What we collect!

 

Stamporama Discussion Board Logo
For People Who Love To Talk About Stamps
Discussion - Member to Member Sales - Research Center
Stamporama Discussion Board Logo
For People Who Love To Talk About Stamps
Discussion - Member to Member Sales - Research Center
Stamporama Discussion Board Logo
For People Who Love To Talk About Stamps



What we collect!
What we collect!


Club Business & Announcements/Tech Advice : The Stamporama website has been hacked. PLEASE READ NOW.

 

Author
Postings
auldstampguy
Members Picture


Tim
Collector, Webmaster

03 Oct 2015
09:11:47am
Hi Everyone,

We discovered over night that the Stamporama website has been hacked and data from the membership database has been taken. All of our emails, password and phone numbers were posted on a website called skymem.com on Sept 21. Arno found this after investigating Alyn's post re his password having been changed by someone. I have requested that the information be taken down from the skymem.com website, but it could well be posted there again. We have no knowledge about the stolen information being used apart from the fact that it was posted on the skymem site.

I believe that I have found where they got in and have closed the security hole. I apologize sincerely that the security hole existed and that I hadn't caught it before.

It is very important that you go onto the Members Area and change your password. Even more important than that, if you use the same password that you use on Stamporama on other websites, especially if you use the same email address on those other websites, you should go and change your password on those websites. This is especially important if you use your stamporama password for any banking websites etc.

To change your password on Stamporama, login and go to the Members Area and use the "Change Password" function, which is right underneath the Edit Profile function. Please let me know if you need help.

I have sent this message out to all active members, except those who have unsubscribed from the bulk emails.

Regards ... Tim.
Like 
4 Members
like this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
musicman
Members Picture


APS #213005

03 Oct 2015
09:35:36am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thank you, Tim -

I'm sure I speak for others in saying we appreciate your prompt response in this.

...password changed!







Randy

Like 
3 Members
like this post.
Login to Like.
Stampaholic
Members Picture


03 Oct 2015
09:42:20am

Auctions - Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

me2. thanks.Thumbs Up

Like
Login to Like
this post

" I have a burning love for stamps. Lord A'mighty ,feel my temperature risin'! "
Tregeor
Members Picture


03 Oct 2015
09:55:36am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Makes you wonder what these idiots get out of doing stuff like that. They ought to get a job! Angry
Anyway, my p/w now changed. Thanks for the update.

Like
Login to Like
this post
bobstew617
Members Picture


03 Oct 2015
09:58:42am
re: The Stamporama website has been hacked. PLEASE READ NOW.

pw changed --thanks, Tim.

I am concerned that members who do not read the DB will not know of this. Is there any way to do a mass email?

BOB

Like
Login to Like
this post
auldstampguy
Members Picture


Tim
Collector, Webmaster

03 Oct 2015
10:03:13am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Bob,
There is an email going out to all active members right now (except to the members who have unsubscribed to the bulk emails). I have also posted the message on the SOR Facebook page.

Tim

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Rhinelander
Members Picture


Support the Hobby -- Join the American Philatelic Society

03 Oct 2015
10:05:35am
re: The Stamporama website has been hacked. PLEASE READ NOW.

If there had been any widespread abuse, I believe we would have become aware of this issue much earlier. Great. Tim, that you have figured out and fixed the vulnerability.

What are you going to do about such lowlifes? We could consider requiring mandatory password changes every couple of months, but that is probably not very popular with most users. So, I believe that falls into the realm of the internet being a scary place and to always be guarded, i.e., to use different passwords for different places and to change them once in a while. Of course, me too is guilty of not doing so at all times.

Like
Login to Like
this post
samliu

03 Oct 2015
10:19:35am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Maybe we need to consider to encrypt password.

Nobody should be able to decrypt it, even users can only reset, not recover.

Sam

Like
Login to Like
this post
auldstampguy
Members Picture


Tim
Collector, Webmaster

03 Oct 2015
10:21:53am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Sam,
You and I had the same thought. I'm looking into encrypting the passwords now.

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
cocollectibles

03 Oct 2015
11:05:49am
re: The Stamporama website has been hacked. PLEASE READ NOW.

"Makes you wonder what these idiots get out of doing stuff like that."



If anything, practice for the big money hack jobs later. Scumbags, nonetheless.
This a good reason to update passwords on a regular basis and to use different ones on different sites.

Peter
Like
Login to Like
this post

"TO ERR IS HUMAN; TO FORGIVE, CANINE."
biggeorge
Members Picture


03 Oct 2015
11:11:26am
re: The Stamporama website has been hacked. PLEASE READ NOW.

PW changed! Thanks for the warning!

biggeorge

Like
Login to Like
this post
ikeyPikey
Members Picture


03 Oct 2015
11:18:28am
re: The Stamporama website has been hacked. PLEASE READ NOW.

For all those sites that want a password but cannot hurt me - for example, a newspaper that requires a log-in but does not have my credit card - I use a single password.

At last count, there were dozens & dozens of such sites using that non-critical, non-financial, pretty-much-zero-impact password.

The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.

I've tried password-generating software but, frankly, did not like the results, as I have to save the whole password in a convenient electronic place, and having a document on my desktop with a long list of URLs and passwords does not appeal to me.

Without giving away your family jewels, how do you manage your flock of passwords?

Cheers,

/s/ ikeyPikey

Like 
1 Member
likes this post.
Login to Like.

"I collect stamps today precisely the way I collected stamps when I was ten years old."
KZCinWI

03 Oct 2015
11:25:00am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed mine!
Thanks for the warning!

Like
Login to Like
this post
SeawayMa

03 Oct 2015
11:36:35am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks for keeping us all on our toes, Tim. Password(s) changed. We get too lax with changing them periodically.

Like
Login to Like
this post
cocollectibles

03 Oct 2015
11:54:00am
re: The Stamporama website has been hacked. PLEASE READ NOW.

"The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
"



Famous last words.


Like
Login to Like
this post

"TO ERR IS HUMAN; TO FORGIVE, CANINE."
sponthetrona2
Members Picture


Keep Postal systems alive, buy stamps and mail often

03 Oct 2015
12:01:21pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Back from current trip....Thanks have changed PW

Like
Login to Like
this post
sheepshanks
Members Picture


03 Oct 2015
12:05:29pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed mine, thanks for the warning Tim.
If anyone is using Firefox, all your saved passwords are available to see. Go to Options in the menu (3 bars) icon, top right of screen. Click on security, passwords and view passwords.
Personally I keep mine in a book that is then hidden within other papers but mostly memory works well after a few entries.

Like
Login to Like
this post
TheStampCellar
Members Picture


03 Oct 2015
12:09:23pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Password changed - thanks for the info.

James

Like
Login to Like
this post

blog.thestampcellar.com/
pedroguy
Members Picture


03 Oct 2015
12:11:02pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks Tim............I'm changed

Like
Login to Like
this post
keesindy
Members Picture


03 Oct 2015
12:21:24pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed mine, too!

Like
Login to Like
this post

"I no longer collect, but will never abandon the hobby"
2010ccg

03 Oct 2015
12:32:58pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Done!

Like
Login to Like
this post
grorod
Members Picture


03 Oct 2015
12:44:29pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thank you for Tim
all changed now!!!

Like
Login to Like
this post

do not have one
philb
Members Picture


03 Oct 2015
12:48:58pm

Auctions
re: The Stamporama website has been hacked. PLEASE READ NOW.

