September 5, 20196 yr From a post over on Reddit: https://reddit.com/r/flightsim/comments/d02e9j/potential_flight1_data_breach_change_your/ [MSI MPG X870E Carbon | 9800X3D (PBO +200Mhz / -20 Offset) | Corsair 64GB DDR5 (Custom Timings) | RTX 4090 Founders Edition (Undervolted) | WD SNX 850X 4TB + 4TB | Antec Flux Pro]
September 5, 20196 yr 2 minutes ago, Sethos said: From a post over on Reddit: https://reddit.com/r/flightsim/comments/d02e9j/potential_flight1_data_breach_change_your/ I hate when this sort of thing happens. If true, the first people we should have heard from should have been flight1. Of course, it seems that's never how it works. We are all connected..... To each other, biologically...... To the Earth, chemically...... To the rest of the Universe atomically. Devons rig Intel Core i5 13600K @ 5.1GHz / G.SKILL Trident Z5 RGB Series Ram 64GB / GIGABYTE GeForce RTX 4070 Ti GAMING OC 12G Graphics Card / Sound Blaster Z / Meta Quest 2 VR Headset / Klipsch® Promedia 2.1 Computer Speakers / ASUS ROG SWIFT PG279Q ‑ 27" IPS LED Monitor ‑ QHD / 1x Samsung SSD 850 EVO 500GB / 2x Samsung SSD 860 EVO 1TB / 1x Samsung - 970 EVO Plus 2TB NVMe / 1x Samsung 980 NVMe 1TB / 2 other regular hd's with up to 10 terabyte capacity / Windows 11 Pro 64-bit / Gigabyte Z790 Aorus Elite AX Motherboard LGA 1700 DDR5
September 5, 20196 yr How in the world isn't Flight1 addressing this at least directly with us via email ? Pretty bad netizenship on their part, whether this is true or not ... Enrique Vaamonde
September 5, 20196 yr Just changed my password at Flight1 and noticed my username had been changed as well. My MSFS 2020 repaints: Flightsim.to - Profile of HStreet Working on MSFS 2024 versions.
September 5, 20196 yr Commercial Member Hi, We got notice of this in our ticket system this morning and have been looking into it. Please note that plain passwords are not stored. Only 1-way advanced hashing of passwords are stored. We also do not save any useful card payment data (that is why you have to enter card data for each purchase). You likely do not need to change any passwords or other information (based on our preliminary examination today). If you have any more information which could be of help post us a ticket at our site. Usernames are still the same... we auto generated usernames when doing system upgrades and they will be rather generic. Thanks, Steve Halpern Flight One Software
September 5, 20196 yr Author Thank you for the update, Steve. On another note, has anyone noticed the amount of views on this thread? 177.000+ at the time of writing. Seems a tad... excessive? [MSI MPG X870E Carbon | 9800X3D (PBO +200Mhz / -20 Offset) | Corsair 64GB DDR5 (Custom Timings) | RTX 4090 Founders Edition (Undervolted) | WD SNX 850X 4TB + 4TB | Antec Flux Pro]
September 5, 20196 yr 2 hours ago, Sethos said: Thank you for the update, Steve. On another note, has anyone noticed the amount of views on this thread? 177.000+ at the time of writing. Seems a tad... excessive? Why wouldn't anyone who has purchased at Flight1 NOT look at this thread? My MSFS 2020 repaints: Flightsim.to - Profile of HStreet Working on MSFS 2024 versions.
September 5, 20196 yr Author 22 minutes ago, yurei said: Why wouldn't anyone who has purchased at Flight1 NOT look at this thread? Heh, I doubt almost a quarter of a million views in a few hours is just Flight1 customers popping by. Think that would qualify the thread as one of the highest view counts on Avsim. Just found it curious and I assume there's something wrong on Avsim's end, especially with all the errors and timeouts they've been having. Edited September 5, 20196 yr by Sethos [MSI MPG X870E Carbon | 9800X3D (PBO +200Mhz / -20 Offset) | Corsair 64GB DDR5 (Custom Timings) | RTX 4090 Founders Edition (Undervolted) | WD SNX 850X 4TB + 4TB | Antec Flux Pro]
September 5, 20196 yr There is something wrong. The only way I can get into the forum is to get in via my profile activity, ie click on my last post and then click on "Hangar Chat" at the top of the page. Chris Chris Dauth. Hervey Bay, Australia. YHBA Thermaltake Level 10 GT case , Gigabyte z370 Gaming 7 Motherboard, Intel i7 8700k 6 cores @ 5ghz, 32gb DDR4 ram @ 3000Mhz, Corsair H80i Liquid cooling, nVidia GTX 1070ti Foundation Edition 8Gb, Windows 10 Pro running on a 250gb Western Digital NVMe SSD, Prepar3D v4 Professional Plus 4.5.14.34698 running on a dedicated 1 tb Crucial MX500 SSD, + 4 mechanical 2Tb HDDs.
September 6, 20196 yr I received this by email Quote (Please do not reply to this email as this mailbox is not monitored) Important Information: Yesterday, September 5, 2019, Flight1 was notified that some of our customer data was found on the internet. We are posting what we have discovered. First, Flight1 is a data-minimum company. We do not store more data than what is required to provide our service and we do not use data for marketing purposes. We do not store credit card numbers with the exception of the last 4 digits so you can inquire about a sale. Credit card expiration dates and CCV verification numbers are NOT stored. Card processing data is passed directly to the processing gateway and is not retained in our database. All flight1.com account passwords are stored as secure 1-way hash codes using an advanced algorithm. Please see our terms of service page for more details on our data policies. What was discovered: An audit was completed and does not show any active exploit on our server or database. We have examined our server logs going back a full year. Discovered during the audit was a script (for viewing information on a product) where logs showed there were attempts to retrieve data using an automated bot. We believe this is where some data may have been leaked. Not all current accounts were affected and yours may not have been affected. That version of the script is no longer in use and has not been in use for months. In auditing the current version of the script no vulnerabilities were found (also verified in current logs). What you should do: Due to the strong 1-way hashing used we do not believe it is necessary for you to change your passwords, but you are welcome to do so. Flight1 recommends you always be vigilant on the Internet. Be aware of email phishing attempts. Flight1 NEVER sends unsolicited emails asking you to log in to our site, or ask for any payment information via email.. In Summary: Whether you have been a customer of ours for 20+ years or are a new customer, know that security is always at the top of our list and will remain so. Thank you for your support and please feel free to contact us.
Archived
This topic is now archived and is closed to further replies.