Password hacked

AntonLargiader · Apr 21, 2020

I got an email from a wanna-be scammer listing a password that of mine that he had. It was from here only, and I haven't used it in forever (it was to a previous account) so it's nothing to me, but if several people have the same thing happen then it might mean that there's been a data breach here.

Danielg42 · Apr 21, 2020

yea, I changed mine this morning....
It was an old and short password I had used here, but for me it could have been breached elsewhere, as well...

AntonLargiader · Apr 21, 2020

OK. FWIW here's the email I got; let me know if you got the same one. He listed the actual password in the subject and the first line.

EDIT: OK, looks like it can't be pasted. Must all be unicode or something.

lousyg · Apr 22, 2020

This has been going on for nearly a year. I use an email address specifically for tdiclub and I started getting these messages early 2019. I still get them occasionally (got a new one yesterday). A couple of us brought it up then but I'm not sure if anything was ever done.

I think I'm going to change my password here (to something new/unique) and see if the spam starts referencing the new password. That should tell us if the site is still hacked.

Edit: I'll add that I looked at the bottom of the page and see the site runs "vBulletin" version 3.8.5. The current released version is 5.5.6. Also, a quick Google search shows that there are multiple exploits that affect the version tdiclub runs. Hard to tell if they actually affect the site configuration, but it's always a good idea to keep the website software up to date.

EECSentric · Apr 22, 2020

I received the same type of email which included an attempt at extortion, etc.

I would strongly amplify the request to the admins to update the server & vBulletin. If the server is compromised, then the issue goes beyond someone stealing passwords. From my experience, they can also insert trojans and other malware directly on the site which can lead to the site getting blocked by google and ISPs. It's a huge hassle getting back from that.

VW Derf · Apr 22, 2020

Hi Everyone,

Thanks for bringing this to our attention and we are looking into this. General recommendations are to use different passwords for different sites and to change passwords periodically.

tvmaster · Apr 27, 2020

Hackers / extortionists breached TDIClub

Happened to me this week as well. They got email address and password. Haven’t logged in in about three years, until today when I changed email & password. Has this breach been reported to users? If so, I don’t remember getting the email. ***?

tvmaster · Apr 28, 2020

VW Derf said:
Hi Everyone,

Thanks for bringing this to our attention and we are looking into this. General recommendations are to use different passwords for different sites and to change passwords periodically.

Hi. So you’ve had a week to ‘look into it’. What did you find? Who breached the site, and what information did they get, if any? We’d like to know so as to secure other emails/accounts/passwords which may be tied to TDIClub.
Thanks

pedroYUL · Apr 28, 2020

This can happen to you on a different mechanism: if you store your passwords in your browser, or phone, use autofill, Tapatalk...and that device gets compromised.

I'm sure there is other ways your info could leak, but that is the one that comes to mind right now.

I have not received any emails with my login and password to this site, or any site...knock on wood.

40X40 · May 1, 2020

I got a similar threatening email. My password was unique to this site. If the site continues to run on an antiquated version of vBulletin, it will happen again.

IndigoBlueWagon · May 2, 2020

I recently saw one of these emails in my spam folder, didn't occur to me that it might be from here. I wasn't terribly concerned about it. Honestly, we all have to operate on the assumption that any site we visit, any computer we use on a network, and our phones can be compromised at any time. Use good practices regarding usernames, passwords, and two factor authentication, and you'll minimize your exposure. That's really the best you hope for. My username and password here is unique to this site, and there's no type of payment processing done here (PayPal doesn't count). So I'm OK with continuing to visit TDIClub.com.

Those of you that visit idparts.com may have noticed we have a new store platform. Although it provides a lot of improvements we wanted on our shopper experience, the big motivator for the upgrade is improved security. It's an ongoing effort.

tomo366 · May 4, 2020

I am getting these threatening emails 3–4 times a week tomo366 which is my login but not my password anywhere

VW Derf · May 4, 2020

Hi everyone,

Sorry for the delay in responding directly to this. I have been looking into this and while I have not tracked down any specific compromise of the forms, it is entirely possible at one point it may have happened at some point in the past given the feedback from members.

