# Data breach on vi-control? (MOD EDIT - Unlikely)



## star.keys (Jun 20, 2021)

Hi moderators,

I got a message from Apple that my password for vi control forums has been found in the dark web. Kindly look into this immediately and ensure security of user data.

Thanks


----------



## thesteelydane (Jun 20, 2021)

star.keys said:


> Hi moderators,
> 
> I got a message from Apple that my password for vi control forums has been found in the dark web. Kindly look into this immediately and ensure security of user data.
> 
> Thanks


I'm pretty sure Apple is not engaged in scouring the dark web for stolen passwords. What email address did that message come from?


----------



## Markrs (Jun 20, 2021)

thesteelydane said:


> I'm pretty sure Apple is not engaged in scouring the dark web for stolen passwords. What email address did that message come from?


Apple, Google, Microsoft, etc plus password management companies (last pass, etc) all check for compromised passwords. They often use 3rd party security companies that do trawl the dark web and record companies that have had data compromised.


----------



## thesteelydane (Jun 20, 2021)

Markrs said:


> Apple, Google, Microsoft, etc plus password management companies (last pass, etc) all check for compromised passwords. They often use 3rd party security companies that do trawl the dark web and record companies that have had data compromised.


Well, I learned something new today. Probably just suspicious because I have never received such a message myself.

EDIT: I mean, I have, but whenever I check the actual email address it's usually from afghanhacker123 @ hotmail.com or something similar...


----------



## Markrs (Jun 20, 2021)

thesteelydane said:


> Well, I learned something new today. Probably just suspicious because I have never received such a message myself.


I've had money stolen due to a compromised password. So learned my lesson and use unique passwords for every site. I think since then I have had to change a couple of passwords as the company had an attack and the passwords could have potentially been compromised. 

If you save passwords in Chrome or Safari or Firefox, they will also let you know of it has been compromised.


----------



## thesteelydane (Jun 20, 2021)

Markrs said:


> I've had money stolen due to a compromised password. So learned my lesson and use unique passwords for every site. I think since then I have had to change a couple of passwords as the company had an attack and the passwords could have potentially been compromised.
> 
> If you save passwords in Chrome or Safari or Firefox, they will also let you know of it has been compromised.


Sorry to hear, and of course we can't be too careful. Just saying that most of these password stolen emails are phishing attempts. I had to teach my mum to check the sender email, and never click through a link in any email to change her supposedly compromised password.


----------



## tack (Jun 20, 2021)

star.keys said:


> I got a message from Apple that my password for vi control forums has been found in the dark web.


Is your password randomly generated and unique to VI-C?


----------



## Mike Greene (Jun 20, 2021)

We'll look into this. It's possible we had a breach, but my guess is you have a shared password somewhere else. FWIW, all my devices are Apple, and I've gotten similar notifications, but never regarding VI-C.

Either way, bear in mind that beyond you Screen name, email and password, we don't have any user data on you. (In case anyone is wondering, the password isn't something we have access to, either. Obviously it's on a server somewhere, but it's not available to us.)


----------



## Markrs (Jun 20, 2021)

thesteelydane said:


> Sorry to hear, and of course we can't be too careful. Just saying that most of these password stolen emails are phishing attempts. I had to teach my mum to check the sender email, and never click through a link in any email to change her supposedly compromised password.


Totally agree, lots of back actors might say you're password is compromised, with a link to change it, which if course whilst it looks like the real site, it actually isn't and the plan is to capture your password.


----------



## doctoremmet (Jun 20, 2021)

Can I ask OP to change the title, until there is 100% clarity. AFAIK there has not been a data breach, so the title is misleading until proven otherwise. Thanks.


----------



## Mike Greene (Jun 20, 2021)

doctoremmet said:


> Can I ask OP to change the title, until there is 100% clarity. AFAIK there has not been a data breach, so the title is misleading until proven otherwise. Thanks.


Agreed. No one else seems to have the same issue (lots of Apple users here, so surely in the hour since this was posted, someone else would?), and as a crude test, I logged out, then logged back in with no warning from my iPhone. So until there's confirmation of an actual problem, I've changed the title.

