Mike O Posted February 2, 2012 Share Posted February 2, 2012 Anybody else get this email;? "On or about January 27th our Forum membership database was compromised. We believe user names and email addresses were exposed in a readable format. Passwords were also exposed, but in a highly encrypted format that is difficult to decode. However, since these are common credentials for both the Forum and your membership account on the MOA web site, we strongly recommend that you change your password on the MOA web site." Or is this bogus? When I go to the web site there is NO mention of this. Mike O Link to comment
Paul Mihalka Posted February 2, 2012 Share Posted February 2, 2012 I got the same mail. Link to comment
johnlt Posted February 2, 2012 Share Posted February 2, 2012 I did also but I haven't been a member for nearly 10 years. Link to comment
SageRider Posted February 2, 2012 Share Posted February 2, 2012 Me too. Password already changed. http://www.bmwmoa.org/forum/showthread.php?t=58115 edit: Link above is BMWMOA post describing the event and the mass emailing. Link to comment
upflying Posted February 2, 2012 Share Posted February 2, 2012 No email here. Phishing? Link to comment
mrzoom Posted February 2, 2012 Share Posted February 2, 2012 Got it too. I called them and it is real. Changed pass word and as luck would have it the e mail they had is no longer valid so I fixed that. Link to comment
hopz Posted February 2, 2012 Share Posted February 2, 2012 I got it too... Changing P/W on the MOA site does not seem to be helpful. If you use the same P/W for other sites, then change them. Link to comment
SageRider Posted February 2, 2012 Share Posted February 2, 2012 ... Changing P/W on the MOA site does not seem to be helpful. ... Why not? Link to comment
marcopolo Posted February 2, 2012 Share Posted February 2, 2012 Got the same e-mail and I changed my password on their site with no difficulty whatsoever. Link to comment
99Roadster Posted February 2, 2012 Share Posted February 2, 2012 ... Changing P/W on the MOA site does not seem to be helpful. ... Why not? Your email address was compromised along with your password. Link to comment
Mike Posted February 2, 2012 Share Posted February 2, 2012 Got it, too. If I could also make a recommendation for folks here: We, of course, don't store any financial info since we're non-commercial, but I've seen some pretty weak passwords used here. It would be wise to make sure you have a strong password and that you are using something here other than the username/password combo that you use for websites that may have your financial information. The dipsticks who are hacking successfully into websites like the MOA will probably eventually try it here. Link to comment
Jaguar Posted February 2, 2012 Share Posted February 2, 2012 Thanks for the heads up. It's been a while since I've been to MOA's website. I didn't receive the e-mail because all my info was out of date. E-mail address, phone number, model of bike, etc. I went in and changed my password and updated everything. Link to comment
SageRider Posted February 2, 2012 Share Posted February 2, 2012 ... Changing P/W on the MOA site does not seem to be helpful. ... Why not? Your email address was compromised along with your password. Changing the board password (to a complex and unique password) does not address the email related issues, but does address the compromised board user name and password issue. Hopefully BMWMOA will also implement an account lockout policy (Account locks after 3-5 incorrect login attempts within an hour or something similar). Link to comment
hopz Posted February 2, 2012 Share Posted February 2, 2012 Michael, and others, what I was saying was that changing your password on the MOA site was good, now that the horses are out of the barn. It will not do anything for the places on the web where you are using the same password since the scofflaws already have it. If they wanted to get into your account on MOA they would be able to read your posts and not much else... just my first thoughts. If you have others I am happy to learn from all. Link to comment
Joe Frickin' Friday Posted February 2, 2012 Share Posted February 2, 2012 Changing the board password (to a complex and unique password)... Re: password strength, an interesting perspective here. Summary: you can make a password that's easy for you to remember but extremely hard for computers to guess. all you need to do is string together four common words in an unusual phrase, ideally something you can visualize. No caps, no weird characters, no numbers, just four lower-case words. Link to comment
SageRider Posted February 3, 2012 Share Posted February 3, 2012 Hopz, the same BMWMOA Forum account can be used on the BMWMOA store with a stolen credit card number... But yes, a major risk is if one uses the same password in multiple places. Link to comment
SageRider Posted February 3, 2012 Share Posted February 3, 2012 JFF, another perspective is one I encountered recently: One only needs to use complex passwords they can remember on sites they constantly access such as online banking, email, BMWST, etc. For the remainder, a complex password can be used, but there is no need to remember. Simply use the forgot password function on the site logon screen. This will typically either email the password to you or reset the password and allow you to set a new password. Link to comment
tvguy Posted February 3, 2012 Share Posted February 3, 2012 I to received the same email. I went out and changed the basic info. BUT the real problem I am seeing on my own motorcycle site is the bogus people from someplace in Africa and surrounding areas joining the site and then trying to phish info from the members. Like this site you really have to look at the people trying to join. My site has 3 Q's you have to answer and then I look at the IP address to see what part of the country you are from. Its good to have great admins that keep and eye on this site. Link to comment
Robus Posted February 3, 2012 Share Posted February 3, 2012 I to received the same email. I went out and changed the basic info. BUT the real problem I am seeing on my own motorcycle site is the bogus people from someplace in Africa and surrounding areas joining the site and then trying to phish info from the members. Like this site you really have to look at the people trying to join. My site has 3 Q's you have to answer and then I look at the IP address to see what part of the country you are from. Its good to have great admins that keep and eye on this site. BMW MOA is overzealous I'd say. I tried to register a year and a half ago when I bought the RT. Never was able to activate. Contacted the site master. No reply. Link to comment
Mike Posted February 3, 2012 Share Posted February 3, 2012 I to received the same email. I went out and changed the basic info. BUT the real problem I am seeing on my own motorcycle site is the bogus people from someplace in Africa and surrounding areas joining the site and then trying to phish info from the members. Like this site you really have to look at the people trying to join. My site has 3 Q's you have to answer and then I look at the IP address to see what part of the country you are from. Its good to have great admins that keep and eye on this site. There's quite a bit that goes on behind the scenes here; in the last year we've seen a significant increase in attempts by spammers and general dirtbags to get obtain accounts. We've gotten to the point where we're pretty good at heading them off at the pass, but the bad guys are evolving in response to the efforts of the attempts to thwart them. Link to comment
Selden Posted February 3, 2012 Share Posted February 3, 2012 A well run web site is like a duck on a lake: it looks smooth, but beneath the surface there is a tremendous amount of paddling. Hats off to people like admins who rarely receive recognition for what they do. Link to comment
Kathy R Posted February 3, 2012 Share Posted February 3, 2012 I'm mad that the BMWMOA site has to deal with that crap. We have been lucky and we have all been vigilant. I'll add that another reason this site works well is that the members make efforts to keep it that way. Giving Admins a heads up when you see something smarmy goes a long way to keeping the surface water smooth. OK, you want me to say it? GROUP HUG! Link to comment
enfoman Posted February 3, 2012 Share Posted February 3, 2012 I think the BMWMOA has been working on it since there was weird activity happening in the For sale section. Somehow those strange offers from Africa and such were popping up to sellers. I don't know a thing about web browsing code, but when things like that happen in a for sale by only members with access, things should send huge red flags and smoke signals for alerts IMO. Link to comment
RoyTemple Posted February 4, 2012 Share Posted February 4, 2012 Got it & password changed. Link to comment
motorman587 Posted February 4, 2012 Share Posted February 4, 2012 The problem with my strong password is I will forget it..........lol Got the same and changed all my passwords. Better safe than sorry I guess. Link to comment
BrianT Posted February 4, 2012 Share Posted February 4, 2012 Got the same email. Haven't accessed that account in years. Won't let me change the password because it says my account is expired so I guess it doesn't matter. Just gotta remember to change it if I ever reactivate. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.