Quantcast

Jump to content

» «
Photo

PSA: recommended you change password for GTAForums and others

9 replies to this topic
kringled
  • kringled

    Thug

  • Members
  • Joined: 20 Aug 2015
  • United-States

#1

Posted 24 February 2017 - 01:01 PM

All: There was recently an incident which may have compromised passwords from multiple sites and applications:

 

https://blog.cloudfl...are-parser-bug/

 

Here is an incomplete list of sites being used, which includes this one:

https://github.com/p...sing-cloudflare

Discord is also apparently affected.

 

Mods: Please feel free to move this to someplace more appropriate if it will be seen.

  • Android likes this

Daedalheidis
  • Daedalheidis

    Dope as sour beef

  • Members
  • Joined: 24 Oct 2016
  • United-States

#2

Posted 24 February 2017 - 01:09 PM

I should stop using that password.


Darth Absentis
  • Darth Absentis

    RIP PS3 copy !

  • Members
  • Joined: 09 Aug 2014
  • Belgium

#3

Posted 24 February 2017 - 01:34 PM

So....time to change the password ?


sivispacem
  • sivispacem

    Jo Näkyvi Pohjan Portit

  • Moderator
  • Joined: 14 Feb 2011
  • European-Union
  • Contribution Award [D&D, General Chat]
    Most Knowledgeable [Vehicles] 2013
    Best Debater 2016, 2015, 2014, 2013, 2012, 2011

#4

Posted 24 February 2017 - 02:11 PM

All

I raised this in the staff forum this morning.

The risk of information leakage is very low, though there have been a few examples of sensitive data being cached by Google and other services these appear to be the exception rather than the norm.

However for the sake of safety I would recommend people log out of any current sessions involving potentially affected services- including GTAForums and Discord- deleted cookies and then logs back into generate a new authentication token. This will mitigate the most significant possible risk, which is that user sessions could be hijacked.

If you'd feel happier also resetting your password I wouldn't discourage it, but currently don't think it is necessary.

-

Myself and a few others have also noticed that providers such as Google have been resetting tokens for user accounts associated with services using CloudFlare. This is not a password reset, simply an expiring of an existing auth token and a forcing of users to log back in. The advice above mirrors what other providers appear to have been doing in response to this bug disclosure.

If anyone wants more information or to discuss anything they suspect may be related, feel free to post in this thread or send me a PM.
  • Spider-Vice, Nico, GTAKid667 and 6 others like this

PNutterSammich
  • PNutterSammich

    Soldier

  • Members
  • Joined: 04 Jan 2015
  • None

#5

Posted 24 February 2017 - 02:59 PM

I've had password reset requests and suggestions that I reset my password from Google, steam, PayPal and psn to name a few in the past 36 hours.

Sh*ts gettin real, yo.

Zombified Andy
  • Zombified Andy

    2 decades taking up space on Earth!

  • Members
  • Joined: 08 Feb 2015
  • Portugal

#6

Posted 24 February 2017 - 03:39 PM

For any services that allow so such as Google and Steam, I recommend activating login permissions (from a mobile app or SMS). Even if the password gets compromised, there's always an extra layer of security.

Gold-NBayse
  • Gold-NBayse

    A Busta

  • Members
  • Joined: 05 Jan 2014
  • Canada

#7

Posted 24 February 2017 - 04:19 PM

I was wondering is this in anyway related to my phone asking me to log back in with my google account?

sivispacem
  • sivispacem

    Jo Näkyvi Pohjan Portit

  • Moderator
  • Joined: 14 Feb 2011
  • European-Union
  • Contribution Award [D&D, General Chat]
    Most Knowledgeable [Vehicles] 2013
    Best Debater 2016, 2015, 2014, 2013, 2012, 2011

#8

Posted 24 February 2017 - 06:54 PM

I was wondering is this in anyway related to my phone asking me to log back in with my google account?

Yes, it's likely related, but most probably not to the forum. Google expired the session tokens of numerous people including myself who use more prominent CloudFlare services.
  • Gold-NBayse likes this

blaze
  • blaze

    Big Homie

  • The Yardies
  • Joined: 04 Feb 2010
  • Macau
  • Super Special Gold Star 2006
    Draw Contest Booby Prize 2016
    Campaign Poster Booby Prize 2016
    Doggo-Chop Winner 2016

#9

Posted 25 February 2017 - 04:08 PM

GTAF 2FA when


Kirsty
  • Kirsty

  • Administrator
  • Joined: 05 Mar 2011
  • United-Kingdom
  • Best Administrator 2016
    Best Administrator 2015
    Best Moderator 2014
    Most Respected 2014
    Most Helpful 2014
    Best Moderator 2013
    Most Helpful 2013

#10

Posted 03 March 2017 - 09:35 AM

From Tank to ensure everyone is aware:
 

I can confirm that - according to CloudFlare - we were not affected by this issue.

  • RedDagger, Darth Absentis, EvolvedWalker and 4 others like this




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users