Glenn_C

Your x-plane.org credentials may have have been compromised

Recommended Posts

Ok, I know many people her also have an account at X-PlaneDOTorg but maybe do not visit every day  so I would just like to let you know some if not all site credentials have been compromised. I would advise to change your password asap. If you use the same credentials elswhere change them also.

I saw the file myself it was in plain text x-plane.org/ps.txt. Of course this is no longer available and has been taken offline but of course you cannot be sure there were no copies.

I have no affiliation with x-planeDOTorg myself.

Admin / Moderator if this is not the correct forum please change it.

I think the site is down for maintenance at the moment.

Thanks

Glenn

 

  • Upvote 1

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

My name is on the list, also recognised several Avsim members in it.

Change password as soon as you can

  • Upvote 1

Share this post


Link to post
Share on other sites

Mine wasn't present on the list, but I still changed my password. I'm not that concerned about my org account on its own, what really has me worried is the potential for a similar breach with the store. I already had my credit card info stolen once this month and repeating the experience wouldn't make me very happy. 

Share this post


Link to post
Share on other sites

Avoid the site completely. Change your passwords elsewhere and not on x-plane.org, the site is still compromised by the sounds of it. Logging in is a mistake over there

Shocked the site is still up, it should be taken down ASAP

  • Upvote 1

Share this post


Link to post
Share on other sites

Wonderful thanks for the heads  up guys this hacking stuff is getting out of control.

Share this post


Link to post
Share on other sites

Guys, just got an email from the X-plane.org....or at least looks like it.

 

The email advises there were 3 unsuccesful attempts to log into my account and that my account was suspended for security reasons. It also asks me to immediately change my password by clicking an embedded Change Password link.

Problem is, i was actually logged in to my account at the time and it was never suspended. the email is a scam.

If you need to change your password, do it directly in the Org website, do not follow any email links.

Share this post


Link to post
Share on other sites

There is a list available that names the users who's account is compromised. Don't worry it only states the user name and not the password. I do not think it is safe yet to use the store.

From Reddit: Please read all the comments.

 

 

Share this post


Link to post
Share on other sites
On 20/10/2017 at 11:48 AM, torfih said:

Where is this list of affected accounts?

Does it matter? Best to change your password anyway - better to be safe than sorry.

Share this post


Link to post
Share on other sites

I can't believe this happened (it did, most of us are on the list), and there's NO WORD either on the front page or an E-Mail - nothing. We have to rely on external sources on this issue, I suppose MOST users of the .org have no idea it happened at all, as they're not informed.

It should be shut down immediately.

  • Upvote 1

Share this post


Link to post
Share on other sites
6 hours ago, vortex681 said:

Does it matter? Best to change your password anyway - better to be safe than sorry.

Yes it does. I've changed my password already, did that as soon as I heard about this. 

Found the list on Reddit and my account is not on it.

Share this post


Link to post
Share on other sites

The Reddit thread is not exactly a source of knowledge... unclear as to what has actually transpired here.

The lack of communication outwards from the org does not inspire a lot of confidence. However, in my notes I had given that site a unique and different patterned password anyhow. And since I only ever use paypal for that kind of store, there's no credit card data there.

The good thing that resulted was that I've been meaning for awhile now to give the really important sites I use a password change, and this just prompted me to do it.

Relevant xkcd comic: https://xkcd.com/936/

Password generator based on that comic: https://xkpasswd.net/s/

Haystack calculator: https://www.grc.com/haystack.htm

Safe != Hard to remember...

  • Upvote 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now