Done thanks !

Like
Login to Like
this post

"And every hair is measured like every grain of sand"
Madbaker
Members Picture


03 Oct 2015
01:04:38pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed. Thanks for the email!

Mark

Like
Login to Like
this post
DavidG
Members Picture


APS member since 2004

03 Oct 2015
01:34:44pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Passord changed... thank-you for your diligence!

David

Like
Login to Like
this post

"President, The Society for Costa Rica Collectors"
khj
Members Picture


03 Oct 2015
01:52:48pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks to SOR adminstrators for being open about this and addressing this so quickly!

I will add the following. I noticed an uptick in the number of spoofed emails from SoR members over the past 2 weeks. Oftentimes, the mailbox is actually correct but the domain name is different. The spoofing appears pretty convincing, otherwise, because they are using our full names rather than our username handles. I was concerned about this enough to contact at least one SoR member about this.

I think now I know why the uptick in the spoofed emails.

So please be advised to be extra careful to check the domain name in any emails you think you are receiving from SoR members. I'm not saying toss any emails from SOR members, but that you should check to make sure the domain name is the same as in the emails you received from them in the past.

Like
Login to Like
this post
Webpaper

In loving memory of Carol, my wife for 52 years.

03 Oct 2015
02:01:32pm

Auctions - Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed - thank you !!

Like
Login to Like
this post

www.hipstamp.com/store/webpaper
Larryd
Members Picture


03 Oct 2015
02:03:31pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Like khj, I've also gotten e-mails that seemed to come from SOR members; however, unlike real messages these latest e-mails have been routed to my spam box rather than my inbox. I'm not sure how the Yahoo spam filters detect the difference, but I've made a note not to open any items in the spam box. The two I did open didn't appear to have any clickable links, but had nothing to do with stamps. I've also changed my password.

Like
Login to Like
this post

LPD4.blogspot.com
1973lindale

03 Oct 2015
02:26:13pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks, Tim for catching this quickly and closing the entry hole the hackers accessed. Keep up the good work.

Got my p/w changed.

Like
Login to Like
this post
mbo1142
Members Picture


I thought I was wrong once, but I was mistaken.

03 Oct 2015
02:36:42pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks, changed this one and 3 others that were minor.

Like 
1 Member
likes this post.
Login to Like.
Stampfarm
Members Picture


03 Oct 2015
03:20:54pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Just changed mine. Thanks Tim.

Like
Login to Like
this post
scb
Members Picture


Collecting the world 1840 to date - one stamp at a time!

03 Oct 2015
03:25:00pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Password changed....

Anyway, as online security is part of my profession, I've got two (ok, three) suggestions

1) instead of asking users to change password, the system/admins should automatically update everybody's password in situations like this. Then ask users to simply reset their password (using email based opt-in/confirmation system). That way any further damages are immediately prevented instead of relying whether or not all users read the notification.

2) Hashing passwords in database is MUST DO action. Storing passwords as plain text (or with simple encryption) has been big no-no for the past decade. (Again, if it requires resetting everybody's passwords, so be it. )

3) In addition of member details, I'm bit worried if also private messages have been affected/leaked as well? Personally I would never share any sensitive information (such as credit card details) using anything as insecure as email or members messages, but I do know for a fact that some collectors do so.... If the messages have leaked as well, then it might be a good idea to ask users to kill their credit cards if they have shared their credit card details using private/members messages.

Just my 5 cents worth,
-k-

Like
Login to Like
this post

www.stampcollectingblog.com
auldstampguy
Members Picture


Tim
Collector, Webmaster

03 Oct 2015
04:02:24pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Scb,
Thanks for your suggestions. It is much appreciated especially as you are an IT professional. Below are some comment/explanations re your comments.

1. As we stand today I don't have a way for a member to change their password unless they are logged in. If I globally changed everyone's password, which would have addressed the initial security breach, no-one would have been able to login. It was quickest to ask everyone to help get them changed.

2. I'm working today on implementing password encryption across all membership records so that even if someone manages to hack-in again, they will not be able to read the passwords.

3. I don't think that they got to the private messages, but I can't be sure. We should all keep a close eye out for anything strange.

Thanks again for you your comments.

Regards ... Tim.

Like 
1 Member
likes this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
doodles69ca
Members Picture


Suzanne

03 Oct 2015
04:13:50pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks for the information. My password is changed.
Appreciate all the hard work that has to be done.

Suzanne

Like
Login to Like
this post

"Stamp collectors don't go crazy, they just become unhinged."
StampCollector
Members Picture


03 Oct 2015
04:22:28pm

Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

Password changed, but I wonder if other sections on the system have been affected.

Tony

Like
Login to Like
this post

colnect.com/en/collectors/collector/StampCollector1
ikeyPikey
Members Picture


03 Oct 2015
04:33:53pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

"... Famous last words ..."



So, yes, you have 50-100 different secure passwords, and change them 2x/year?
Like
Login to Like
this post

"I collect stamps today precisely the way I collected stamps when I was ten years old."
Soundcrest
Members Picture


03 Oct 2015
04:36:06pm

Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks Tim. PW changed

Greg

Like
Login to Like
this post

"Seesomething you like in my Hipstore? Contact me for a deal!"

www.hipstamp.com/store/soundcrest-house
cardstamp
Members Picture


03 Oct 2015
04:39:49pm

Auctions - Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed - and I changed my password on all of my other selling sites that use the same email. At least my PAYPAL account I had already set up with a different password because I have been hit there a few times.That is the one that could cause the most issues - if they could get into there with the password from here.

Like 
1 Member
likes this post.
Login to Like.

www.hipstamp.com/store/father-son-stamps
cornerpost
Members Picture


03 Oct 2015
04:46:22pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim,
Thanks for the warning - password changed
Merv

Like
Login to Like
this post
Jansimon
Members Picture


collector, seller, MT member

03 Oct 2015
04:51:53pm

Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed my PW too

Like
Login to Like
this post

www.etsy.com/nl/shop/itsallmadeofpaper/
Guthrum
Members Picture


03 Oct 2015
05:29:54pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Done. Thanks for spotting the problem so soon, and hopefully no harm done to any members.

Like
Login to Like
this post
BeeSee
Members Picture


Langley, BC

03 Oct 2015
06:25:44pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks for the quick heads up on this Tim! PW changed.

Was our street addresses post on the site too? Stamporama is the only stamp forum I belong too that requires a street address for membership.

Like 
1 Member
likes this post.
Login to Like.

"I love used classic stamps. APS, RPSC, BNAPS"

brcStamps.com
auldstampguy
Members Picture


Tim
Collector, Webmaster

03 Oct 2015
07:55:49pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Brian,
No the street addresses were not posted on the hacker site.

Regards ... Tim

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
alyn
Members Picture


webmaster for the ISWSC http://iswsc.org.

03 Oct 2015
08:33:53pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim,

Thanks for securing the site and plugging the leak. I am just wondering what exactly showed up on the hacker site?

All the best,

Alyn

Like
Login to Like
this post

"https://thebeardedphilatelist.ca - https://alynlunt.com"

alynlunt.com/
musicman
Members Picture


APS #213005

03 Oct 2015
08:35:27pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Ikey-Pikey said;

"Without giving away your family jewels, how do you manage your flock of passwords?"




I have an old address book that I have written all my passwords in to all my sites used.