If you receive such an email, please delete it and do not respond to it as they are obliviously a scam. Also please change your password, especially if you used the same username/password combination across other sites in the past as that is considered a bad practice. I highly recommend everyone follow password management best practices such as not reusing passwords between sites and changing them periodically along with following other best practices.

Moving forward I have spent all my available time of the last several of weeks restarting the migration of this forum software that is better support and modern. While I have made numerous attempts over the past few years, they have always been stopped due to a few issues. The most significant was the fact that the two potential platforms that were viable did not properly support linking to many of the existing images and documents nor adding new resources, specifically anything that isn’t an image (i.e. PDF, word files, etc.). IMHO those are very valuable resources I did not want to loose that info from the past and into the future. While both options that I have considered have made many advancements in the past few years to limit the loss of data, they still aren’t 100%.

I have come to the unfortunate conclusion that it won’t be a perfect migration to a new platform, so I’m pressing ahead and will just select the option that will be good enough. Once the test migrations to these two test platforms is complete, I will solicit some input from the membership to help determine which software to move to. I’ve almost completed the migration to one of the test sites, but I am still working with support on the other option to deal with some migration issues. I’m hoping to have the test sites up early next week, but some of the progress is out of my hands.
Anyways, I wanted to give everyone a quick update so you don’t thing this issue is being ignored and a path forward is being rigorously being worked on.

Fred

BobnOH · May 12, 2020

One strong vote for keeping this platform. Do you think it's any less secure? There's been a rash of hostage type scams recently, most of what they get is old data, they all want bitcoin. One had my home password, I did not respond, nothing happens, changed my password a week or 2 later.

Ludachris · Jun 8, 2020

VW Derf said:
Hi everyone,

Sorry for the delay in responding directly to this. I have been looking into this and while I have not tracked down any specific compromise of the forms, it is entirely possible at one point it may have happened at some point in the past given the feedback from members.

If you receive such an email, please delete it and do not respond to it as they are obliviously a scam. Also please change your password, especially if you used the same username/password combination across other sites in the past as that is considered a bad practice. I highly recommend everyone follow password management best practices such as not reusing passwords between sites and changing them periodically along with following other best practices.

Moving forward I have spent all my available time of the last several of weeks restarting the migration of this forum software that is better support and modern. While I have made numerous attempts over the past few years, they have always been stopped due to a few issues. The most significant was the fact that the two potential platforms that were viable did not properly support linking to many of the existing images and documents nor adding new resources, specifically anything that isn’t an image (i.e. PDF, word files, etc.). IMHO those are very valuable resources I did not want to loose that info from the past and into the future. While both options that I have considered have made many advancements in the past few years to limit the loss of data, they still aren’t 100%.

I have come to the unfortunate conclusion that it won’t be a perfect migration to a new platform, so I’m pressing ahead and will just select the option that will be good enough. Once the test migrations to these two test platforms is complete, I will solicit some input from the membership to help determine which software to move to. I’ve almost completed the migration to one of the test sites, but I am still working with support on the other option to deal with some migration issues. I’m hoping to have the test sites up early next week, but some of the progress is out of my hands.
Anyways, I wanted to give everyone a quick update so you don’t thing this issue is being ignored and a path forward is being rigorously being worked on.

Fred

Curious what forum platform you're thinking of migrating to Fred. I was really surprised to see this site is still on vB 3.8. I imagine the server OS is likely very old too, in order to still be able to run this version of vB. Which means there are multiple security issues beyond just the forum software.

I just joined to start doing more research on a Touareg TDI purchase we're considering here soon. I also happen to own and operate a couple forums that used to run on vB long ago. They now run on Xenforo.

Password hacked

AntonLargiader

Veteran Member

Danielg42

Veteran Member

AntonLargiader

Veteran Member

lousyg

Member

EECSentric

Veteran Member

VW Derf

Administrator

tvmaster

Veteran Member

tvmaster

Veteran Member

pedroYUL

Veteran Member

40X40

Experienced

IndigoBlueWagon

TDIClub Enthusiast, Principal IDParts, Vendor , w/

tomo366

TDI Lifer, Member #68

VW Derf

Administrator

BobnOH

not-a-mechanic

Ludachris

New member