BMW Luxury Touring Community banner

1 - 2 of 2 Posts

·
Premium Member
Joined
·
684 Posts
Discussion Starter #1
If you are a BMWMOA member, you should go to the BMWMOA website and change your password. Pay special attention where they advise you to change passwords on other websites where you use the same or similar passwords. Here is the text of the announcement from BMWMOA:

Forum Database Leaked
---------------------------------------------
The club administration has become aware that our forum's database has been obtained and leaked. This thread provides the information that we have about the event and advice about how to handle it.

Apparently someone was able to download part or all of the live database around January 27th. We became aware of this yesterday (1/30). A conference call was held this morning to discuss the situation, between Club President Greg Feeler, Executive Director Ray Zimmerman, IT administrator Jeff Betz, Forum Administrator Kurt Schrader and me, Forum Liaison Darryl Richman.

We have determined that forum user names and associated email addresses were leaked, as well as one-way encrypted hash codes of forum passwords. Other forum related information was probably downloaded as well, but we do not have direct evidence of this.

Unfortunately, this probably means that all our members will now receive more spam mail at their registered email address.

Beyond that, the password hash codes are difficult -- but not impossible -- to break. Some techniques that the bad guys use may quickly break some weak passwords.

We highly recommend that you change your password here, and anywhere else you use the same or similar passwords, especially on sites that may have your financial information.

We are now in the process of sending an email to every member in the database to warn them that they should change their password.

Because a member's username and password provide access to the club functions on the website as well as the forum, someone could impersonate a member. We think this is unlikely because the club's website does not keep any financial information that can be used to make purchases.

We are also trying to determine how the leak was accomplished and determine how to secure it from this exploit. We expect to update this thread with progress on this soon.

I am leaving this topic locked so that any additional information we learn can be readily disseminated. Please use this other thread for discussion.

Thanks for your patience.
__________________
--Darryl Richman, forum liaison

..............................................

The club began a mass emailing this afternoon to alert all members that they should change their passwords. The mail is going out through a mailing service, so I'm not sure how long it will take to plow through ~40,000 emails.
__________________
--Darryl Richman, forum liaison
 
1 - 2 of 2 Posts
Top