This is done for 2 reasons -

1) so I don't have to REMEMBER them all!Confused
and
2) in case anything happens to meAngel, my wife can access all my stuff with no problem - after all, when I'm gone, it's all hers!Big Grin







Randy
Like 
1 Member
likes this post.
Login to Like.
BeeSee
Members Picture


Langley, BC

03 Oct 2015
08:42:42pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks Tim. Job well done!

Like
Login to Like
this post

"I love used classic stamps. APS, RPSC, BNAPS"

brcStamps.com
musicman
Members Picture


APS #213005

03 Oct 2015
08:44:32pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Well, this is ONE way to find out who is still active around here!

LOLRolling On The Floor Laughing












Randy

Like 
1 Member
likes this post.
Login to Like.
michael78651

03 Oct 2015
08:59:23pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Great one, Randy!

PW changed. Mine was unique to SOR.

I too have received spoof email from supposedly SOR members. Arrived in my Spam. Didn't open the attachment, deleted the message, and performed an in-depth scan. No infection was found.

Like
Login to Like
this post
hamilton

03 Oct 2015
09:08:56pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

PW changed. Thanks for the update

Like
Login to Like
this post
smaier
Members Picture


Sally

03 Oct 2015
09:33:25pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed. Thanks

Like
Login to Like
this post
TuskenRaider
Members Picture


03 Oct 2015
11:19:45pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim;

Changed my password too....
TuskenRaider

Like
Login to Like
this post

www.webstore.com/store,pgr,37572,user_id,37572,ac,shop
Jopie
Members Picture


04 Oct 2015
01:04:55am
re: The Stamporama website has been hacked. PLEASE READ NOW.

I am getting e mails from auction houses i am not familiar with..we may have been spread around the philatelic community !

Like 
1 Member
likes this post.
Login to Like.
philb
Members Picture


04 Oct 2015
01:07:18am

Auctions
re: The Stamporama website has been hacked. PLEASE READ NOW.

The last post was mine...i thought i was logged on..but i guess not !Angry

Like
Login to Like
this post

"And every hair is measured like every grain of sand"
scb
Members Picture


Collecting the world 1840 to date - one stamp at a time!

04 Oct 2015
03:35:47am
re: The Stamporama website has been hacked. PLEASE READ NOW.

"Without giving away your family jewels, how do you manage your flock of passwords?"



Just one word - KeePass2
http://keepass.info

It's a 'geek tool' so there's a bit of a learning curve to get into it. But fortunately Youtube has got lots of videos that should get anybody started with it. Though it's officially Windows only, there is number of exensions/tools that integrate (make it work seamlessly) on ANY browser, device or operating system.

Once you get everything up and running, it works pretty much on the background (reminding when to renew passwords, fills usernames + passwords when required, creates new passwords when required etc). The only thing you'll really have to take care is have backups of your 'master password' file (which in itself can be crypted in number of ways) in case of computer crash etc.

-k-


Like
Login to Like
this post

www.stampcollectingblog.com
snowy12
Members Picture


04 Oct 2015
05:11:37am

Auctions
re: The Stamporama website has been hacked. PLEASE READ NOW.

For some reason all my lots that finished today I have not received any emails regarding the sales ,have they been hacked as well?

Brian

Like
Login to Like
this post
Soundcrest
Members Picture


04 Oct 2015
06:31:09am

Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

I got the rest of mine about 30 minutes ago. I wondered about that as well but it was mentioned that there is an automatic extension of a lot if there is a bid within a certain time of the lot ending. I was not aware of that feature.

Greg

Like
Login to Like
this post

"Seesomething you like in my Hipstore? Contact me for a deal!"

www.hipstamp.com/store/soundcrest-house
auldstampguy
Members Picture


Tim
Collector, Webmaster

04 Oct 2015
06:54:08am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Brian and Greg,
With the bulk email that I sent out yesterday re the website getting hacked, there was a big backup of emails to send. Brian, you have all your emails now, right?

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
snowy12
Members Picture


04 Oct 2015
07:36:19am

Auctions
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim
No still haven't received any from the auction.I just received a message through the board message system.
Brian

Like
Login to Like
this post
auldstampguy
Members Picture


Tim
Collector, Webmaster

04 Oct 2015
07:44:16am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Brian,
I'm not sure what has happened to your auction emails. It all looks OK on the server. Could you please check your spam/junk folders in your email program?

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
vincy4fish98

04 Oct 2015
02:06:25pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks for the email and notification. PW changed!

Vince

Like
Login to Like
this post
bicolor04

04 Oct 2015
03:45:23pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi all, I only just received the info this morning, Monday.
I could not log in(password invalid) so have created a new profile/username/password.

All my internet registrations/passwords are in software from coffeecup.com
Its called "Lockerbox" check it out, it works. Different passwords generated by the software. I have been using it for a long time. So in short, every internet account I use has a different password.

To get any of my info one would have to hack my personal computer and then hack lockerbox.

On forums I always use a postal address of a Jail/Goal, after all I would say any communication on Forums is by email.

Like 
1 Member
likes this post.
Login to Like.

"www.austamps.com"
Rhinelander
Members Picture


Support the Hobby -- Join the American Philatelic Society

04 Oct 2015
03:54:37pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Bicolor04,

Of course, creating a new username/profile will wipe out your history here (history of lots sold and won, invoicing, discussions you participated under your old name etc. etc. etc.). It will also duplicate our member count (?). Better really not to become a 'new' member, but to use the "change password" function for your old username, which is now located below the login box. Perhaps Tim should make the link a little more prominent to avoid that members believe they must create new profiles.

Arno

Like 
2 Members
like this post.
Login to Like.
auldstampguy
Members Picture


Tim
Collector, Webmaster

04 Oct 2015
05:21:17pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

I put a note on each of the Login screens to bring peoples attention to the Forgotten Password link.

Regards ... Tim.

Like 
1 Member
likes this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
damiross

04 Oct 2015
07:48:33pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

I've been using LastPass for several years now. It's a great password generator and password vault program. You need to remember only one password - that's the one to access LastPass itself.

There is a free version available. I use the premium version ($12/year) so that I can access my passwords on my phone and tablet.

Please forgive me if it isn't appropriate to give publicity to other programs here.


Like
Login to Like
this post

damiross.net
auldstampguy
Members Picture


Tim
Collector, Webmaster

04 Oct 2015
08:12:25pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi David,
It is all good. LastPass sounds like a solution that would work for many of our members.

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Milco
Members Picture


05 Oct 2015
02:29:25pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

...in the end, I changed it!!


Like
Login to Like
this post

stampmusthave.blogspot.com/
Stevo45
Members Picture


06 Oct 2015
01:00:46am
re: The Stamporama website has been hacked. PLEASE READ NOW.


If you have trouble remembering passwords AND serial numbers AND other data numbers...........::

The password holder "Web Confidential" works very well for me also "PassDiary" for iPad and iPhone work in the same way................

Cheers

Steve.

Like
Login to Like
this post

www.ebid.net/au/stores/Stevos-Stamps
Stevo45
Members Picture


06 Oct 2015
01:02:25am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Milko,

Don't I know you from somewhere else?

Steve.