I'll reiterate that even if there was such a breach, it would be mostly inconsequential. Sure, I guess a hacker might change a few posts from_"HZ Strings sucks!"_ to _"I love HZ Strings!"_, but ... wait a minute ... has anyone seen Paul or Christian lately???


----------



## gamma-ut (Jun 20, 2021)

How strong is the password? Apple's check in iOS14 doesn't match passwords to accounts on specific websites. It only checks if a password has ever been leaked when it gets used. It may not be your password that has leaked but someone else's that happens to match - but the device flags it when you log into a site. Plenty of people would get a warning with "password123", for example.

Even with a strong randomly generated password it's possible to get collisions, though not all that likely.

I've just checked haveibeenpwned via 1Password and my VI-C password doesn't come up.


----------



## doctoremmet (Jun 20, 2021)

gamma-ut said:


> I've just checked haveibeenpwned via 1Password and my VI-C password doesn't come up.


Same.


----------



## NekujaK (Jun 20, 2021)

Wait a minute... what's all this about HZ Strings?


----------



## Polkasound (Jun 20, 2021)

Mike Greene said:


> so until there's confirmation of an actual problem








Well, what more proof do you need?


----------



## nyxl (Jun 20, 2021)

Mike Greene said:


> (In case anyone is wondering, the password isn't something we have access to, either. Obviously it's on a server somewhere, but it's not available to us.)


It shouldn't even be on a server somewhere, at least not in clear text form. Afaik, XenForo hashes passwords with a random salt. This means that even if someone had access to the forum's database, it would be extremely difficult (if not impossible) for them to find out the clear text password of even a single user (unless it is an easy to guess password of course). Every time you log in, your password hash is recalculated and compared with the one stored in the database, but this hash calculation is a non-reversible operation.

That's why you can't retrieve your password in case you forget it, you can only reset it.

Sorry if this is obvious to everyone, just thought it should be stated clearly that the clear text passwords are not stored (and should not be stored) anywhere.


----------



## Mike Greene (Jun 20, 2021)

nyxl said:


> Sorry if this is obvious to everyone, just thought it should be stated clearly that the clear text passwords are not stored (and should not be stored) anywhere.


It wasn't obvious to me.  Thank you for the info. This is good to know.


----------



## tack (Jun 20, 2021)

Which is why when any time a website says you can't use certain characters or that your password can't be longer than a certain length (as is distressingly common with Canadian financial institutions), it is a near certainty that they are mismanaging user credentials.


----------



## Wedge (Jun 20, 2021)

Seeing that I used to live a five minute walk from Apple's compound, I'm pretty sure Corporate Apple is located in the Bay Area and not in Plunketsville AL. Even if they were in Alabama, I don't think their address would be a lot #. And I'm laughing my ass off at the idea that they'd be located on Swampvista Cir. (I get it it's the south, but it's not Florida.)


----------



## Kony (Jun 20, 2021)

Mike Greene said:


> We'll look into this. It's possible we had a breach


This might not have anything to do with a potential breach but thought it worth flagging in case something is wrong with the site.


----------



## Arbee (Jun 20, 2021)

Polkasound said:


> Well, what more proof do you need?


This only means that some phisher has determined that you visit (or may visit) VI-Control and perhaps have an Apple account, so you become a potential target for this broken English email. More likely perhaps that your browsing history has been shared than VI-Control having a data breach. Worst case, a hacker gets hold of a VI-Control email list. The language, thankfully, is always a dead give away


----------



## Polkasound (Jun 20, 2021)

Arbee said:


> This only means that some phisher has determined that you visit (or may visit) VI-Control and perhaps have an Apple account,


Or it might mean I had a little fun with Photoshop. I do stuff like that in my free time.


----------



## cygnusdei (Jun 20, 2021)

In the past I've had leak alerts from my banking institution. I recommend checking for it yourself at https://www.avast.com/hackcheck


----------



## Loïc D (Jun 20, 2021)

Hmmm I never got a mail from Apple about security breach.
BUT devices notifications, yes. All companies now are checking if your credentials appear in leaked password databases. In case you use the same credentials on other sites, they will notify you to change the passwords.


