What's new

Data breach on vi-control? (MOD EDIT - Unlikely)

appleemail.jpg

Well, what more proof do you need? :grin:
This only means that some phisher has determined that you visit (or may visit) VI-Control and perhaps have an Apple account, so you become a potential target for this broken English email. More likely perhaps that your browsing history has been shared than VI-Control having a data breach. Worst case, a hacker gets hold of a VI-Control email list. The language, thankfully, is always a dead give away :laugh:
 
Hmmm I never got a mail from Apple about security breach.
BUT devices notifications, yes. All companies now are checking if your credentials appear in leaked password databases. In case you use the same credentials on other sites, they will notify you to change the passwords.
 
Hi moderators,

I got a message from Apple that my password for vi control forums has been found in the dark web. Kindly look into this immediately and ensure security of user data.

Thanks
As said before, it's very unlikely that Apple would send you an email if your passwords are compromised. On-device notifications are a lot more likely.

The correct procedure, should there be a data breach (which is very unlikely), is to change your password ASAP. 99% of the time, passwords are not stored as plain text in databases, and the hashes will take time to solve, if at all. So even if the hashed password gets out, it does not imply that your password is cracked and that it's out for public consumption.

Never ever use the same password on two or more sites, and ensure that they are strong enough (lower/uppercase letters, numbers, symbols, at least 20 characters). An useful site to check this is at https://howsecureismypassword.net/
 
This might not have anything to do with a potential breach but thought it worth flagging in case something is wrong with the site.

1624234377583.png
Maybe incorrect configuration of that AddonsLab addon...
... or maybe subscription expired or something.
 
I'm pretty sure Apple is not engaged in scouring the dark web for stolen passwords. What email address did that message come from?
It was a notification on my iphone as well my Kaspersky internet security alert, which included 5-6 companies / servers where apparently I had used the same password. This probably came from a breach on one of the servers that led to the email and password being pushed to the dark web. They identified all passwords that I had storied on my iphone as vulnerable, including the one used for this forum and VSL. I eventually changed both passwords. We live in a weird world.
 
It was a notification on my iphone as well my Kaspersky internet security alert, which included 5-6 companies / servers where apparently I had used the same password. This probably came from a breach on one of the servers that led to the email and password being pushed to the dark web. They identified all passwords that I had storied on my iphone as vulnerable, including the one used for this forum and VSL. I eventually changed both passwords. We live in a weird world.
Did the report specifically mention vi-control.net?
 
If i think of it, probably all my stored passwords on Apple and kaspersky were identified against lne breach traced to the dark web. So they might have flagged all servers where the combination of the same email and password was used. This may not necessarily mean that vi control or VSL could have got compromised. I don’t know! To be on a safer side, I changed all my passwords and sent a message to vi control (this message) and VSL (sent them email and they sent me a link to reset my password)
 
So they might have flagged all servers where the combination of the same email and password was used.
This is pretty standard, that they tell you all the places you have used the same login in details and then encourage you to update your password. My password was stolen from a website, but I used the same one for PayPal and money was stolen. It was a long time ago now. These days I use a password manager and every password is unique.
 
FYI for me the last reported case was cafepress.com two years ago, which was a bona fide leak. Although passwords are usually encrypted, the more concerning is whatever identifying information that could be used for identity theft: phone #, address, date of birth etc - these are usually not encrypted but stored as plain text.
 
This might not have anything to do with a potential breach but thought it worth flagging in case something is wrong with the site.

1624234377583.png
Thanks, but no, nothing affecting the site at the moment. I have received instructions from the addon developer to remedy this.

But thanks for reporting!

Andre
VIC Tech support
 
Top Bottom