Like
Login to Like
this post

www.ebid.net/au/stores/Stevos-Stamps
jimjung

10 Oct 2015
07:13:34am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi, Thanks for the email. Pasword successfully changed. Please note that skymem does not want confidential data on their website and according to their faq you can delete documents from their site by clicking on the Remove Button above each document. Don't know if that's true. You cana lso remove data from google search results, etc.

http://www.skymem.com/faq

Like
Login to Like
this post
auldstampguy
Members Picture


Tim
Collector, Webmaster

10 Oct 2015
11:45:31am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Jim,
You are quite correct. I did make use of their "Remove" function. They don't guarantee that the data will stay removed, so I'm keeping an eye on it every couple of days.

Regards ... Tim.

Like 
1 Member
likes this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Snick1946
Members Picture


APS Life Member

10 Oct 2015
03:03:58pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Not sure if related but note a debit of $24.10 on my Visa account dated today from a source I do not recognize.. It shows as pending so no use calling until Monday. I of course did not have this card # as part of my information on here but maybe someone used my password to access my account.


Like
Login to Like
this post
boseauro
Members Picture


15 Oct 2015
01:47:21am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi,

I had not reset the password earlier but it was working fine till today when I was unable to login to SOR.My password was saved so whenever I used to open SOR it always used to open the page with me logged in, but today it was not logging me in. I remembered my password but still it was not logging me in with my password. So, I had to reset the password and log in again.

Few questions to Admin:

1. Can anyone change my password without any email communication to the email address which is updated in SOR.

2. Assuming someone hacked the password of SOR and changed the email address from my profile, would not be an email communication sent to the earlier email ID which was there providing the info that your email address has been changed.

3. As I worked in the technical field earlier in server-networking,curious to know was there any technical gap which was opened when we were moved from the old to the new server of SOR.

4. We discussed about encryption, any update on it.

Thanks
Auro

Like
Login to Like
this post
auldstampguy
Members Picture


Tim
Collector, Webmaster

15 Oct 2015
08:36:50am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Boseauro,
Here are the answers to your questions:

1. Only you can change your password either by using the Change Password function in the members area or by using the Forgot Password link on the Login page.

2. Had your email address been changed?

3. We don't know if any technical gap that was opened up by moving to the new server.

4. All passwords are encrypted.

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
boseauro
Members Picture


15 Oct 2015
12:45:01pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim,

Thanks for your response.
Coming back to my first question:
When we change our password, is there any email communication sent? In this case I did not get any email when my password was changed,so I probably assuming my password was compromised.

After I reset my password it is working fine now.

Thanks
Auro

Like
Login to Like
this post
TribalErnie

23 Oct 2015
09:21:00am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Tim,

Please excuse me if these questions were already answered. I didn't see it if it was.


I just did a google search for my email address and I found where my email address, password and phone number were on the skymem website. Is there any way to get it off of there or is it just "tough luck"?
I saw the previous answer to this question, thanks.

Also, what else did they get? Do they have my name and address? I couldn't tell from what I saw.

What in the world is skymem.com anyway?

Thanks in advance,

-Ernie

Like
Login to Like
this post
Poodle_Mum
Members Picture


A Service Dog gives a person with a disability independence. Never approach, distract or pet a working dog, especially when (s)he is in harness. Never be afraid to ask questions to the handler (parent).

23 Oct 2015
10:23:07am
re: The Stamporama website has been hacked. PLEASE READ NOW.

My old one is still listed in Google search too. Sad

Like
Login to Like
this post

"Let's find a cure for Still's Disease, Breast Cancer and Canine Addison's Disease. We CAN find a cure and save lives!!"

drkellyfleming.ca
auldstampguy
Members Picture


Tim
Collector, Webmaster

23 Oct 2015
07:31:54pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Ernie,
Skymem.com seems to be a website where hackers like to post their scalps (if you will excuse the term). If you are seeing a page on their website with your details, there should be a Remove button that you can use. I have done so and I thought that it had removed all of our information. I did a search using your email address and it seemed to be removed, but that could just have been the view that Google is giving me. Try clicking on the Remove button.

Regards ... Tim

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Philatarium
Members Picture


APS #187980

23 Oct 2015
09:41:32pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

I think the data is still in the Google cache, but no longer on the Skymem site. I checked for my info, and that's what happened. Showed up in the Google search, but did not show up on the Skymem site.

Like
Login to Like
this post

"You gotta put down the duckie if you wanna play the saxophone. (Hoots the Owl -- Sesame Street)"

www.hipstamp.com/store/the-philatarium
cfc1967

01 Nov 2015
08:53:10am
re: The Stamporama website has been hacked. PLEASE READ NOW.

I am very disappointed by the lack of security on this site. This is not the first issue I have had with the site and must consider it the third strike.

I would hope that Tim would continue to check skymem.com to be sure our information is not re-posted. I am not sure we have heard the last of this yet.

How can I have my personal information removed from StampoRama? I no longer care to be a member of this site. Please advise me on how to proceed and how to document that my personal data is removed from this site.

Like
Login to Like
this post
BobbyBarnhart
Members Picture


They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -Benjamin Franklin

01 Nov 2015
11:31:41am
re: The Stamporama website has been hacked. PLEASE READ NOW.

Charlie,

There is no personal data on Stamporama that anyone with even a beginner's knowledge of the internet could not find out elsewhere. Anyone who believes that their private lives are safe from intrusion by a determined data miner is living in a fool's paradise. The internet is a dangerous place, but then so are the dark alleys of most of our cities. Good luck trying to find a safe haven on the WWW, you have a monumental task before you!

Like
Login to Like
this post

"The only thing necessary for the triumph of evil is for good men to do nothing. -Edmund Burke"

www.bobbybarnhart.net
Webpaper

In loving memory of Carol, my wife for 52 years.

01 Nov 2015
02:01:18pm

Auctions - Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

" Anyone who believes that their private lives are safe from intrusion by a determined data miner is living in a fool's paradise."

How very true. Remember when many people put their social security numbers on their checks and the police recommended that you engrave your social security number on expensive items?

Now we are told to do whatever it takes to keep that number from anyone and to make sure you don't carry your social security card in your wallet. And yet the government uses your social security number for your Medicare number and you are supposed to carry that card with you. Add in that it appears on all of your medical records which cannot be referred to as "secure" by any stretch of the imagination.

Try tracking down an old classmate on the internet - you can usually find them easily. Even the difficult ones who have moved several times can generally be found in less than half an hour.

Like
Login to Like
this post

www.hipstamp.com/store/webpaper
auldstampguy
Members Picture


Tim
Collector, Webmaster

01 Nov 2015
03:21:02pm
re: The Stamporama website has been hacked. PLEASE READ NOW.

@cfc1967,
I understand your frustration. We have done everything that we can to secure the website, but we are not hackers and don't have the same type of knowledge as the people who broke into the website. My focus has always been on building not breaking. I continue to look for possible break-ins on a regular basis and I scan the internet to try and find our private information out there. But don't just leave this to me. I strongly encourage you to to be scanning the internet for your personal information. Do regular Google scans for your email address. This was how Arno originally discovered that we had been hacked.

Regards ... Tim.

Like 
2 Members
like this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
rrraphy
Members Picture


Retired Consultant APS#186030

02 Nov 2015
03:03:32pm

Approvals
re: The Stamporama website has been hacked. PLEASE READ NOW.

The SOR is highly unstable today. I am unable to post elsewhere, and only after 1/2 hour of tries can I hope to issue this warning. Highly unstable. Login, edit, posts etc all seem to have issues.
Started at 10:30 am more or less CA time.
Rrr. Posting now in desperation before loosing the connection.

