Announcement

**AWS** · Tue 12 Feb '08, 4:43am

Been with vbulletin since the beginning and this is the first time a new password was issued. One wonders if the client database was compromised. This is what happened when my previous webhost system was compromised. Sent all users new passwords claiming it was best practice and new policy. Only later, after word got out, did they tell us that indeed the user database was compromised.

**xjuliox** · Tue 12 Feb '08, 5:12am

When i first saw the email i found it alittle suspicious!

**Floris** · Tue 12 Feb '08, 5:15am

Originally posted by xjuliox

When i first saw the email i found it alittle suspicious!

It's authentic

**Tailfeathers** · Tue 12 Feb '08, 5:15am

Originally posted by AWS

Been with vbulletin since the beginning and this is the first time a new password was issued. One wonders if the client database was compromised. This is what happened when my previous webhost system was compromised. Sent all users new passwords claiming it was best practice and new policy. Only later, after word got out, did they tell us that indeed the user database was compromised.

That's the first thing that came to my mind as well.

**simsim** · Tue 12 Feb '08, 5:20am

Originally posted by AWS

Been with vbulletin since the beginning and this is the first time a new password was issued. One wonders if the client database was compromised. This is what happened when my previous webhost system was compromised. Sent all users new passwords claiming it was best practice and new policy. Only later, after word got out, did they tell us that indeed the user database was compromised.

Ah.. that's a serious possibility, having in mind the recent server maintenance and site downtime! I really hope this is not the case, though.

**Dean C** · Tue 12 Feb '08, 5:22am

I think this is going to cause a lot of problems with people that have switched emails or bought a license and forgot to change the email etc.

**AWS** · Tue 12 Feb '08, 5:30am

SoftLayer just instituted a new user login policy. They let everyone know what the changes would be and when they would be implemented. This is how things like this should be done.

vBulletin decides to just change everyones password and send out an email to users. Many people have since changed email providers and might have forgot to update their account. Now it's a nightmare for both the user and Jelsoft.

This sure is a strange way to do business.

**accyroy** · Tue 12 Feb '08, 5:37am

Hmmmm... definately suspicous. Last week someone was offering me licenses for $40, turned out the licenses where not owned by them but other people who had not renewed for sometime. This user was able to supply me with customer number, customer password, email address and physical address. Vbulletin know about this but no explanation came at the time as to how these details where obtained. The person selling the licenses said he had a large supply of them!

**Freezerator** · Tue 12 Feb '08, 5:55am

An official statement would be in place here?

I think a lot of these problems could be resolved if they had sent out an e-mail giving a notice this will happen.. and then wait a time and do this like yearly?

**Dream** · Tue 12 Feb '08, 5:58am

I got one of those today, did they reset everyone's passwords?

**Floris** · Tue 12 Feb '08, 6:02am

Originally posted by Dream

I got one of those today, did they reset everyone's passwords?

Yes, all the customers.

About the recent password change on your vBulletin Members' Area account.

This step was taken as part of a general review of our security, privacy and anti-piracy operations. As a part of this review, a decision was made to more closely adhere to best practices in terms of password security, such as the use of good strong passwords with letters, numbers and punctuation.

Please accept our apologies for any inconvenience caused. As stated in the email, this change will have no effect on on your assigned "priority support" forum accounts, the passwords for which remain unchanged.

**simsim** · Tue 12 Feb '08, 6:17am

Originally posted by Floris

As a part of this review, a decision was made to more closely adhere to best practices in terms of password security, such as the use of good strong passwords with letters, numbers and punctuation.

Actually Floris, the new password of mine contains only letters, while the old one contained both letters and numbers! The new one is 8 characters long and so was the old! Not much of an improvement, to be honest.

**Floris** · Tue 12 Feb '08, 6:25am

Mine has upper and lower case characters. Letters and numbers, and other characters like }

**Boofo** · Tue 12 Feb '08, 6:27am

Originally posted by AWS

Been with vbulletin since the beginning and this is the first time a new password was issued. One wonders if the client database was compromised. This is what happened when my previous webhost system was compromised. Sent all users new passwords claiming it was best practice and new policy. Only later, after word got out, did they tell us that indeed the user database was compromised.

I'm sure I have gotten one of these before. I don't think the policy is that new. Or I have been with them longer, maybe.

**Yves R.** · Tue 12 Feb '08, 6:51am

Good thing to regenerate this password, more small too

PS: update your kernel too, there is a big security issue

Announcement

[pw change] Just received this email from vBulletin...

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment