Rev Customer Databased Hacked?

classic Classic list List threaded Threaded
39 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Rev Customer Databased Hacked?

Gregory Lypny
Hello everyone,

Have any of you received this message from Heather?  Implications?

Gregory


> Dear Gregory Lypny,
>
> I need to inform you that over the weekend we experienced an attack on our customer database. Although we caught this very quickly I regret that some information may have been compromised. A small number of accounts were affected, unfortunately yours was one of them.
>
> The information concerned includes your name, email address, on-rev username and the server you are hosted on. It does not include your password, or any postal address or billing information. This information alone does not represent a security risk. However, if you have any concerns at all that your password for your on-rev account is not secure, you should change it immediately. cPanel offers a secure password generator that includes numbers and punctuation in a random string, we strongly advise you use this service.
>
> We deeply regret this breach of our security procedures.  We felt it important to inform you of it as quickly as possible as a precautionary measure.
>
> We have already traced and fixed the exploit that made this possible and can assure you that the same error will not happen again in the future.
>
>
> Regards,
>
> Heather Nagey
> Customer Services Manager
> http://www.runrev.com/
> LiveCode - Realize fast, compile-free coding
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

André Rombauts-2
I did too...

Le 11 juil. 2011 à 15:34, Gregory Lypny a écrit :

> Hello everyone,
>
> Have any of you received this message from Heather?  Implications?
>
> Gregory
>
>
>> Dear Gregory Lypny,
>>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

René Micout
In reply to this post by Gregory Lypny
Yes, I changed my password... in case...

Le 11 juil. 2011 à 15:34, Gregory Lypny a écrit :

> Hello everyone,
>
> Have any of you received this message from Heather?  Implications?
>
> Gregory
>
>
>> Dear Gregory Lypny,
>>
>> I need to inform you that over the weekend we experienced an attack on our customer database. Although we caught this very quickly I regret that some information may have been compromised. A small number of accounts were affected, unfortunately yours was one of them.
>>
>> The information concerned includes your name, email address, on-rev username and the server you are hosted on. It does not include your password, or any postal address or billing information. This information alone does not represent a security risk. However, if you have any concerns at all that your password for your on-rev account is not secure, you should change it immediately. cPanel offers a secure password generator that includes numbers and punctuation in a random string, we strongly advise you use this service.
>>
>> We deeply regret this breach of our security procedures.  We felt it important to inform you of it as quickly as possible as a precautionary measure.
>>
>> We have already traced and fixed the exploit that made this possible and can assure you that the same error will not happen again in the future.
>>
>>
>> Regards,
>>
>> Heather Nagey
>> Customer Services Manager
>> http://www.runrev.com/
>> LiveCode - Realize fast, compile-free coding
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Mike Kerner
Not yet I haven't, which is curious to me.


--
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Michael Kann
Mike,
Not everyone's data got hacked.
Mike

--- On Mon, 7/11/11, Mike Kerner <[hidden email]> wrote:

From: Mike Kerner <[hidden email]>
Subject: Re: Rev Customer Databased Hacked?
To: "How to use LiveCode" <[hidden email]>
Date: Monday, July 11, 2011, 9:08 AM

Not yet I haven't, which is curious to me.


--
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Mike Kerner
So that doesn't strike you as curious, Mike?  Think about it.  It doesn't
make you wonder what the structure is if some customers have their records
compromised but others do not?


--
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Michael Kann
Mike,
You make a good point. I bought the lifetime membership so perhaps my info is in a different pile than yours. I was more concerned that any data was obtainable from the outside at all.
Mike

--- On Mon, 7/11/11, Mike Kerner <[hidden email]> wrote:

From: Mike Kerner <[hidden email]>
Subject: Re: Rev Customer Databased Hacked?
To: "How to use LiveCode" <[hidden email]>
Date: Monday, July 11, 2011, 9:44 AM

So that doesn't strike you as curious, Mike?  Think about it.  It doesn't
make you wonder what the structure is if some customers have their records
compromised but others do not?


--
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Richmond Mathewson-2
In reply to this post by Mike Kerner
On 07/11/2011 05:44 PM, Mike Kerner wrote:
> So that doesn't strike you as curious, Mike?  Think about it.  It doesn't
> make you wonder what the structure is if some customers have their records
> compromised but others do not?
>
>
I wonder if RunRev don't have 2 databases (say, an older one with
longer-term customers, and a newer one with newer customers), and 1 got
hacked ???

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Nonsanity-2
In reply to this post by Mike Kerner
I think it's more likely that someone found a way to query user information
from the database, and started doing so, probably with some automation. The
culprit was noticed by the unusual activity before they hit on every record
in the DB.

It's highly unlikely that someone managed to just download the whole DB.

 ~ Chris Innanen
 ~ Nonsanity


On Mon, Jul 11, 2011 at 10:44 AM, Mike Kerner <[hidden email]>wrote:

> So that doesn't strike you as curious, Mike?  Think about it.  It doesn't
> make you wonder what the structure is if some customers have their records
> compromised but others do not?
>
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Trevor DeVore
In reply to this post by Mike Kerner
On Mon, Jul 11, 2011 at 10:44 AM, Mike Kerner <[hidden email]>wrote:

> So that doesn't strike you as curious, Mike?  Think about it.  It doesn't
> make you wonder what the structure is if some customers have their records
> compromised but others do not?


The original poster did not include the subject of the email that RunRev
sent out.

"Important information about your on-Rev hosting account"

Only user information for on-Rev accounts was obtained.

--
Trevor DeVore
Blue Mango Learning Systems

LiveCode Resources for Developers: http://livecode.bluemangolearning.com
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Jeffrey Massung
In reply to this post by Gregory Lypny
I would just like to say that I haven't been an On-Rev customer for over a
year now, and I want to thank the Rev team for still including me in this
email (so, yes, I got one, too).

Jeff M.
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Jim Ault
In reply to this post by Trevor DeVore
and now my password is 127.5 characters long...
OK, I am not that paranoid, but I did make a change for On-Rev
(and the On-Rev forums just in case, even though it is a separate  
entity.  No need to have spam hit that server require the moderators  
to do extra work.)

Jim Ault
Las Vegas

On Jul 11, 2011, at 8:28 AM, Trevor DeVore wrote:

> On Mon, Jul 11, 2011 at 10:44 AM, Mike Kerner <[hidden email]
> >wrote:
>> So that doesn't strike you as curious, Mike?  Think about it.  It  
>> doesn't
>> make you wonder what the structure is if some customers have their  
>> records
>> compromised but others do not?
>
> The original poster did not include the subject of the email that  
> RunRev
> sent out.
> "Important information about your on-Rev hosting account"
> Only user information for on-Rev accounts was obtained.
>





_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Richard Gaskin
In reply to this post by Michael Kann
Michael Kann wrote:

 > I was more concerned that any data was obtainable from the outside
 > at all.

A concern, but not a surprise, given the range of software components
that comprise modern web apps.  I think it speaks well of the RunRev
that passwords weren't compromised.

Oddly enough I was writing this morning's post to the LiveCode Journal
blog about security when this thread showed up here.  The post includes
a couple helpful links, the best one being to a recent report of the 25
Most Dangerous Software Errors:

<http://livecodejournal.com/blog.irv?pid=1310397018.990871>

--
  Richard Gaskin
  Fourth World
  LiveCode training and consulting: http://www.fourthworld.com
  Webzine for LiveCode developers: http://www.LiveCodeJournal.com
  LiveCode Journal blog: http://LiveCodejournal.com/blog.irv

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Chipp Walters
In reply to this post by Gregory Lypny
FYI,

I sent an email back to Heather telling her if she receives any request
about my account coming from someone claiming to be me, please do not hit
the "reply" button, but rather email me directly with requested data. I also
mentioned she might want to ask me a personal question only she and I know
the answer to.
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

J. Landman Gay
In reply to this post by Mike Kerner
On 7/11/11 9:44 AM, Mike Kerner wrote:
> So that doesn't strike you as curious, Mike?  Think about it.  It doesn't
> make you wonder what the structure is if some customers have their records
> compromised but others do not?

It may be significant that not all accounts are on the same server.

--
Jacqueline Landman Gay         |     [hidden email]
HyperActive Software           |     http://www.hyperactivesw.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

slylabs13
In reply to this post by Gregory Lypny
I have received it. It's probably legit. I don't see any links to a site to authenticate, so what would anyone gain by telling you to change your password?

Bob


On Jul 11, 2011, at 6:34 AM, Gregory Lypny wrote:

> Hello everyone,
>
> Have any of you received this message from Heather?  Implications?
>
> Gregory
>
>
>> Dear Gregory Lypny,
>>
>> I need to inform you that over the weekend we experienced an attack on our customer database. Although we caught this very quickly I regret that some information may have been compromised. A small number of accounts were affected, unfortunately yours was one of them.
>>
>> The information concerned includes your name, email address, on-rev username and the server you are hosted on. It does not include your password, or any postal address or billing information. This information alone does not represent a security risk. However, if you have any concerns at all that your password for your on-rev account is not secure, you should change it immediately. cPanel offers a secure password generator that includes numbers and punctuation in a random string, we strongly advise you use this service.
>>
>> We deeply regret this breach of our security procedures.  We felt it important to inform you of it as quickly as possible as a precautionary measure.
>>
>> We have already traced and fixed the exploit that made this possible and can assure you that the same error will not happen again in the future.
>>
>>
>> Regards,
>>
>> Heather Nagey
>> Customer Services Manager
>> http://www.runrev.com/
>> LiveCode - Realize fast, compile-free coding
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Marian Petrides, MD
I am an On-Rev lifetime subscriber but don't recall getting this message.  So it must be something else, I guess.