Like
Login to Like
this post

"E. Rutherford: All science is either physics or stamp collecting."
        

 

Author/Postings
Members Picture
auldstampguy

Tim
Collector, Webmaster
03 Oct 2015
09:11:47am

Hi Everyone,

We discovered over night that the Stamporama website has been hacked and data from the membership database has been taken. All of our emails, password and phone numbers were posted on a website called skymem.com on Sept 21. Arno found this after investigating Alyn's post re his password having been changed by someone. I have requested that the information be taken down from the skymem.com website, but it could well be posted there again. We have no knowledge about the stolen information being used apart from the fact that it was posted on the skymem site.

I believe that I have found where they got in and have closed the security hole. I apologize sincerely that the security hole existed and that I hadn't caught it before.

It is very important that you go onto the Members Area and change your password. Even more important than that, if you use the same password that you use on Stamporama on other websites, especially if you use the same email address on those other websites, you should go and change your password on those websites. This is especially important if you use your stamporama password for any banking websites etc.

To change your password on Stamporama, login and go to the Members Area and use the "Change Password" function, which is right underneath the Edit Profile function. Please let me know if you need help.

I have sent this message out to all active members, except those who have unsubscribed from the bulk emails.

Regards ... Tim.

Like 
4 Members
like this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
musicman

APS #213005
03 Oct 2015
09:35:36am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thank you, Tim -

I'm sure I speak for others in saying we appreciate your prompt response in this.

...password changed!







Randy

Like 
3 Members
like this post.
Login to Like.
Members Picture
Stampaholic

03 Oct 2015
09:42:20am

Auctions - Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

me2. thanks.Thumbs Up

Like
Login to Like
this post

" I have a burning love for stamps. Lord A'mighty ,feel my temperature risin'! "
Members Picture
Tregeor

03 Oct 2015
09:55:36am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Makes you wonder what these idiots get out of doing stuff like that. They ought to get a job! Angry
Anyway, my p/w now changed. Thanks for the update.

Like
Login to Like
this post
Members Picture
bobstew617

03 Oct 2015
09:58:42am

re: The Stamporama website has been hacked. PLEASE READ NOW.

pw changed --thanks, Tim.

I am concerned that members who do not read the DB will not know of this. Is there any way to do a mass email?

BOB

Like
Login to Like
this post
Members Picture
auldstampguy

Tim
Collector, Webmaster
03 Oct 2015
10:03:13am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Bob,
There is an email going out to all active members right now (except to the members who have unsubscribed to the bulk emails). I have also posted the message on the SOR Facebook page.

Tim

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
Rhinelander

Support the Hobby -- Join the American Philatelic Society
03 Oct 2015
10:05:35am

re: The Stamporama website has been hacked. PLEASE READ NOW.

If there had been any widespread abuse, I believe we would have become aware of this issue much earlier. Great. Tim, that you have figured out and fixed the vulnerability.

What are you going to do about such lowlifes? We could consider requiring mandatory password changes every couple of months, but that is probably not very popular with most users. So, I believe that falls into the realm of the internet being a scary place and to always be guarded, i.e., to use different passwords for different places and to change them once in a while. Of course, me too is guilty of not doing so at all times.

Like
Login to Like
this post
samliu

03 Oct 2015
10:19:35am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Maybe we need to consider to encrypt password.

Nobody should be able to decrypt it, even users can only reset, not recover.

Sam

Like
Login to Like
this post
Members Picture
auldstampguy

Tim
Collector, Webmaster
03 Oct 2015
10:21:53am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Sam,
You and I had the same thought. I'm looking into encrypting the passwords now.

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
cocollectibles

03 Oct 2015
11:05:49am

re: The Stamporama website has been hacked. PLEASE READ NOW.

"Makes you wonder what these idiots get out of doing stuff like that."



If anything, practice for the big money hack jobs later. Scumbags, nonetheless.
This a good reason to update passwords on a regular basis and to use different ones on different sites.

Peter
Like
Login to Like
this post

"TO ERR IS HUMAN; TO FORGIVE, CANINE."
Members Picture
biggeorge

03 Oct 2015
11:11:26am

re: The Stamporama website has been hacked. PLEASE READ NOW.

PW changed! Thanks for the warning!

biggeorge

Like
Login to Like
this post
Members Picture
ikeyPikey

03 Oct 2015
11:18:28am

re: The Stamporama website has been hacked. PLEASE READ NOW.

For all those sites that want a password but cannot hurt me - for example, a newspaper that requires a log-in but does not have my credit card - I use a single password.

At last count, there were dozens & dozens of such sites using that non-critical, non-financial, pretty-much-zero-impact password.

The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.

I've tried password-generating software but, frankly, did not like the results, as I have to save the whole password in a convenient electronic place, and having a document on my desktop with a long list of URLs and passwords does not appeal to me.

Without giving away your family jewels, how do you manage your flock of passwords?

Cheers,

/s/ ikeyPikey

Like 
1 Member
likes this post.
Login to Like.

"I collect stamps today precisely the way I collected stamps when I was ten years old."
KZCinWI

03 Oct 2015
11:25:00am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed mine!
Thanks for the warning!

Like
Login to Like
this post
SeawayMa

03 Oct 2015
11:36:35am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks for keeping us all on our toes, Tim. Password(s) changed. We get too lax with changing them periodically.

Like
Login to Like
this post
cocollectibles

03 Oct 2015
11:54:00am

re: The Stamporama website has been hacked. PLEASE READ NOW.

"The very idea of making-up 50-100 different, secure passwords - for each credit card, retailer, etc - and changing them strikes me as ridiculous.
"



Famous last words.


Like
Login to Like
this post

"TO ERR IS HUMAN; TO FORGIVE, CANINE."
Members Picture
sponthetrona2

Keep Postal systems alive, buy stamps and mail often
03 Oct 2015
12:01:21pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Back from current trip....Thanks have changed PW

Like
Login to Like
this post
Members Picture
sheepshanks

03 Oct 2015
12:05:29pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed mine, thanks for the warning Tim.
If anyone is using Firefox, all your saved passwords are available to see. Go to Options in the menu (3 bars) icon, top right of screen. Click on security, passwords and view passwords.
Personally I keep mine in a book that is then hidden within other papers but mostly memory works well after a few entries.

Like
Login to Like
this post
Members Picture
TheStampCellar

03 Oct 2015
12:09:23pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Password changed - thanks for the info.

James

Like
Login to Like
this post

blog.thestampcellar. ...
Members Picture
pedroguy

03 Oct 2015
12:11:02pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks Tim............I'm changed

Like
Login to Like
this post
Members Picture
keesindy

03 Oct 2015
12:21:24pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed mine, too!

Like
Login to Like
this post

"I no longer collect, but will never abandon the hobby"
2010ccg

03 Oct 2015
12:32:58pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Done!

Like
Login to Like
this post
Members Picture
grorod

03 Oct 2015
12:44:29pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thank you for Tim
all changed now!!!

Like
Login to Like
this post

do not have one
Members Picture
philb

03 Oct 2015
12:48:58pm

Auctions

re: The Stamporama website has been hacked. PLEASE READ NOW.

Done thanks !

