@Moderator 1 Wondering how much , if any, of our info was compromised. That was quite the website that appeared when I tried to view the forum yesterday. :eek:
And as a follow-up, I donât even see an option to change my login within my user settings, profile, or anywhere elseâŠ
2 Likes
I was surprised this morning that there was no announcement about that forum take over yesterday from COTH.
I guess it is never a bad idea to change your password.
1 Like
Iâd like to know if my email address, DOB, login and/or password was accessed by the hackers.
2 Likes
I think in general it is VERY IMPORTANT not to use the password you use here anywhere else. If you are using this password for any other account - especially something important like banking, email, or the like, change those passwords now. Make sure each are unique. Ideally your passwords should be longer than 8 characters, ideally longer than 12.
Your lock password for your computer, your password for banking, your password for email, those passwords all need to be unique to each site and difficult to guess. Please donât use a password for any of those that is in the 100 most common passwords. https://github.com/danielmiessler/SeâŠ17-top1000.txt
If your password is âmonkeyâ, âprincess1â, or â12345â itâs laughably easy to guess.
Picking good passwords doesnât have to mean a lot of random numbers and letters. Being long is more important than the special characters. String 4 random words together, maybe add a number, and your password is unlikely to be guessed but will be easy to remember.
It may be of help to you to use a password manager like LastPass or 1Password to track multiple passwords. Know your threat model to know if your most likely attack is someone in your home or office, someone trying to access your device while traveling, or an overseas hacker to decide how you want to store them.
I assume that the problem was this: https://arstechnica.com/information-âŠvbulletin-bug/
IE, not the fault of COTH admins but severe and unfortunate.
4 Likes
I am well aware of how to manage my passwords. I would like to know if my password for COTH and my DOB and email may have been accessed.
6 Likes
You change your password by getting into account settings - click your name up above the COTH page banner, over on the left hand side. Then click the [Change Password] button shown below your account info.
2 Likes
@skydy after reading the Ars Technica article I think you should act as if they were. Itâs likely that the COTH staff does not know the answer but the vulnerability reported means it was possible that they were able to see anything in the database stored in plaintext.
FWIW your email and your DOB are probably already semipublic due to various other public records. I use a false DOB on COTH but that doesnât help now.
The rest of the info I posted for anyone reading, since most people here are likely not savvy about password management.
I thought was strange that so many people were born on January 1st
Why is Monkey a common password?
I must have missed a memo. I never would have guessed that one.
1 Like
Neither would I. :lol:
lol who knows? Lots of first names, lots of variations of 12345, etc.
The original list comes from a data breach of 32 million passwords, and it was found that something like 20% of them were in the top 100. This totally changed brute force password hacking from dictionary attacks to attacks that hit the top 5000 or so common passwords.
Fun fact: the ârandomâ looking passwords on that list are common words in languages that donât use an ASCII keyboard, such as Chinese.
Also high on the list is âsupermanâ but âprincessmonkeysupermanâ would probably be a decent password. 
COTH did make an announcement on Facebook⊠but yeah weird they didnât include anything directly on the forum announcements for those that donât have Facebook or check it often.
Direct link to change COTH password:
https://www.chronofhorse.com/account/EditAccount (that will take you to your account information which you can also get to by clicking your name in the top left corner)
You should always be changing your passwords. If youâve had the same password for 10 years then⊠well it is a matter of time before your info is taken in this day and age. You can check Have I Been Pwned (pun on owned) https://haveibeenpwned.com/ to search if your email was ever a part of a known data breach. If you see any sites associated with your email and you havenât changed your passwords recently AND they all match - go change them asap. If you see any sites on there that you DONâT use and can still get into I suggest logging in and changing the associated email to something different (I have a throw away gmail one I use for things that I donât need frequently) as well as the password. I actually use multiple real email addresses and my accounts are all different passwords because I donât want one login to get me screwed over across the board. I also have two factor authentification on EVERYTHING. Fool me once shame on you (yes, I got hacked pretty bad once upon a time) fool me twice shame on me⊠havenât fooled me twice because I take protecting my accounts very seriously. Sad that it has to be done, but not everyone plays nice on the interwebs.
ETA - if you want to see how many times a password has been âpwnedâ you can click on the top link that says passwords or here is the direct link. https://haveibeenpwned.com/Passwords . As of this post the password âpasswordâ has been pwned 3,730,471 times while the closely related âp@sswordâ comes in at 13,635. Still a lot. The password â12345678â has been pwned 2,938,594. âMonkeyâ has been pwned 987,676 times. It really can be disturbingly amusing to see what common words people end up using as passwords.
1 Like
And yet another reason why it would make sense for them to say something here now that they are back up.
I follow COTH on Facebook, but I never saw any of that on my news feed. We all know how Facebook only shows you what it wants to show you.
1 Like
This? Not sure Iâd count this as an announcement about whatever happened yesterday :-/
https://www.facebook.com/82392280313/posts/10162565446520314/
They can do better about telling us what was compromised and if we need to worry. Itâs not just passwordsâŠwhat about the credit card info they store, too?
1 Like
Ok dumb question. What is the risk if âtheyâ do have our password? That someone is going to post spam under your name?
I saw someone mention a credit card, but Iâve never used a card related to anything on COTH.
1 Like
Do you use the email/password combo here for anything else?
If no, then your risk if there was a breech is low. Good job, thatâs how you should be creating passwords :yes:
If yes, then those things you use this user name/password combo are at risk. Or, really, any user name associated with you, or related password. A whole lot of people use the same password in a bunch of places because it can be a pita to remember hundreds of different ones for everywhere we go online.
COTH stores credit card numbers for magazine subscribers. Or has a payment service that does. I only saw the forums down yesterday, but the fb post doesnât specify only the forum and iirc, part of the update a couple years ago was integrating everything. SoâŠwhatâs the risk with what happened yesterday?
1 Like
Apparently they were hacked by a dubious entity because when one tried to enter the forum, a completely unrelated and very sketchy web page appeared.
I changed my pw today; better safe than sorry
1 Like
The fact that a very dubious web page came up when I tried to use the forum, is why I rather expected some notification about what, if any, information had been compromised.
