So, as it would come to pass, Social Strata's server (one of them apparently) was rooted, I think the cause of which is still being investigated, but anyway, they got rooted. The only thing that was gotten a hold of was email addresses. So the users of Ars Technica's forums from that long ago started receiving phishing emails.
While it's important that the passwords were not compromised, the moral of this story is that companies and users need to check with cloud-based server provider's license agree to see what the retention clause is on the data, or at least make sure there is one. When you leave a service, you can't immediately assume that your data is leaving that service too.
Be careful out there. Below is a transcript of the forum post with a bit more detail. Supposedly, if you were affected, you would receive the following in an email as well.
This stresses the importance of good password control (don't use the same password for several different sites), and the importance of having a disposable email address that you can use to set up forum accounts, finally, good spam filters to catch that phishing if the unthinkable does actually happen.
You are receiving this message because you have a registered an Ars Technica account with this email address.
Our previous forum provider (Social Strata, formerly known as Groupee and Infopop) had a server hacked recently, and has advised us that private registration email addresses were harvested. These included email addresses for anyone who registered with Ars Technica while we were still using their services. In addition, the rooted server was used to send out at least one mass phishing attempt.
Although Groupee/Social Strata tells us that no password information of any kind was accessible from that server, we still recommend that you change your Ars Technica password (and any account on a third party site you use that password with) just to be safe.
We became aware of this issue this morning and are following up with Groupee/Social Strata to see if we can get more details and assurances on the scope of the compromise. We have also requested that they purge all Ars Technica data from their systems so future problems don't affect our users.
We apologize for any inconvenience this may have caused. If you would like to read further updates on this issue, please see the active announcement we have in our new forums:
Please contact us with any questions.
One of Social Strata/Groupee's servers got rooted and was used to both harvest private emails and send out spam. I'm trying to get clarification on what exact data was accessible from that server (since their report wasn't quite clear). They claim that passwords weren't stolen, just email addresses.
It seems that many users received phishing attempts to Ars only email addresses this morning. We're working on it and will update this post when we find something out.
We believe that our previous forum provider has some exploit that allows people to send messages to private email addresses through their servers. Every report we've seen has originated at one of their web front ends. If we are correct, your email addresses have not been compromised. It's obviously pretty bad to be getting phishing attempts forwarded through someone else, but not quite as bad as if an email DB had been jacked or something.
We have emails out to them. There's a chance we won't hear back for a couple of hours since they're on pacific time, but we're doing what we can.
[...] This post was mentioned on Twitter by JoelEsler, Christopher Clark, Roer.com - the Blog!, Avnet SolutionsPath™, Niels Groeneveld and others. Niels Groeneveld said: RT @JoelEsler: #SocialStrata hacked, #ArsTechnica users being spammed http://bit.ly/9wrqdF #cybersecurity #hacking #infosec #spam [...]
Post a Comment