Like
Login to Like
this post

"And every hair is measured like every grain of sand"
Members Picture
Madbaker

03 Oct 2015
01:04:38pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed. Thanks for the email!

Mark

Like
Login to Like
this post
Members Picture
DavidG

APS member since 2004
03 Oct 2015
01:34:44pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Passord changed... thank-you for your diligence!

David

Like
Login to Like
this post

"President, The Society for Costa Rica Collectors"
Members Picture
khj

03 Oct 2015
01:52:48pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks to SOR adminstrators for being open about this and addressing this so quickly!

I will add the following. I noticed an uptick in the number of spoofed emails from SoR members over the past 2 weeks. Oftentimes, the mailbox is actually correct but the domain name is different. The spoofing appears pretty convincing, otherwise, because they are using our full names rather than our username handles. I was concerned about this enough to contact at least one SoR member about this.

I think now I know why the uptick in the spoofed emails.

So please be advised to be extra careful to check the domain name in any emails you think you are receiving from SoR members. I'm not saying toss any emails from SOR members, but that you should check to make sure the domain name is the same as in the emails you received from them in the past.

Like
Login to Like
this post
Webpaper

In loving memory of Carol, my wife for 52 years.

03 Oct 2015
02:01:32pm

Auctions - Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed - thank you !!

Like
Login to Like
this post

www.hipstamp.com/sto ...
Members Picture
Larryd

03 Oct 2015
02:03:31pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Like khj, I've also gotten e-mails that seemed to come from SOR members; however, unlike real messages these latest e-mails have been routed to my spam box rather than my inbox. I'm not sure how the Yahoo spam filters detect the difference, but I've made a note not to open any items in the spam box. The two I did open didn't appear to have any clickable links, but had nothing to do with stamps. I've also changed my password.

Like
Login to Like
this post

LPD4.blogspot.com
1973lindale

03 Oct 2015
02:26:13pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks, Tim for catching this quickly and closing the entry hole the hackers accessed. Keep up the good work.

Got my p/w changed.

Like
Login to Like
this post
Members Picture
mbo1142

I thought I was wrong once, but I was mistaken.
03 Oct 2015
02:36:42pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks, changed this one and 3 others that were minor.

Like 
1 Member
likes this post.
Login to Like.
Members Picture
Stampfarm

03 Oct 2015
03:20:54pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Just changed mine. Thanks Tim.

Like
Login to Like
this post
Members Picture
scb

Collecting the world 1840 to date - one stamp at a time!
03 Oct 2015
03:25:00pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Password changed....

Anyway, as online security is part of my profession, I've got two (ok, three) suggestions

1) instead of asking users to change password, the system/admins should automatically update everybody's password in situations like this. Then ask users to simply reset their password (using email based opt-in/confirmation system). That way any further damages are immediately prevented instead of relying whether or not all users read the notification.

2) Hashing passwords in database is MUST DO action. Storing passwords as plain text (or with simple encryption) has been big no-no for the past decade. (Again, if it requires resetting everybody's passwords, so be it. )

3) In addition of member details, I'm bit worried if also private messages have been affected/leaked as well? Personally I would never share any sensitive information (such as credit card details) using anything as insecure as email or members messages, but I do know for a fact that some collectors do so.... If the messages have leaked as well, then it might be a good idea to ask users to kill their credit cards if they have shared their credit card details using private/members messages.

Just my 5 cents worth,
-k-

Like
Login to Like
this post

www.stampcollectingb ...
Members Picture
auldstampguy

Tim
Collector, Webmaster
03 Oct 2015
04:02:24pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Scb,
Thanks for your suggestions. It is much appreciated especially as you are an IT professional. Below are some comment/explanations re your comments.

1. As we stand today I don't have a way for a member to change their password unless they are logged in. If I globally changed everyone's password, which would have addressed the initial security breach, no-one would have been able to login. It was quickest to ask everyone to help get them changed.

2. I'm working today on implementing password encryption across all membership records so that even if someone manages to hack-in again, they will not be able to read the passwords.

3. I don't think that they got to the private messages, but I can't be sure. We should all keep a close eye out for anything strange.

Thanks again for you your comments.

Regards ... Tim.

Like 
1 Member
likes this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
doodles69ca

Suzanne
03 Oct 2015
04:13:50pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks for the information. My password is changed.
Appreciate all the hard work that has to be done.

Suzanne

Like
Login to Like
this post

"Stamp collectors don't go crazy, they just become unhinged."
Members Picture
StampCollector

03 Oct 2015
04:22:28pm

Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

Password changed, but I wonder if other sections on the system have been affected.

Tony

Like
Login to Like
this post

colnect.com/en/colle ...
Members Picture
ikeyPikey

03 Oct 2015
04:33:53pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

"... Famous last words ..."



So, yes, you have 50-100 different secure passwords, and change them 2x/year?
Like
Login to Like
this post

"I collect stamps today precisely the way I collected stamps when I was ten years old."
Members Picture
Soundcrest

03 Oct 2015
04:36:06pm

Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks Tim. PW changed

Greg

Like
Login to Like
this post

"Seesomething you like in my Hipstore? Contact me for a deal!"

www.hipstamp.com/sto ...
Members Picture
cardstamp

03 Oct 2015
04:39:49pm

Auctions - Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed - and I changed my password on all of my other selling sites that use the same email. At least my PAYPAL account I had already set up with a different password because I have been hit there a few times.That is the one that could cause the most issues - if they could get into there with the password from here.

Like 
1 Member
likes this post.
Login to Like.

www.hipstamp.com/sto ...
Members Picture
cornerpost

03 Oct 2015
04:46:22pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim,
Thanks for the warning - password changed
Merv

Like
Login to Like
this post
Members Picture
Jansimon

collector, seller, MT member
03 Oct 2015
04:51:53pm

Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed my PW too

Like
Login to Like
this post

www.etsy.com/nl/shop ...
Members Picture
Guthrum

03 Oct 2015
05:29:54pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Done. Thanks for spotting the problem so soon, and hopefully no harm done to any members.

Like
Login to Like
this post
Members Picture
BeeSee

Langley, BC
03 Oct 2015
06:25:44pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks for the quick heads up on this Tim! PW changed.

Was our street addresses post on the site too? Stamporama is the only stamp forum I belong too that requires a street address for membership.

Like 
1 Member
likes this post.
Login to Like.

"I love used classic stamps. APS, RPSC, BNAPS"

brcStamps.com
Members Picture
auldstampguy

Tim
Collector, Webmaster
03 Oct 2015
07:55:49pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Brian,
No the street addresses were not posted on the hacker site.

Regards ... Tim

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
alyn

webmaster for the ISWSC http://iswsc.org.
03 Oct 2015
08:33:53pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim,

Thanks for securing the site and plugging the leak. I am just wondering what exactly showed up on the hacker site?

All the best,

Alyn

Like
Login to Like
this post

"https://thebeardedphilatelist.ca - https://alynlunt.com"

alynlunt.com/
Members Picture
musicman

APS #213005
03 Oct 2015
08:35:27pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Ikey-Pikey said;

"Without giving away your family jewels, how do you manage your flock of passwords?"




I have an old address book that I have written all my passwords in to all my sites used.

This is done for 2 reasons -

1) so I don't have to REMEMBER them all!Confused
and
2) in case anything happens to meAngel, my wife can access all my stuff with no problem - after all, when I'm gone, it's all hers!Big Grin







Randy
Like 
1 Member
likes this post.
Login to Like.
Members Picture
BeeSee

Langley, BC
03 Oct 2015
08:42:42pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks Tim. Job well done!

