Jump to content
BMWSportTouring
Sign in to follow this  
Mike O

BMW MOA Compromised?

Recommended Posts

Mike O

Anybody else get this email;?

 

"On or about January 27th our Forum membership database was compromised. We believe user names and email addresses were exposed in a readable format. Passwords were also exposed, but in a highly encrypted format that is difficult to decode. However, since these are common credentials for both the Forum and your membership account on the MOA web site, we strongly recommend that you change your password on the MOA web site."

 

Or is this bogus? When I go to the web site there is NO mention of this.

 

Mike O

Share this post


Link to post
Share on other sites
Paul Mihalka

I got the same mail.

Share this post


Link to post
Share on other sites
ltljohn

Me too.

Share this post


Link to post
Share on other sites
johnlt

I did also but I haven't been a member for nearly 10 years.

Share this post


Link to post
Share on other sites
upflying

No email here.

Phishing?

Edited by upflying

Share this post


Link to post
Share on other sites
mrzoom

Got it too. I called them and it is real. Changed pass word and as luck would have it the e mail they had is no longer valid so I fixed that.

Share this post


Link to post
Share on other sites
hopz

I got it too...

 

Changing P/W on the MOA site does not seem to be helpful.

 

If you use the same P/W for other sites, then change them.

 

 

Edited by hopz

Share this post


Link to post
Share on other sites
SageRider
...

Changing P/W on the MOA site does not seem to be helpful.

...

 

Why not?

Share this post


Link to post
Share on other sites
marcopolo

Got the same e-mail and I changed my password on their site with no difficulty whatsoever.

Share this post


Link to post
Share on other sites
99Roadster
...

Changing P/W on the MOA site does not seem to be helpful.

...

 

Why not?

 

Your email address was compromised along with your password.

Share this post


Link to post
Share on other sites
Mike

Got it, too.

 

If I could also make a recommendation for folks here: We, of course, don't store any financial info since we're non-commercial, but I've seen some pretty weak passwords used here. It would be wise to make sure you have a strong password and that you are using something here other than the username/password combo that you use for websites that may have your financial information.

 

The dipsticks who are hacking successfully into websites like the MOA will probably eventually try it here.

 

 

Share this post


Link to post
Share on other sites
Jaguar

Thanks for the heads up. It's been a while since I've been to MOA's website. I didn't receive the e-mail because all my info was out of date. E-mail address, phone number, model of bike, etc. I went in and changed my password and updated everything.

Share this post


Link to post
Share on other sites
SageRider
...

Changing P/W on the MOA site does not seem to be helpful.

...

 

Why not?

 

Your email address was compromised along with your password.

Changing the board password (to a complex and unique password) does not address the email related issues, but does address the compromised board user name and password issue. Hopefully BMWMOA will also implement an account lockout policy (Account locks after 3-5 incorrect login attempts within an hour or something similar).

Share this post


Link to post
Share on other sites
hopz

Michael, and others, what I was saying was that changing your password on the MOA site was good, now that the horses are out of the barn. It will not do anything for the places on the web where you are using the same password since the scofflaws already have it. If they wanted to get into your account on MOA they would be able to read your posts and not much else... just my first thoughts.

If you have others I am happy to learn from all.

Share this post


Link to post
Share on other sites
Joe Frickin' Friday
Changing the board password (to a complex and unique password)...

 

Re: password strength, an interesting perspective here. Summary: you can make a password that's easy for you to remember but extremely hard for computers to guess. all you need to do is string together four common words in an unusual phrase, ideally something you can visualize. No caps, no weird characters, no numbers, just four lower-case words.

 

Share this post


Link to post
Share on other sites
SageRider

Hopz, the same BMWMOA Forum account can be used on the BMWMOA store with a stolen credit card number...

But yes, a major risk is if one uses the same password in multiple places.

Share this post


Link to post
Share on other sites
SageRider

JFF, another perspective is one I encountered recently:

One only needs to use complex passwords they can remember on sites they constantly access such as online banking, email, BMWST, etc.

For the remainder, a complex password can be used, but there is no need to remember. Simply use the forgot password function on the site logon screen. This will typically either email the password to you or reset the password and allow you to set a new password.

Share this post


Link to post
Share on other sites
tvguy

I to received the same email. I went out and changed the basic info. BUT the real problem I am seeing on my own motorcycle site is the bogus people from someplace in Africa and surrounding areas joining the site and then trying to phish info from the members.

 

Like this site you really have to look at the people trying to join. My site has 3 Q's you have to answer and then I look at the IP address to see what part of the country you are from. Its good to have great admins that keep and eye on this site.

Share this post


Link to post
Share on other sites
Robus
I to received the same email. I went out and changed the basic info. BUT the real problem I am seeing on my own motorcycle site is the bogus people from someplace in Africa and surrounding areas joining the site and then trying to phish info from the members.

 

Like this site you really have to look at the people trying to join. My site has 3 Q's you have to answer and then I look at the IP address to see what part of the country you are from. Its good to have great admins that keep and eye on this site.

 

BMW MOA is overzealous I'd say. I tried to register a year and a half ago when I bought the RT. Never was able to activate. Contacted the site master. No reply.

Share this post


Link to post
Share on other sites
Mike
I to received the same email. I went out and changed the basic info. BUT the real problem I am seeing on my own motorcycle site is the bogus people from someplace in Africa and surrounding areas joining the site and then trying to phish info from the members.

 

Like this site you really have to look at the people trying to join. My site has 3 Q's you have to answer and then I look at the IP address to see what part of the country you are from. Its good to have great admins that keep and eye on this site.

 

There's quite a bit that goes on behind the scenes here; in the last year we've seen a significant increase in attempts by spammers and general dirtbags to get obtain accounts. We've gotten to the point where we're pretty good at heading them off at the pass, but the bad guys are evolving in response to the efforts of the attempts to thwart them.

Share this post


Link to post
Share on other sites
Selden

A well run web site is like a duck on a lake: it looks smooth, but beneath the surface there is a tremendous amount of paddling. Hats off to people like admins who rarely receive recognition for what they do.

Share this post


Link to post
Share on other sites
Glenn Reed

+1

Share this post


Link to post
Share on other sites
Kathy R

I'm mad that the BMWMOA site has to deal with that crap. We have been lucky and we have all been vigilant.

 

I'll add that another reason this site works well is that the members make efforts to keep it that way. Giving Admins a heads up when you see something smarmy goes a long way to keeping the surface water smooth.

 

OK, you want me to say it? GROUP HUG! :D

 

Share this post


Link to post
Share on other sites
enfoman

I think the BMWMOA has been working on it since there was weird activity happening in the For sale section. Somehow those strange offers from Africa and such were popping up to sellers. I don't know a thing about web browsing code, but when things like that happen in a for sale by only members with access, things should send huge red flags and smoke signals for alerts IMO.

Share this post


Link to post
Share on other sites
RoyTemple

Got it & password changed. :thumbsup:

Share this post


Link to post
Share on other sites
motorman587

The problem with my strong password is I will forget it..........lol Got the same and changed all my passwords. Better safe than sorry I guess.

Share this post


Link to post
Share on other sites
BrianT

Got the same email. Haven't accessed that account in years. Won't let me change the password because it says my account is expired so I guess it doesn't matter. Just gotta remember to change it if I ever reactivate.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×