On Jul 11, 2011, at 11:25 AM, Bob Sneidar wrote:

> I have received it. It's probably legit. I don't see any links to a site to authenticate, so what would anyone gain by telling you to change your password?
>
> Bob
>
>
> On Jul 11, 2011, at 6:34 AM, Gregory Lypny wrote:
>
>> Hello everyone,
>>
>> Have any of you received this message from Heather?  Implications?
>>
>> Gregory
>>
>>
>>> Dear Gregory Lypny,
>>>
>>> I need to inform you that over the weekend we experienced an attack on our customer database. Although we caught this very quickly I regret that some information may have been compromised. A small number of accounts were affected, unfortunately yours was one of them.
>>>
>>> The information concerned includes your name, email address, on-rev username and the server you are hosted on. It does not include your password, or any postal address or billing information. This information alone does not represent a security risk. However, if you have any concerns at all that your password for your on-rev account is not secure, you should change it immediately. cPanel offers a secure password generator that includes numbers and punctuation in a random string, we strongly advise you use this service.
>>>
>>> We deeply regret this breach of our security procedures.  We felt it important to inform you of it as quickly as possible as a precautionary measure.
>>>
>>> We have already traced and fixed the exploit that made this possible and can assure you that the same error will not happen again in the future.
>>>
>>>
>>> Regards,
>>>
>>> Heather Nagey
>>> Customer Services Manager
>>> http://www.runrev.com/
>>> LiveCode - Realize fast, compile-free coding
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Richmond Mathewson-2
I feel deprived, unloved and generally rejected because I didn't receive
the "Hacked" e-mail.

Har, har, har.

Bl**dy glad I didn't get it; but reading this thread it does have a
feling of
bruised egos who weere not included.

Now I remember a lecture on that psychological phemenon at Durham
years ago . . .  :)

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Andre Garzia-3
In reply to this post by Marian Petrides, MD
Folks,

I am speculating here but if the attacker just go some of the accounts then
it is possible that the attacker hacked into some of the on-rev servers but
not all of them, then, just the users on those machines were compromissed. I
did not change my password, I am still deciding if I will do it or not.

Again, if you have a need for utmost security, you should not be on shared
hosting, you need to me on your own box on co-location with security experts
on payroll. If you are on shared hosts, then, by default, you are subject to
such attacks.

Cheers
andre
PS: I have a lifetime on-rev account and am happy with it. I also have a VPS
(it is as good as I can pay) for more sensitive stuff and I have one or two
linodes.

On Mon, Jul 11, 2011 at 1:42 PM, Marian Petrides <[hidden email]>wrote:

> I am an On-Rev lifetime subscriber but don't recall getting this message.
>  So it must be something else, I guess.
>
> On Jul 11, 2011, at 11:25 AM, Bob Sneidar wrote:
>
> > I have received it. It's probably legit. I don't see any links to a site
> to authenticate, so what would anyone gain by telling you to change your
> password?
> >
> > Bob
> >
> >
> > On Jul 11, 2011, at 6:34 AM, Gregory Lypny wrote:
> >
> >> Hello everyone,
> >>
> >> Have any of you received this message from Heather?  Implications?
> >>
> >> Gregory
> >>
> >>
> >>> Dear Gregory Lypny,
> >>>
> >>> I need to inform you that over the weekend we experienced an attack on
> our customer database. Although we caught this very quickly I regret that
> some information may have been compromised. A small number of accounts were
> affected, unfortunately yours was one of them.
> >>>
> >>> The information concerned includes your name, email address, on-rev
> username and the server you are hosted on. It does not include your
> password, or any postal address or billing information. This information
> alone does not represent a security risk. However, if you have any concerns
> at all that your password for your on-rev account is not secure, you should
> change it immediately. cPanel offers a secure password generator that
> includes numbers and punctuation in a random string, we strongly advise you
> use this service.
> >>>
> >>> We deeply regret this breach of our security procedures.  We felt it
> important to inform you of it as quickly as possible as a precautionary
> measure.
> >>>
> >>> We have already traced and fixed the exploit that made this possible
> and can assure you that the same error will not happen again in the future.
> >>>
> >>>
> >>> Regards,
> >>>
> >>> Heather Nagey
> >>> Customer Services Manager
> >>> http://www.runrev.com/
> >>> LiveCode - Realize fast, compile-free coding
> >> _______________________________________________
> >> use-livecode mailing list
> >> [hidden email]
> >> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> >> http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> >
> > _______________________________________________
> > use-livecode mailing list
> > [hidden email]
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



--
http://www.andregarzia.com All We Do Is Code.
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Rev Customer Databased Hacked?

Marian Petrides, MD
In reply to this post by Richmond Mathewson-2
Not bruised egos, Richmond--at least not in my case.  Simply concern about whether I was one of the intended recipients of the email but did not receive it for sometime.  I would rather NOT change my password but will if I have to.

On Jul 11, 2011, at 11:50 AM, Richmond Mathewson wrote:

> I feel deprived, unloved and generally rejected because I didn't receive
> the "Hacked" e-mail.
>
> Har, har, har.
>
> Bl**dy glad I didn't get it; but reading this thread it does have a feling of
> bruised egos who weere not included.
>
> Now I remember a lecture on that psychological phemenon at Durham
> years ago . . .  :)
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
12