Why in the world was it necessary to change passwords?? - 2014+ Jeep Cherokee Forums
User Tag List

 6Likes
Reply
 
LinkBack Thread Tools
post #1 of 11 (permalink) Old 06-17-2016, 06:22 PM Thread Starter
Hardcore Member
 
Join Date: Mar 2015
Posts: 509
Why in the world was it necessary to change passwords??

What was someone going to steal with my jeep cherokee website password? Now I'll have to change all my other passwords. At my age I'm lucky to remember one.
bojeep is offline  
Sponsored Links
Advertisement
 
post #2 of 11 (permalink) Old 06-17-2016, 06:45 PM
Super Moderator
 
gravitywell's Avatar
 
Join Date: Mar 2015
Location: Fairfax, VA
Posts: 3,330
Garage
Quote:
Originally Posted by bojeep View Post
What was someone going to steal with my jeep cherokee website password? Now I'll have to change all my other passwords. At my age I'm lucky to remember one.
As I replied in the other thread:

Quote:
Originally Posted by gravitywell
It's about general password standard practices.

A lot of people use simple passwords, which are easy to guess / crack. In addition, a lot of people use the same password in multiple places.

If someone gets access to your email address and password, they may have access to a lot more depending on your password practices.

It's always a good rule of thumb to change your password regularly, just for this very reason.

If website1 is compromised, how many other websites are you using the same exact username and password with? Your bank? Your paypal? Your email? Your amazon account?

In addition, having access to a forum gives someone a lot of access to personal information via your own admissions. If you spent time tracking down all 2500+ of my posts, you'd know a lot about me. Add in my profile information and you'd have a nice dossier on how to pretend to be me.

I've been the "victim" of credit card fraud. Someone opened a Best Buy credit card in my name. They opened in a store, using my social security number, my home address and everything. That means that somewhere out there, is a fake ID with my name and former address on it. (I say victim because the Creditor of the card caught it before the first bill arrived, they took care of everything.)

If you have trouble remember passwords, you should try something like LastPass Free. It will log and manage all of your passwords. It will even generate some CRAZY complicated passwords if you want it to. With it's use, you will only need to remember 1 Master Password. But, if you decide to go this route, make sure the Master Password is a pass phrase or very difficult.
AutoGuide Group provides this forum to us free of charge. They're completely within their rights as the owners to give us stringent password requirements to protect us, and them, from further attacks.

His: 2015 Cherokee TH: Brilliant Black; V6
Mods: Gobi Rack and Ladder; Interior/Exterior LED upgrade; Xenon-Depot No Resistor HIDs; Hazard Sky Fabrications Lift Kit

Hers: 2015 Renegade Trailhawk: Alpine White; 2.4L


Forum Rules.
gravitywell is online now  
post #3 of 11 (permalink) Old 06-20-2016, 02:17 PM
Member
 
almacd1814's Avatar
 
Join Date: Dec 2015
Location: Vancouver Island, B.C.
Posts: 92
Garage
Why in the world was it necessary to change passwords??

Bojeep...totally agree...took two weeks to figure out what the **** was going on!

Last edited by Len1304; 06-20-2016 at 07:42 PM.
almacd1814 is offline  
 
post #4 of 11 (permalink) Old 06-20-2016, 03:16 PM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,389
Garage
Quote:
Originally Posted by bojeep View Post
What was someone going to steal with my jeep cherokee website password? Now I'll have to change all my other passwords. At my age I'm lucky to remember one.
There is a self-referential problem and resolution in that statement.

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder. Mopar rock sliders. BFG KO2 245/70R17.
My testing platform for electronics/telemetry experimenting.
Rojhan is offline  
post #5 of 11 (permalink) Old 06-21-2016, 05:17 PM
Administrator
 
VS-Admin's Avatar
 
Join Date: Sep 2013
Posts: 437
Garage
Hey guys,

I understand your concerns with this sudden, and seemingly aggressive change.

And to clarify why we went ahead with these changes:

A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

Their system was compromised and they grabbed user data for us and thousands of others.
We cleared our part of the breach and went this route to further security.
This is also in place as many members on the internet use the same or similar passwords across all things they use.

Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used.
Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

We cannot go into detail at the moment as it is being dealt with on a legal level.

If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you for your patience and understanding,

Richard.

Test
VS-Admin is offline  
post #6 of 11 (permalink) Old 06-21-2016, 05:42 PM
Hardcore Member
 
hwstock's Avatar
 
Join Date: Oct 2014
Location: Las Vegas, NV
Posts: 499
I'm all for it. A bit of a pain, but wait till you deal with the true pain of mopping up after a hacker intrusion.

