FYI: Planet Calypso forum Data Breach

Status
Not open for further replies.

TSCRYPTO

Stalker
Joined
Nov 28, 2005
Posts
1,593
Location
A stone's throw away from Antarctica
Society
Shaolin
Avatar Name
TS TSEC CRYPTO
Got the 7 day as well. Kinda lame if we have to change it once a week
Yep. This is crap. This is overkill.
There is no need for it.
Please fix remove this "feature" asap.

(Why not use password rules, such as minimum length, need for a capital letter and or a special character? Making one change a password every seven days just encourages laziness and therefore weak security.

You get it?
Password123
Password321
Password456
Password789
etc
etc).
 
Last edited:

K_rupT

Prowler
Joined
Apr 2, 2008
Posts
1,071
Location
Eudoria
Avatar Name
KrupT KrupT RaveR
Yep. This is crap. This is overkill.
There is no need for it.
Please fix remove this "feature" asap.

(Why not use password rules, such as minimum length, need for a capital letter and or a special character? Making one change a password every seven days just encourages laziness and therefore weak security.

You get it?
Password123
Password321
Password456
Password789
etc
etc).
And after all that I had to reset. It gave me 5 attempts and failed even though I did it all correctly. Seems PCF is having a fit???
 

Killahbee

Elite
Joined
Aug 30, 2005
Posts
4,873
Location
The Netherlands
Society
Silly Underground Family
Avatar Name
Killahbee Killer Bee Killahbee
I got the 7 days too...

I'll change forum if this happens every week :laugh:
 

Granny Rowan

Alpha
Joined
Mar 28, 2011
Posts
556
Location
England
Society
Natural Born Killers
Avatar Name
Granny Rowan Render
given how long it took to implement this change, given the overkill response (7 days really ??) now they have reacted.. what scares me, is what will happen if folk don't log in for a few weeks and therefore don't change password, will the account be locked, or just sit and wait patiently for an update.
Why on earth has PCF given itself such a huge overhead in changing every password, every week.

How about player can set frequency (1 week, 2 weeks, 30 days, upto max 3 months) we can then all handle our own choices , spread the load for changes, reduce the amount of data changed per day/week, yet still fit the industry norms for password security.
 

girtsn

Marauder
Joined
Dec 7, 2005
Posts
7,449
Location
Belgium
Society
YippikayeeMF
Avatar Name
Girts Smilgs Niedra
nice thing the site was upgraded to use https
but 7 days is rediculous, please change it to once per year or something...
 

Sub-Zero

Elite
Joined
Aug 7, 2007
Posts
3,084
Location
Sweden
Society
Guess Who
Avatar Name
Sub-Zero The Killer
Lol 711, I think too much security can be a bad thing too.

Had to change my password again. I'm giving you the benefit of the doubt and suspect you just forgot to remove the auto-block all users after 7 days and make them change their passwords, repeat every 7 days, until forever feature.

I do agree the passwords should be changed every year or maybe even every 6 months though.
 

Granny Rowan

Alpha
Joined
Mar 28, 2011
Posts
556
Location
England
Society
Natural Born Killers
Avatar Name
Granny Rowan Render
Password expiration is a dying and outdated model. What is the point of daily, weekly, monthly when once breached damage is done within minutes.

What really matters is strength of password, as mentioned in an earlier post (password length, use of caps, special chars etc) and the system refusing any change too similar to previous password

and most important, 1 password, 1 point of access, DONT use same password for game and forum, or multiple forums
 

San

Stalker
Joined
Aug 5, 2007
Posts
2,497
Location
That freaking cold place (in RL)
Society
OldTimers
Avatar Name
Sandal San Tolk
( deleted )
 
Last edited:
Joined
May 20, 2007
Posts
9,349
Location
England
Society
Guess Who
Avatar Name
George Ace Skywalker
When I got the message to reset password I thought it was too much and decided not to reset my password instead I logged out to browse the forum. This is nice while it allows you to browse but a problem because then finding the page to reset password is hard to find. Also when you do have that page you can't log in because password is too old so you can't log in to reset password.

In short if you don't reset password when first given the chance you'll have problems.


Also this password reset every 7 days is ridiculous please change this as soon as possible.
 

711

Site Admin
Admin
Joined
Aug 31, 2006
Posts
5,283
The password expiration was a measure taken temporarily to ensure that as many members as possible would change their passwords. It was not supposed to require a second password change this soon, not sure why it triggered again today for some of you. Sorry for the inconvenience.

In any case, I have changed the setting so that passwords will need to be changed approximately once every seven months.
 

San

Stalker
Joined
Aug 5, 2007
Posts
2,497
Location
That freaking cold place (in RL)
Society
OldTimers
Avatar Name
Sandal San Tolk
I apologize for having jumped to conclusions.
 

TSCRYPTO

Stalker
Joined
Nov 28, 2005
Posts
1,593
Location
A stone's throw away from Antarctica
Society
Shaolin
Avatar Name
TS TSEC CRYPTO
All is now well

:)
 

theProphet

Prowler
Joined
Mar 8, 2006
Posts
1,292
Location
Austria / Vienna
Society
Calypso Rescue Team
Avatar Name
Prophet the Prophet from Planet Zen
tbh, regarding my enquiry, i have received an answer from the austrian dataprotection agency some time ago already...

it wasn't really what i expected, but in some sort it was very enlightening.

i'm still amazed how freaking poor you guys handle this issue, even though we got GDPR as applicable law in the european union for quite some time already.

in no way i wanna threat, but if i don't receive an email notification regarding the breach quite fucking soon, then i can't guarantee for anything anymore, and maybe i'll file the complaint myself.

why you ask? because you simply can't tell that EU is quite a profitable product, while ignoring current law and your community, when it's about the security of our accounts. both emails and IP-addresses are personal and therefor protected data, in case your lawyers forgot to mention!

72 hours, from now on, as it should have been. sorry to bother! :silly2:
 

theProphet

Prowler
Joined
Mar 8, 2006
Posts
1,292
Location
Austria / Vienna
Society
Calypso Rescue Team
Avatar Name
Prophet the Prophet from Planet Zen
PlanetCalypsoForum.com Privacy Policy
Published on 09-22-2010 12:56 Number of Views: 31485
PlanetCalypsoForum.com Privacy Policy

2018-05-25

General
MindArk PE Aktiebolag (publ) (”we” or “MindArk” or "PlanetCalypsoForum.com") cares about your privacy. Therefore, we always strive to protect your personal data in the best possible way and to comply with all applicable laws and regulations for the protection of personal data. In this policy, we want to inform you about how we collect and process your personal data.
thats what you state ... but is it factual true too?
 

theProphet

Prowler
Joined
Mar 8, 2006
Posts
1,292
Location
Austria / Vienna
Society
Calypso Rescue Team
Avatar Name
Prophet the Prophet from Planet Zen
reported my own post, just to make sure. hopp hopp! :laugh:
 

Max Hec

Dominant
Joined
Jun 25, 2016
Posts
360
Avatar Name
Max Hec Walker
For those living outside of EU the GDPR is a toothless tiger.
Yes its original proposal had lots of Roar! But a lot of change$ before it was pa$$ed into law. (cough)

Now all the websites are like its 1990's again and put up a idiotic warning to stupidly state they use cookies so you must accept them or no access! Go ahead, name 12 websites designed after 2010 that didn't use cookies! Yes I exaggerate about 12 websites........... but not by much.
So the GDPR as passed into EU law is actually good for business.
And the plebs must learn to still protect their own data before handing it out.

Plenty of articles that dive deeper into GDPR, what it is, and what it is not, and what it'll cost to use it.
https://medium.com/@fabien.ungerer/gdpr-feels-useless-b4bb70e89dd6
 

Sub-Zero

Elite
Joined
Aug 7, 2007
Posts
3,084
Location
Sweden
Society
Guess Who
Avatar Name
Sub-Zero The Killer
My Bitdefender just gave me an alert and blocked this from EU client...
Suspicious web page detected
now

Feature:
Online Threat Prevention

The page http://webhost.euso.com/ip has been detected with suspicious activity. It is not recommended to continue browsing this website.
Accessed by: Entropia.exe
 

theProphet

Prowler
Joined
Mar 8, 2006
Posts
1,292
Location
Austria / Vienna
Society
Calypso Rescue Team
Avatar Name
Prophet the Prophet from Planet Zen
interesting :D

Domain Name: euso.com
Registry Domain ID: 49343264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.domaininfo.com
Registrar URL: ports.domains
Updated Date: 2019-12-12T23:15:32Z
Creation Date: 2000-12-19T11:46:04Z
Registrar Registration Expiration Date: 2020-12-19T11:46:04Z
Registrar: PortsGroup AB
Registrar IANA ID: 73
Registrar Abuse Contact Email: email@portsgroup.se
Registrar Abuse Contact Phone: +46.317202000
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: EU Support & Operations AB
Registrant State/Province:
Registrant Country: SE
Name Server: NS1.MINDARK.COM
Name Server: NS2.MINDARK.COM
Name Server: NS3.MINDARK.COM
Name Server: NS4.MINDARK.COM
DNSSEC: unsigned

very suspicious i'd say!
 

theProphet

Prowler
Joined
Mar 8, 2006
Posts
1,292
Location
Austria / Vienna
Society
Calypso Rescue Team
Avatar Name
Prophet the Prophet from Planet Zen
btw i have received an email yesterday again telling me my old PCF password in plaintext, and that they've seen me fap through the webcam i don't have, asking for a bitcoin "donation" to keep it a secret...

let's talk about security! :laugh:
 
Status
Not open for further replies.
Top