Like
Login to Like
this post

"I love used classic stamps. APS, RPSC, BNAPS"

brcStamps.com
Members Picture
musicman

APS #213005
03 Oct 2015
08:44:32pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Well, this is ONE way to find out who is still active around here!

LOLRolling On The Floor Laughing












Randy

Like 
1 Member
likes this post.
Login to Like.
michael78651

03 Oct 2015
08:59:23pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Great one, Randy!

PW changed. Mine was unique to SOR.

I too have received spoof email from supposedly SOR members. Arrived in my Spam. Didn't open the attachment, deleted the message, and performed an in-depth scan. No infection was found.

Like
Login to Like
this post
hamilton

03 Oct 2015
09:08:56pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

PW changed. Thanks for the update

Like
Login to Like
this post
Members Picture
smaier

Sally
03 Oct 2015
09:33:25pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Changed. Thanks

Like
Login to Like
this post
Members Picture
TuskenRaider

03 Oct 2015
11:19:45pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim;

Changed my password too....
TuskenRaider

Like
Login to Like
this post

www.webstore.com/sto ...
Members Picture
Jopie

04 Oct 2015
01:04:55am

re: The Stamporama website has been hacked. PLEASE READ NOW.

I am getting e mails from auction houses i am not familiar with..we may have been spread around the philatelic community !

Like 
1 Member
likes this post.
Login to Like.
Members Picture
philb

04 Oct 2015
01:07:18am

Auctions

re: The Stamporama website has been hacked. PLEASE READ NOW.

The last post was mine...i thought i was logged on..but i guess not !Angry

Like
Login to Like
this post

"And every hair is measured like every grain of sand"
Members Picture
scb

Collecting the world 1840 to date - one stamp at a time!
04 Oct 2015
03:35:47am

re: The Stamporama website has been hacked. PLEASE READ NOW.

"Without giving away your family jewels, how do you manage your flock of passwords?"



Just one word - KeePass2
http://keepass.info

It's a 'geek tool' so there's a bit of a learning curve to get into it. But fortunately Youtube has got lots of videos that should get anybody started with it. Though it's officially Windows only, there is number of exensions/tools that integrate (make it work seamlessly) on ANY browser, device or operating system.

Once you get everything up and running, it works pretty much on the background (reminding when to renew passwords, fills usernames + passwords when required, creates new passwords when required etc). The only thing you'll really have to take care is have backups of your 'master password' file (which in itself can be crypted in number of ways) in case of computer crash etc.

-k-


Like
Login to Like
this post

www.stampcollectingb ...
Members Picture
snowy12

04 Oct 2015
05:11:37am

Auctions

re: The Stamporama website has been hacked. PLEASE READ NOW.

For some reason all my lots that finished today I have not received any emails regarding the sales ,have they been hacked as well?

Brian

Like
Login to Like
this post
Members Picture
Soundcrest

04 Oct 2015
06:31:09am

Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

I got the rest of mine about 30 minutes ago. I wondered about that as well but it was mentioned that there is an automatic extension of a lot if there is a bid within a certain time of the lot ending. I was not aware of that feature.

Greg

Like
Login to Like
this post

"Seesomething you like in my Hipstore? Contact me for a deal!"

www.hipstamp.com/sto ...
Members Picture
auldstampguy

Tim
Collector, Webmaster
04 Oct 2015
06:54:08am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Brian and Greg,
With the bulk email that I sent out yesterday re the website getting hacked, there was a big backup of emails to send. Brian, you have all your emails now, right?

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
snowy12

04 Oct 2015
07:36:19am

Auctions

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim
No still haven't received any from the auction.I just received a message through the board message system.
Brian

Like
Login to Like
this post
Members Picture
auldstampguy

Tim
Collector, Webmaster
04 Oct 2015
07:44:16am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Brian,
I'm not sure what has happened to your auction emails. It all looks OK on the server. Could you please check your spam/junk folders in your email program?

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
vincy4fish98

04 Oct 2015
02:06:25pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Thanks for the email and notification. PW changed!

Vince

Like
Login to Like
this post
bicolor04

04 Oct 2015
03:45:23pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi all, I only just received the info this morning, Monday.
I could not log in(password invalid) so have created a new profile/username/password.

All my internet registrations/passwords are in software from coffeecup.com
Its called "Lockerbox" check it out, it works. Different passwords generated by the software. I have been using it for a long time. So in short, every internet account I use has a different password.

To get any of my info one would have to hack my personal computer and then hack lockerbox.

On forums I always use a postal address of a Jail/Goal, after all I would say any communication on Forums is by email.

Like 
1 Member
likes this post.
Login to Like.

"www.austamps.com"
Members Picture
Rhinelander

Support the Hobby -- Join the American Philatelic Society
04 Oct 2015
03:54:37pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Bicolor04,

Of course, creating a new username/profile will wipe out your history here (history of lots sold and won, invoicing, discussions you participated under your old name etc. etc. etc.). It will also duplicate our member count (?). Better really not to become a 'new' member, but to use the "change password" function for your old username, which is now located below the login box. Perhaps Tim should make the link a little more prominent to avoid that members believe they must create new profiles.

Arno

Like 
2 Members
like this post.
Login to Like.
Members Picture
auldstampguy

Tim
Collector, Webmaster
04 Oct 2015
05:21:17pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

I put a note on each of the Login screens to bring peoples attention to the Forgotten Password link.

Regards ... Tim.

Like 
1 Member
likes this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
damiross

04 Oct 2015
07:48:33pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

I've been using LastPass for several years now. It's a great password generator and password vault program. You need to remember only one password - that's the one to access LastPass itself.

There is a free version available. I use the premium version ($12/year) so that I can access my passwords on my phone and tablet.

Please forgive me if it isn't appropriate to give publicity to other programs here.


Like
Login to Like
this post

damiross.net
Members Picture
auldstampguy

Tim
Collector, Webmaster
04 Oct 2015
08:12:25pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi David,
It is all good. LastPass sounds like a solution that would work for many of our members.

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
Milco

05 Oct 2015
02:29:25pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

...in the end, I changed it!!


Like
Login to Like
this post

stampmusthave.blogsp ...
Members Picture
Stevo45

06 Oct 2015
01:00:46am

re: The Stamporama website has been hacked. PLEASE READ NOW.


If you have trouble remembering passwords AND serial numbers AND other data numbers...........::

The password holder "Web Confidential" works very well for me also "PassDiary" for iPad and iPhone work in the same way................

Cheers

Steve.

Like
Login to Like
this post

www.ebid.net/au/stor ...
Members Picture
Stevo45

06 Oct 2015
01:02:25am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Milko,

Don't I know you from somewhere else?

Steve.

Like
Login to Like
this post

www.ebid.net/au/stor ...
jimjung

10 Oct 2015
07:13:34am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi, Thanks for the email. Pasword successfully changed. Please note that skymem does not want confidential data on their website and according to their faq you can delete documents from their site by clicking on the Remove Button above each document. Don't know if that's true. You cana lso remove data from google search results, etc.

http://www.skymem.com/faq

Like
Login to Like
this post
Members Picture
auldstampguy

Tim
Collector, Webmaster
10 Oct 2015
11:45:31am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Jim,
You are quite correct. I did make use of their "Remove" function. They don't guarantee that the data will stay removed, so I'm keeping an eye on it every couple of days.

Regards ... Tim.

Like 
1 Member
likes this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
Snick1946

APS Life Member
10 Oct 2015
03:03:58pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Not sure if related but note a debit of $24.10 on my Visa account dated today from a source I do not recognize.. It shows as pending so no use calling until Monday. I of course did not have this card # as part of my information on here but maybe someone used my password to access my account.


Like
Login to Like
this post
Members Picture
boseauro

15 Oct 2015
01:47:21am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi,

I had not reset the password earlier but it was working fine till today when I was unable to login to SOR.My password was saved so whenever I used to open SOR it always used to open the page with me logged in, but today it was not logging me in. I remembered my password but still it was not logging me in with my password. So, I had to reset the password and log in again.

Few questions to Admin:

1. Can anyone change my password without any email communication to the email address which is updated in SOR.

2. Assuming someone hacked the password of SOR and changed the email address from my profile, would not be an email communication sent to the earlier email ID which was there providing the info that your email address has been changed.

3. As I worked in the technical field earlier in server-networking,curious to know was there any technical gap which was opened when we were moved from the old to the new server of SOR.

4. We discussed about encryption, any update on it.

Thanks
Auro

Like
Login to Like
this post
Members Picture
auldstampguy

Tim
Collector, Webmaster
15 Oct 2015
08:36:50am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Boseauro,
Here are the answers to your questions:

1. Only you can change your password either by using the Change Password function in the members area or by using the Forgot Password link on the Login page.

2. Had your email address been changed?

3. We don't know if any technical gap that was opened up by moving to the new server.

4. All passwords are encrypted.

Regards ... Tim.

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
boseauro

15 Oct 2015
12:45:01pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Tim,

Thanks for your response.
Coming back to my first question:
When we change our password, is there any email communication sent? In this case I did not get any email when my password was changed,so I probably assuming my password was compromised.

After I reset my password it is working fine now.

Thanks
Auro

Like
Login to Like
this post
TribalErnie

23 Oct 2015
09:21:00am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Tim,

Please excuse me if these questions were already answered. I didn't see it if it was.


I just did a google search for my email address and I found where my email address, password and phone number were on the skymem website. Is there any way to get it off of there or is it just "tough luck"?
I saw the previous answer to this question, thanks.

Also, what else did they get? Do they have my name and address? I couldn't tell from what I saw.

What in the world is skymem.com anyway?

Thanks in advance,

-Ernie

Like
Login to Like
this post

A Service Dog gives a person with a disability independence. Never approach, distract or pet a working dog, especially when (s)he is in harness. Never be afraid to ask questions to the handler (parent).
23 Oct 2015
10:23:07am

re: The Stamporama website has been hacked. PLEASE READ NOW.

My old one is still listed in Google search too. Sad

Like
Login to Like
this post

"Let's find a cure for Still's Disease, Breast Cancer and Canine Addison's Disease. We CAN find a cure and save lives!!"

drkellyfleming.ca
Members Picture
auldstampguy

Tim
Collector, Webmaster
23 Oct 2015
07:31:54pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

Hi Ernie,
Skymem.com seems to be a website where hackers like to post their scalps (if you will excuse the term). If you are seeing a page on their website with your details, there should be a Remove button that you can use. I have done so and I thought that it had removed all of our information. I did a search using your email address and it seemed to be removed, but that could just have been the view that Google is giving me. Try clicking on the Remove button.

Regards ... Tim

Like
Login to Like
this post

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
Philatarium

APS #187980
23 Oct 2015
09:41:32pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

I think the data is still in the Google cache, but no longer on the Skymem site. I checked for my info, and that's what happened. Showed up in the Google search, but did not show up on the Skymem site.

Like
Login to Like
this post

"You gotta put down the duckie if you wanna play the saxophone. (Hoots the Owl -- Sesame Street)"

www.hipstamp.com/sto ...
cfc1967

01 Nov 2015
08:53:10am

re: The Stamporama website has been hacked. PLEASE READ NOW.

I am very disappointed by the lack of security on this site. This is not the first issue I have had with the site and must consider it the third strike.

I would hope that Tim would continue to check skymem.com to be sure our information is not re-posted. I am not sure we have heard the last of this yet.

How can I have my personal information removed from StampoRama? I no longer care to be a member of this site. Please advise me on how to proceed and how to document that my personal data is removed from this site.

Like
Login to Like
this post

They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -Benjamin Franklin
01 Nov 2015
11:31:41am

re: The Stamporama website has been hacked. PLEASE READ NOW.

Charlie,

There is no personal data on Stamporama that anyone with even a beginner's knowledge of the internet could not find out elsewhere. Anyone who believes that their private lives are safe from intrusion by a determined data miner is living in a fool's paradise. The internet is a dangerous place, but then so are the dark alleys of most of our cities. Good luck trying to find a safe haven on the WWW, you have a monumental task before you!

Like
Login to Like
this post

"The only thing necessary for the triumph of evil is for good men to do nothing. -Edmund Burke"

www.bobbybarnhart.ne ...
Webpaper

In loving memory of Carol, my wife for 52 years.

01 Nov 2015
02:01:18pm

Auctions - Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

" Anyone who believes that their private lives are safe from intrusion by a determined data miner is living in a fool's paradise."

How very true. Remember when many people put their social security numbers on their checks and the police recommended that you engrave your social security number on expensive items?

Now we are told to do whatever it takes to keep that number from anyone and to make sure you don't carry your social security card in your wallet. And yet the government uses your social security number for your Medicare number and you are supposed to carry that card with you. Add in that it appears on all of your medical records which cannot be referred to as "secure" by any stretch of the imagination.

Try tracking down an old classmate on the internet - you can usually find them easily. Even the difficult ones who have moved several times can generally be found in less than half an hour.

Like
Login to Like
this post

www.hipstamp.com/sto ...
Members Picture
auldstampguy

Tim
Collector, Webmaster
01 Nov 2015
03:21:02pm

re: The Stamporama website has been hacked. PLEASE READ NOW.

@cfc1967,
I understand your frustration. We have done everything that we can to secure the website, but we are not hackers and don't have the same type of knowledge as the people who broke into the website. My focus has always been on building not breaking. I continue to look for possible break-ins on a regular basis and I scan the internet to try and find our private information out there. But don't just leave this to me. I strongly encourage you to to be scanning the internet for your personal information. Do regular Google scans for your email address. This was how Arno originally discovered that we had been hacked.

Regards ... Tim.

Like 
2 Members
like this post.
Login to Like.

"Isaac Asimov once said if his doctor told him he was dying, he wouldn’t lament, he would just type a little faster. "

mncancels.org
Members Picture
rrraphy

Retired Consultant APS#186030
02 Nov 2015
03:03:32pm

Approvals

re: The Stamporama website has been hacked. PLEASE READ NOW.

The SOR is highly unstable today. I am unable to post elsewhere, and only after 1/2 hour of tries can I hope to issue this warning. Highly unstable. Login, edit, posts etc all seem to have issues.
Started at 10:30 am more or less CA time.
Rrr. Posting now in desperation before loosing the connection.

Like
Login to Like
this post

"E. Rutherford: All science is either physics or stamp collecting."
        

Contact Webmaster | Visitors Online | Unsubscribe Emails | Facebook


User Agreement

Copyright © 2024 Stamporama.com