What's new

Data breach on vi-control? (MOD EDIT - Unlikely)

Arbee

Senior Member
View attachment 52097

Well, what more proof do you need? :grin:
This only means that some phisher has determined that you visit (or may visit) VI-Control and perhaps have an Apple account, so you become a potential target for this broken English email. More likely perhaps that your browsing history has been shared than VI-Control having a data breach. Worst case, a hacker gets hold of a VI-Control email list. The language, thankfully, is always a dead give away :laugh:
 

Loïc D

Monkeying with libraries
Hmmm I never got a mail from Apple about security breach.
BUT devices notifications, yes. All companies now are checking if your credentials appear in leaked password databases. In case you use the same credentials on other sites, they will notify you to change the passwords.
 

thorwald

Active Member
Hi moderators,

I got a message from Apple that my password for vi control forums has been found in the dark web. Kindly look into this immediately and ensure security of user data.

Thanks
As said before, it's very unlikely that Apple would send you an email if your passwords are compromised. On-device notifications are a lot more likely.

The correct procedure, should there be a data breach (which is very unlikely), is to change your password ASAP. 99% of the time, passwords are not stored as plain text in databases, and the hashes will take time to solve, if at all. So even if the hashed password gets out, it does not imply that your password is cracked and that it's out for public consumption.

Never ever use the same password on two or more sites, and ensure that they are strong enough (lower/uppercase letters, numbers, symbols, at least 20 characters). An useful site to check this is at https://howsecureismypassword.net/
 
OP
S

star.keys

Senior Member
Thread starter
  • Thread Starter
  • Thread Starter
  • #29
I'm pretty sure Apple is not engaged in scouring the dark web for stolen passwords. What email address did that message come from?
It was a notification on my iphone as well my Kaspersky internet security alert, which included 5-6 companies / servers where apparently I had used the same password. This probably came from a breach on one of the servers that led to the email and password being pushed to the dark web. They identified all passwords that I had storied on my iphone as vulnerable, including the one used for this forum and VSL. I eventually changed both passwords. We live in a weird world.
 

cygnusdei

Active Member
It was a notification on my iphone as well my Kaspersky internet security alert, which included 5-6 companies / servers where apparently I had used the same password. This probably came from a breach on one of the servers that led to the email and password being pushed to the dark web. They identified all passwords that I had storied on my iphone as vulnerable, including the one used for this forum and VSL. I eventually changed both passwords. We live in a weird world.
Did the report specifically mention vi-control.net?
 
OP
S

star.keys

Senior Member
Thread starter
  • Thread Starter
  • Thread Starter
  • #32
If i think of it, probably all my stored passwords on Apple and kaspersky were identified against lne breach traced to the dark web. So they might have flagged all servers where the combination of the same email and password was used. This may not necessarily mean that vi control or VSL could have got compromised. I don’t know! To be on a safer side, I changed all my passwords and sent a message to vi control (this message) and VSL (sent them email and they sent me a link to reset my password)
 

Markrs

Complete Beginner
So they might have flagged all servers where the combination of the same email and password was used.
This is pretty standard, that they tell you all the places you have used the same login in details and then encourage you to update your password. My password was stolen from a website, but I used the same one for PayPal and money was stolen. It was a long time ago now. These days I use a password manager and every password is unique.
 

cygnusdei

Active Member
FYI for me the last reported case was cafepress.com two years ago, which was a bona fide leak. Although passwords are usually encrypted, the more concerning is whatever identifying information that could be used for identity theft: phone #, address, date of birth etc - these are usually not encrypted but stored as plain text.
 
Top Bottom