Redman Posted September 4, 2020 Share Posted September 4, 2020 Signed in and got a message about "data breech has exposed your password, recommend changing password", so I looked here in this forum section to see if any announcement with any elaboration on the subject. Nope. Somewhere else I should look? Note: Was first time in a longtime that I logged on with user name, typically have been using email addrs. I doubt that is of any significance, but thought should mention. Have been on as early as this morning, and multiple times in last couple weeks. But just saw the notice just now. Link to comment
chrisolson Posted September 4, 2020 Share Posted September 4, 2020 I"ve never seen or heard of that prior ... nothing that I know of. Checked on vendor site ....nothing. We are a cloud account so any "data breach" is pretty remote. If for some strange reason it happens again, if you have a chance make a "screen shot" 2 hours ago, Redman said: Note: Was first time in a longtime that I logged on with user name, typically have been using email addrs. I doubt that is of any significance, but thought should mention. I don't know that there is a direct correlation either, but there might be something since when trouble shooting one always looks for something that changed. Might try an experiment and log in with email a few times and then back with user name to see if it triggers again. If you use Chrome .... you might check out this article LINKY Personally, I'd not have a worry .... but if you feel the need (like for some reason the BMWST password is the same for your banking) .... no harm in changing password. Link to comment
dduelin Posted September 9, 2020 Share Posted September 9, 2020 Phishing scams are everywhere, everyday, lots of bad guys trying any way they can to get a good username and password from an unsuspecting victim. Lots of people use the same combination for accessing multiple web sites and the bad guys know it. Spelling "breech" rather than "breach" is a clue and often phishing scams use strange or awkward grammar. 1 Link to comment
Colorado Jeff Posted September 9, 2020 Share Posted September 9, 2020 On 9/4/2020 at 4:07 PM, chrisolson said: We are a cloud account so any "data breach" is pretty remote. So, this falls into what I do for a living. Being a cloud account does not, in any way, shape or form, protect you from a breach or ransomware or theft. As a entity that is relying on a cloud account, you must and should continue to backup and protect your data regardless. There's been plenty of cloud orgs that have been breached, and will continue to be a target. Why? Because that's where the valuable data resides! Remember, with a cloud account all you're doing is renting space on someone else's data center. You have to trust that they know what they're doing, and are actually doing what they are supposed to be doing. That's a lot of trust for your important data. I would keep my own data on my own premises that I control and protect. But, that's just me. Link to comment
chrisolson Posted September 10, 2020 Share Posted September 10, 2020 9 hours ago, Colorado Jeff said: Remember, with a cloud account all you're doing is renting space on someone else's data center. In this case, not entirely ... our flavor of this forum software is a package integrated with the hosting environment which is owned by the vendor. The vendor is an integrated business responsible for developing and maintaining the software and for their cloud accounts (like us) this also includes the hardware infrastructure, the network environment , local site data individual backups and protecting against any type of attack . This includes 24x7 maintenance support for software / environment issues that may affect the normal operation of the site. When I said remote, yes, anything is possible ... but I meant that all reasonable efforts are already made by the vendor and at a level equal to or better than we could supply ourselves. In addition, any information concerning any security breach would be posted on the vendor's own client forum (which I monitor regularly) which means we'd probably know a lot quicker concerning any issues than if we were self hosted or part of a 3rd party hosting service. The vendor has been in the forum business for quite a while and have a very large client base (both cloud and individual) and I believe if there had been a history of issues (or even current ones) there would be/ have been a lot chatter about it on the vendor client forums. There is also a separate version than can hosted either locally or in another data center which requires outside backup or protection which I would agree would require more concern / attention. We consciously chose to outsource the technical details and maintenance. Lastly, I believe there really isn't much here that is of any value in the way of PII or other valuable "data" that would grab the attention of unscrupulous persons. 1 Link to comment