----------



## thorwald (Jun 21, 2021)

star.keys said:


> Hi moderators,
> 
> I got a message from Apple that my password for vi control forums has been found in the dark web. Kindly look into this immediately and ensure security of user data.
> 
> Thanks


As said before, it's very unlikely that Apple would send you an email if your passwords are compromised. On-device notifications are a lot more likely.

The correct procedure, should there be a data breach (which is very unlikely), is to change your password ASAP. 99% of the time, passwords are not stored as plain text in databases, and the hashes will take time to solve, if at all. So even if the hashed password gets out, it does not imply that your password is cracked and that it's out for public consumption.

Never ever use the same password on two or more sites, and ensure that they are strong enough (lower/uppercase letters, numbers, symbols, at least 20 characters). An useful site to check this is at https://howsecureismypassword.net/


----------



## AudioLoco (Jun 21, 2021)




----------



## AllanH (Jun 28, 2021)

A good free services is https://monitor.firefox.com/

This service is a simple way to see if an account has been part of an online breach. These days, most email addresses have been included in a breach somewhere, unfortunately.


----------



## ShikiSuen (Jul 4, 2021)

Kony said:


> This might not have anything to do with a potential breach but thought it worth flagging in case something is wrong with the site.


Maybe incorrect configuration of that AddonsLab addon...
... or maybe subscription expired or something.


----------



## star.keys (Jul 15, 2021)

thesteelydane said:


> I'm pretty sure Apple is not engaged in scouring the dark web for stolen passwords. What email address did that message come from?


It was a notification on my iphone as well my Kaspersky internet security alert, which included 5-6 companies / servers where apparently I had used the same password. This probably came from a breach on one of the servers that led to the email and password being pushed to the dark web. They identified all passwords that I had storied on my iphone as vulnerable, including the one used for this forum and VSL. I eventually changed both passwords. We live in a weird world.


----------



## cygnusdei (Jul 15, 2021)

star.keys said:


> It was a notification on my iphone as well my Kaspersky internet security alert, which included 5-6 companies / servers where apparently I had used the same password. This probably came from a breach on one of the servers that led to the email and password being pushed to the dark web. They identified all passwords that I had storied on my iphone as vulnerable, including the one used for this forum and VSL. I eventually changed both passwords. We live in a weird world.


Did the report specifically mention vi-control.net?


----------



## star.keys (Jul 15, 2021)

cygnusdei said:


> Did the report specifically mention vi-control.net?


Yes


----------



## star.keys (Jul 15, 2021)

star.keys said:


> Yes


If i think of it, probably all my stored passwords on Apple and kaspersky were identified against lne breach traced to the dark web. So they might have flagged all servers where the combination of the same email and password was used. This may not necessarily mean that vi control or VSL could have got compromised. I don’t know! To be on a safer side, I changed all my passwords and sent a message to vi control (this message) and VSL (sent them email and they sent me a link to reset my password)


----------



## Markrs (Jul 15, 2021)

star.keys said:


> So they might have flagged all servers where the combination of the same email and password was used.


This is pretty standard, that they tell you all the places you have used the same login in details and then encourage you to update your password. My password was stolen from a website, but I used the same one for PayPal and money was stolen. It was a long time ago now. These days I use a password manager and every password is unique.


----------



## cygnusdei (Jul 16, 2021)

FYI for me the last reported case was cafepress.com two years ago, which was a bona fide leak. Although passwords are usually encrypted, the more concerning is whatever identifying information that could be used for identity theft: phone #, address, date of birth etc - these are usually not encrypted but stored as plain text.


----------



## creativeforge (Jul 22, 2021)

Kony said:


> This might not have anything to do with a potential breach but thought it worth flagging in case something is wrong with the site.


Thanks, but no, nothing affecting the site at the moment. I have received instructions from the addon developer to remedy this. 

But thanks for reporting!

Andre
VIC Tech support


----------



## Kony (Jul 22, 2021)

Thanks for this update Andre!


----------