I always thought I was too careful to let a hacker get my password. Then last year my wife borrowed my laptop to help a neighbor whose computer "was running really slowly." Eventually, she downloaded a printer driver for the neighbor's printer, from one of those sites that helpfully collects all printer drivers. To install the driver, one has to put the computer in supervisor mode with all sorts of privileges. And with the driver, the virus protection was turned off (because it had supervisor privileges) and the "driver" installed a keystroke logger. Next time I logged into g-mail, the logger captured my password, and soon after my friends were receiving mails supposedly from me, and they innocently logged in to a site "I" recommended, and that site installed malware on their computers.

I acted as soon as I found the intrusion, and all the mopping-up took about 2 weeks. I changed a lot of passwords and added double authentication.
hwstock is offline  
post #7 of 11 (permalink) Old 06-21-2016, 06:17 PM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,389
Garage
Quote:
Originally Posted by hwstock View Post
I'm all for it. A bit of a pain, but wait till you deal with the true pain of mopping up after a hacker intrusion.
There are two types of people in the world; those that have been affected by a hack/leak/exploit, and those that will be.

Password strength will directly impact how much effort (delay, and go after the easy stuff first) will be needed to use your information.
Password re-use will directly impact the blast radius when your password is exposed.
gravitywell and ptrudel like this.

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder. Mopar rock sliders. BFG KO2 245/70R17.
My testing platform for electronics/telemetry experimenting.
Rojhan is offline  
post #8 of 11 (permalink) Old 06-22-2016, 12:36 AM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,389
Garage
It's not hypothetical, or crying wolf.
https://www.carbonite.com/en/resourc...ssword-attack/

Quote:
As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts.
Note: Not necessarily the current, known, issue, but this is exactly why myself and others are a bit passionate about passwords.
Quote:
We highly recommend all customers use “strong” unique passwords for Carbonite and all online accounts. Learn more about strong passwords at www.carbonite.com/safety. If you use the same or similar passwords on other online services, we recommend that you set new passwords on those accounts as well.
https://krebsonsecurity.com/2016/06/...all-passwords/
Quote:
GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites.
Both are recent events.
Quaestor likes this.

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder. Mopar rock sliders. BFG KO2 245/70R17.
My testing platform for electronics/telemetry experimenting.
Rojhan is offline  
post #9 of 11 (permalink) Old 06-28-2016, 12:32 PM
Enthusiast Member
 
Alfrik's Avatar
 
Join Date: Dec 2015
Location: Markham
Posts: 461
Quote:
Originally Posted by bojeep View Post
What was someone going to steal with my jeep cherokee website password? Now I'll have to change all my other passwords. At my age I'm lucky to remember one.
As a Systems Administrator, this statement drives me nuts. It's an immediate flag that says "here are the keys to my house, truck, and I'll hand over my grandkids too."

You should be using unique passwords for each and every login you use. Not only should they be unique, they should be 18-24 characters on minimum, and a mix of alphanumeric and special characters. It's a pain to remember all those, yes. So, you should be using a password manager, something like 1 Password (my personal choice), LastPass, or KeePass. On sites that allow it, always enable two-factor authentication.

As an aside, those of use using social media connectors, such as our Google ID, or Facebook ID, were we compromised as well?

\ | | | | | | | /

"Hawkeye" 2016 Granite Crystal Metallic TH, 3.2L, Cold Weather group, Tow group, Premium Leather group, 8.4AN HID Headlight upgrade Build date: 09/2015, BFG KO2 265/65/17, RRO Winch mount, RRO Super sliders.

Alfrik is offline  
post #10 of 11 (permalink) Old 06-30-2016, 11:32 AM
Administrator
 
VS-Admin's Avatar
 
Join Date: Sep 2013
Posts: 437
Garage
Quote:
Originally Posted by Alfrik View Post
As an aside, those of use using social media connectors, such as our Google ID, or Facebook ID, were we compromised as well?
As far as we know, no. As far as we know, not many accounts were officially compromised. The information is out there, it's just a question if anyone acted on it. And as far as we can tell, it seems to have been solved before anything dramatic could happen.

As long as you changed your password on this site when prompted, everything should be fine.

Also thanks for the help and information guys.
If you have any questions about this, please feel free to ask, we will answer with as much detail as we are able to.

Richard.

Test
VS-Admin is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the 2014+ Jeep Cherokee Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



  Similar Threads
Thread Thread Starter Forum Replies Last Post
New to Jeep World ourjep2016 2014+ Jeep Cherokee General Discussion 6 06-01-2016 07:52 PM
"change oil soon" warning 2000 miles after last change hwstock Engine and Technical Discussion 17 03-17-2016 06:37 PM
Hello World Bucko New Member Introductions 2 06-18-2015 01:16 PM
Hello world soft84 New Member Introductions 8 08-03-2014 07:19 PM
Hello World Kinsman74 New Member Introductions 15 07-30-2014 02:56 PM

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On