! Dave
AeroDave2 is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Pontiac Solstice Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome