# Question about compromised emails



## areoplain (May 20, 2016)

Hey everybody. I created this account purely to ask this question, as I'm getting a little paranoid. So, on may 5th I changed my email settings to a new email address, and was wondering if the email I had set prior would be the one that was compromised or the new one? Sorry if this isn't the appropriate place to ask this, I'm just really frustrated right...  as I'm sure most of you all are too. Thanks.


----------



## Fallowfox (May 21, 2016)

I am uncertain. I would like an answer about email addresses too; is it necessary that we make new email accounts? I can't imagine the password to our email accounts is compromised (unless anybody was dim enough to use the same password for both their email and fur affinity accounts). 

What do the attackers aim to use this information for?


----------



## Shaun Dreclin (May 21, 2016)

Private information (your email address) is now public, or could be made public. That can be used for blackmail, harassment, or anything else. As for when exactly the info was accessed, we've got no clue right now. Any time between imagetragick and the site getting locked down is in question

On the security of your emails, unless you used the same or a similar password for your FA account and email account, you're fine. Change your password anyway if you're paranoid, you should be changing them at least yearly if not more often.


----------



## Capriney (May 21, 2016)

*I very highly suggest to anyone reading this that if you are the type that use the same email and passwords on every site you visit them to change your passwords immediately, preferably different passwords for different sites.*


----------



## Fordoxia (May 21, 2016)

Lucky for me that I use a _dedicated E-mail address_ for FA.

Having a ~100 character password is also useful in places that allow it.


----------



## Multoran (May 21, 2016)

For the tits of christ, 100 characters?  xD


----------



## Fordoxia (May 21, 2016)

Multoran said:


> For the tits of christ, 100 characters?  xD


All it takes as a memorable paragraph.

Seriously tho, it's only 12.


----------



## Vrghr (May 21, 2016)

Fallowfox said:


> What do the attackers aim to use this information for?



If the hackers have managed to decode any of the FA passwords, then the first idea would be to try to hack any email accounts using the same password, which is why everyone is recommending changing those if you used the same password in multiple places. 

Your email address can also be used as your login ID at a wide variety of sites; once again, be sure those passwords have been changed too! Also, some sites will send a notice if you try to log to those from a different machine, or fail to log in too many times. Be on the watch for those!

A very possible scenario is that the hackers will continue trying to attack the users of FA by "Spoofing" message traffic to other FA users from fake email senders obtained from the FA address list. Or they could just send "phishing" or other malevolent emails to furs on the FA address lists.

Folks are more inclined to open pictures or files from a friendly address they recognize, and those attachments could be any sort of malware, trojans, etc. Naturally, folks are normally careful about clicking on attachments, but it might be a good idea to be even more wary of those for a time. Especially it the mail comes unexpectedly from another FA user.  And make sure your email reader doesn't automatically display pictures and other attachments in the "View" pane, just by clicking on the message header. That's a good way to accidentally launch an attack on your machine!


----------



## Ricky (May 21, 2016)

I'm confused, here.

If you think your email account has been compromised, then change the password :\


----------



## Fallowfox (May 22, 2016)

Vrghr said:


> If the hackers have managed to decode any of the FA passwords, then the first idea would be to try to hack any email accounts using the same password, which is why everyone is recommending changing those if you used the same password in multiple places.
> 
> Your email address can also be used as your login ID at a wide variety of sites; once again, be sure those passwords have been changed too! Also, some sites will send a notice if you try to log to those from a different machine, or fail to log in too many times. Be on the watch for those!
> 
> ...



I don't use the same password in different places, so I gather this means I am fine.
What I don't understand is, if the attack was motivated by people who wanted to disseminate viruses, in order to make money by keylogging their bank details, why did they make their presence very obvious?

If they wanted to have a good chance of phishing, I would have expected them to keep their exploit secret, so that users didn't realise they may need to alter their passwords.

This leads me to suspect that the attackers only wanted the thrill of vandalism, which is difficult to understand, because I have difficulty seeing what the excitement is of temporarily forcing a group of furries offline. Maybe it would be something a 'yiff in hell furfag' 12 year old would do...but adults?


----------



## Iracuse (May 22, 2016)

YUp, basically you're going to have to change your password everywhere if you use the same one on FA. Thankfully my FA password is an old one I don't use anymore, but at the very least you should have a different password for everything you consider important. Especially a different one on FA, seeing as this place is hacked into more than brush in the jungle.


----------



## Elohiim_Koshiiri (May 22, 2016)

>2016

>Not having 6 fake E-mail addresses that get rotated every 3 days. 
>Not having a 256bit encrypt password randomizer 
>Not having 8 revolving IP addresses origionating from Iran, Gaza, Russia, Finland, Morocco, Jordan, Brazil and Vietnam. 
>Not frying your HD every night in the microwave before putting in a fresh new one on your PC.

ISHYDDT


----------



## Multoran (May 22, 2016)

Elohiim_Koshiiri said:


> >2016
> 
> >Not having 6 fake E-mail addresses that get rotated every 3 days.
> >Not having a 256bit encrypt password randomizer
> ...


?


----------



## Wither (May 22, 2016)

Multoran said:


> ?


It's a joke of some kind. I cant decipher it either, but it's best left alone.


----------



## Rainbowdragon (May 22, 2016)

It's a lucky thing the password for my e-mail address and fa is different than the passwords I use for every other website. Problem is I don't know how to change my e-mail address's password.


----------



## PhantomBull (May 22, 2016)

Fallowfox said:


> This leads me to suspect that the attackers only wanted the thrill of vandalism, which is difficult to understand, because I have difficulty seeing what the excitement is of temporarily forcing a group of furries offline.


Well, I can think also in an actual finding the USB drive at the convention and seeing some obvious bugs while looking at the code. I heard that some years ago lots of security issues with the code where reported that are still not fixed (I don't know if it's true) and all that happened here can be "only" some kind of protest to make sure that the security is taken into account from now on... Well, a bit extreme to be a protest, but it can be...


----------



## pedreo1997 (AskenLurom) (May 22, 2016)

In a way, I really hope this only to be, like PhantomBull said, *some kind of protest to make sure that the security is taken into account from now on...*

And I had a corporate email address on FA since Hotmail was a $%&# and suspended me the e-mail without reason (I have a Gmail, but FA was on my very ooooold Hotmail *cough* *2005* *cough*) and I changed it 2 months ago to the corporate e-mail because I forgot to change again to my new Gmail account (I had my Android with a Hotmail account... TaDa!! xD)

I really would like to know the real objective of this... It would be fine to hear something like one user did a couple years ago what hacked the system only for train Neer about an exploit the system had.

Resuming (?): I hope this to be a benevolent attack, not sorta of those _I only want to make your life hell
_
*And for those just saying what normally websites don't get attacked too often:*

*The SAIME database of venezuelan passports got attacked SEVEN TIMES this year.* Proposal of at least 4 of them: Sell fake Colombian passports with real Venezuelan passport numbers (at least that's what both Caracas and Bogota governments said). And if you want to know what SAIME is, check (don't worry, it's a short article): SAIME - Wikipedia, the free encyclopedia


----------