chrisolson Posted September 10, 2020 Share Posted September 10, 2020 Just to cap this off, I believe what Redman experienced was a Chrome browser specific message ... another LINKY ... and not associated directly with BMWST Link to comment
Redman Posted September 19, 2020 Author Share Posted September 19, 2020 On 9/4/2020 at 6:07 PM, chrisolson said: I"ve never seen or heard of that prior ... nothing that I know of. Checked on vendor site ....nothing. We are a cloud account so any "data breach" is pretty remote. If for some strange reason it happens again, if you have a chance make a "screen shot" I don't know that there is a direct correlation either, but there might be something since when trouble shooting one always looks for something that changed. Might try an experiment and log in with email a few times and then back with user name to see if it triggers again. If you use Chrome .... you might check out this article LINKY Personally, I'd not have a worry .... but if you feel the need (like for some reason the BMWST password is the same for your banking) .... no harm in changing password. THanks for looking into that. I have tryed logging on with email and with username. Got the same. Multiple times over several days. Only on this site, not others. And did then notice was more of a Chrome thing. The notice is from Chrome, not BMWST. But it is worded in very specific wording that a breech did occur, and wording specifically names this site. It reads like Google had some way to know that a breech did occur on BMWST. Then I remembered something someone told me (although about reading technical manauls) that is if something translated from other language to English, that often the tense of verbs are wrong. Okay. No concern. Link to comment
Redman Posted September 19, 2020 Author Share Posted September 19, 2020 On 9/9/2020 at 9:19 PM, chrisolson said: Just to cap this off, I believe what Redman experienced was a Chrome browser specific message ... another LINKY ... and not associated directly with BMWST Looking at your link again. /////QUOTE Cause: Your password is most likely weak, and Chrome is alerting you about this. ///////EndQUOTE Yah, that is probably the cause, and why is happening to this site. BUt the message specifically says something other than that. Link to comment
chrisolson Posted September 19, 2020 Share Posted September 19, 2020 4 hours ago, Redman said: But it is worded in very specific wording that a breech did occur, and wording specifically names this site. It reads like Google had some way to know that a breech did occur on BMWST. It names BMWST because that is where you are when the Chrome /Google process matches your email/password (that you just used) in its database ... not that it knows BMWST specifically has had a data breech. Its saying "hey, it looks like the username (or email) / password combo you just used is appearing in our database of billions of records from hacked sites and since we know you just used it on BMWST you should change it there. another linky Is it possible you have used the same email or username / password combo on another site somewhere .... at any time now or in the past? BMWST can use either the email/password or (site username)/password ....many other sites don't maintain a separate username (as well as email) but use your email as the username. This means since you may have had the same email for years, if you've ever used the same password anywhere else and that site was in the Chrome/Google database....it would trigger the alert. Bottom line, I still can find no evidence in searching our vendor's site (which is quite extensive) that BMWST or any of their other hosted customers has had a "data breech". That's not definitive proof, but I'm still confident that if there was a problem, it would have been made public through their support forums or somewhere on their site ... not because I have total faith in their honesty ... but because other customers would have posted something about their own issue. Note: there appear to be several sites that will check to see if your email shows up in a database of sites known to have been hacked Linky I tried my own email and it came back with several sites ... a couple of which i know I had accounts (like LinkedIn) and a couple I was not so sure of. BMWST was not listed. You might also try this LINK which is for the Google Password Checkup Link to comment
szurszewski Posted September 19, 2020 Share Posted September 19, 2020 12 hours ago, chrisolson said: Is it possible you have used the same email or username / password combo on another site somewhere .... Mr. Olson! Don't insult the man - *no one* would EVER do that... (is there a "looks sheepishly at his own feet with hands in pockets" smiley? ...I need one right now...) 1 Link to comment
chrisolson Posted September 19, 2020 Share Posted September 19, 2020 1 minute ago, szurszewski said: Mr. Olson! Don't insult the man - *no one* would EVER do that... (is there a "looks sheepishly at his own feet with hands in pockets" smiley? ...I need one right now...) Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now