Ok, I know many people her also have an account at X-PlaneDOTorg but maybe do not visit every day  so I would just like to let you know some if not all site credentials have been compromised. I would advise to change your password asap. If you use the same credentials elswhere change them also.

I saw the file myself it was in plain text x-plane.org/ps.txt. Of course this is no longer available and has been taken offline but of course you cannot be sure there were no copies.

I have no affiliation with x-planeDOTorg myself.

Admin / Moderator if this is not the correct forum please change it.

I think the site is down for maintenance at the moment.

Thanks

Glenn

 

Thanks for the info.

Pascal

My name is on the list, also recognised several Avsim members in it.

Change password as soon as you can

Mine wasn't present on the list, but I still changed my password. I'm not that concerned about my org account on its own, what really has me worried is the potential for a similar breach with the store. I already had my credit card info stolen once this month and repeating the experience wouldn't make me very happy. 

Avoid the site completely. Change your passwords elsewhere and not on x-plane.org, the site is still compromised by the sounds of it. Logging in is a mistake over there

Shocked the site is still up, it should be taken down ASAP

Wonderful thanks for the heads  up guys this hacking stuff is getting out of control.

Guys, just got an email from the X-plane.org....or at least looks like it.

 

The email advises there were 3 unsuccesful attempts to log into my account and that my account was suspended for security reasons. It also asks me to immediately change my password by clicking an embedded Change Password link.

Problem is, i was actually logged in to my account at the time and it was never suspended. the email is a scam.

If you need to change your password, do it directly in the Org website, do not follow any email links.

There is a list available that names the users who's account is compromised. Don't worry it only states the user name and not the password. I do not think it is safe yet to use the store.

From Reddit: Please read all the comments.

 

 

Where is this list of affected accounts?

On 20/10/2017 at 11:48 AM, torfih said:

Where is this list of affected accounts?

Does it matter? Best to change your password anyway - better to be safe than sorry.

I can't believe this happened (it did, most of us are on the list), and there's NO WORD either on the front page or an E-Mail - nothing. We have to rely on external sources on this issue, I suppose MOST users of the .org have no idea it happened at all, as they're not informed.

It should be shut down immediately.

6 hours ago, vortex681 said:

Does it matter? Best to change your password anyway - better to be safe than sorry.

Yes it does. I've changed my password already, did that as soon as I heard about this. 

Found the list on Reddit and my account is not on it.

The Reddit thread is not exactly a source of knowledge... unclear as to what has actually transpired here.

The lack of communication outwards from the org does not inspire a lot of confidence. However, in my notes I had given that site a unique and different patterned password anyhow. And since I only ever use paypal for that kind of store, there's no credit card data there.

The good thing that resulted was that I've been meaning for awhile now to give the really important sites I use a password change, and this just prompted me to do it.

Relevant xkcd comic: https://xkcd.com/936/

Password generator based on that comic: https://xkpasswd.net/s/

Haystack calculator: https://www.grc.com/haystack.htm

Safe != Hard to remember...

3 hours ago, Jimmy RFR said:

Relevant xkcd comic: https://xkcd.com/936/

Password generator based on that comic: https://xkpasswd.net/s/

I knew about the comic, but not the password generator, which is excellent, thanks !

Pascal