Moderators: richierich, ua900, PanAm_DC10, hOMSaR
VertScopeJeff wrote:
airkas1 wrote:I've forwarded this thread to management.
So to clarify, someone contacted you and stated the E-mail address AND password you use for this site? It wasn't an E-mail through the contact feature or anything? Any chance of a screenshot with all sensitive info blanked out (also possible via PM/E-mail)?
VertScopeJeff wrote:Any more info on the detail would be great, did they request Bitcoin payment, a few of those have been going around today.
Please update your password and any more info or detail son the email would be great.
Jeff M
VertScopeJeff wrote:10-4, you should be all good then.
We have no other reports of any issues and checked out the back end and no breaches.
Jeff M
PanAm_DC10 wrote:...from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data
PanAm_DC10 wrote:Thanks Moose135
That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.
Regards
Paul
Moose135 wrote:PanAm_DC10 wrote:...from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data
Not likely. This is a version of a scam e-mail that has been going around for a while. They get your e-mail/password from a hacked site, then send you an e-mail claiming they put a tracker on your computer and have recorded you via your web cam, hoping to scare some people into sending them money. I've gotten a couple in the past few weeks and have ignored them with no consequences.
https://www.theregister.co.uk/2018/07/1 ... tion_scam/
mcr wrote:PanAm_DC10 wrote:Thanks Moose135
That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.
Regards
Paul
You may not know HOW they're getting them from airliners.net, but with three reports of a password used only on this site being compromised it's pretty evident that they ARE.
United787 wrote:I received the same e-mail and have had to change the password on multiple sites because I use the same password elsewhere. But, given this is the only one that IS NOT secure, I think it is a safe bet that A-Net is the culprit. Why is A-Net NOT secure?
I also can't find out how to change the password here... Anyone?
I have been trying to figure out how to change the profile picture but gave up... Anyone?
I have been on this site for 13 years and it only seems to keep getting worse. I am about done.
PS - I spoke to my IT consultant and he confirmed my computer has NOT been hacked, just the e-mail compromised.
atcsundevil wrote:As I mentioned in the https thread, have you cleared your cookies? If you do, it should take you to https every time. I did it around the time the site was upgraded, and it's never once been unsecured. The site should obviously automatically redirect, but since it apparently doesn't, clearing your cookies should fix the issue.
scbriml wrote:atcsundevil wrote:As I mentioned in the https thread, have you cleared your cookies? If you do, it should take you to https every time. I did it around the time the site was upgraded, and it's never once been unsecured. The site should obviously automatically redirect, but since it apparently doesn't, clearing your cookies should fix the issue.
I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.
paveknife wrote:Why doesn't Airliners.net inform it's users by mail on what is happening here?
Moose135 wrote:paveknife wrote:Why doesn't Airliners.net inform it's users by mail on what is happening here?
Because the e-mail notification system (used for things like letting users know when a forum post has been removed) is broken, but it's on the developers' list, we're just not sure when they will get to it.
atcsundevil wrote:scbriml wrote:atcsundevil wrote:As I mentioned in the https thread, have you cleared your cookies? If you do, it should take you to https every time. I did it around the time the site was upgraded, and it's never once been unsecured. The site should obviously automatically redirect, but since it apparently doesn't, clearing your cookies should fix the issue.
I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.
Interesting. I wonder why it works for some people and not others. Then again, I'm hardly an expert on this stuff. The developers are aware, and presumably they'll be getting to it once they can figure out all of these annoying 502 issues.
atcsundevil wrote:Moose135 wrote:paveknife wrote:Why doesn't Airliners.net inform it's users by mail on what is happening here?
Because the e-mail notification system (used for things like letting users know when a forum post has been removed) is broken, but it's on the developers' list, we're just not sure when they will get to it.
It isn't broken...it doesn't actually exist. The notifications were part of the old site. Nothing has been made to replace it. It's planned, and we've been asking for an automated notification system for more than two years, but obviously it hasn't happened. At the moment, there are clearly much bigger concerns.
paveknife wrote:atcsundevil wrote:It isn't broken...it doesn't actually exist. The notifications were part of the old site. Nothing has been made to replace it. It's planned, and we've been asking for an automated notification system for more than two years, but obviously it hasn't happened. At the moment, there are clearly much bigger concerns.
Thanks, I was not aware of that!
My concern is that far not every user/uploader is active on this forum, and therefor will not be aware of what is happening...
So personally I think this is, or should be, a big concern.
OA412 wrote:atcsundevil wrote:scbriml wrote:
I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.
Interesting. I wonder why it works for some people and not others. Then again, I'm hardly an expert on this stuff. The developers are aware, and presumably they'll be getting to it once they can figure out all of these annoying 502 issues.
scbriml, I just had the same issue. I too am using Chrome. Try this and see if it works. I physically typed https://www.airliners.net into the browser, and now it does appear to default to the https site each time I visit the site.
scbriml wrote:This is somewhat (OK, very) embarrasing, but I realised that I access a.net through a bookmark that was still set to https://airliners.net. I've changed that to https://airliners.net and it now seems to be working OK.![]()
While stupid on my part, it would appear that the most basic redirection of the site from http to https is clearly not working.
matb wrote:Just received the same email.
LH422 wrote:Thanks for the update. I have no explanation for this phenomenon. I'd appreciate if others could try if their passwords have been compromised. The probability that someone other than me was using that same password is incredibly small.
JohnKrist wrote:LH422, my password has not changed since I registered, and has not been pwned.
PanAm_DC10 wrote:That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.
Moose135 wrote:PanAm_DC10 wrote:...from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data
Not likely. This is a version of a scam e-mail that has been going around for a while. They get your e-mail/password from a hacked site, then send you an e-mail claiming they put a tracker on your computer and have recorded you via your web cam, hoping to scare some people into sending them money. I've gotten a couple in the past few weeks and have ignored them with no consequences.
https://www.theregister.co.uk/2018/07/1 ... tion_scam/