FYI: Planet Calypso forum Data Breach

Status
Got the 7 day as well. Kinda lame if we have to change it once a week

Yep. This is crap. This is overkill.
There is no need for it.
Please fix remove this "feature" asap.

(Why not use password rules, such as minimum length, need for a capital letter and or a special character? Making one change a password every seven days just encourages laziness and therefore weak security.

You get it?
Password123
Password321
Password456
Password789
etc
etc).
 
Last edited:
Yep. This is crap. This is overkill.
There is no need for it.
Please fix remove this "feature" asap.

(Why not use password rules, such as minimum length, need for a capital letter and or a special character? Making one change a password every seven days just encourages laziness and therefore weak security.

You get it?
Password123
Password321
Password456
Password789
etc
etc).

And after all that I had to reset. It gave me 5 attempts and failed even though I did it all correctly. Seems PCF is having a fit???
 
I got the 7 days too...

I'll change forum if this happens every week :laugh:
 
given how long it took to implement this change, given the overkill response (7 days really ??) now they have reacted.. what scares me, is what will happen if folk don't log in for a few weeks and therefore don't change password, will the account be locked, or just sit and wait patiently for an update.
Why on earth has PCF given itself such a huge overhead in changing every password, every week.

How about player can set frequency (1 week, 2 weeks, 30 days, upto max 3 months) we can then all handle our own choices , spread the load for changes, reduce the amount of data changed per day/week, yet still fit the industry norms for password security.
 
nice thing the site was upgraded to use https
but 7 days is rediculous, please change it to once per year or something...
 
Lol 711, I think too much security can be a bad thing too.

Had to change my password again. I'm giving you the benefit of the doubt and suspect you just forgot to remove the auto-block all users after 7 days and make them change their passwords, repeat every 7 days, until forever feature.

I do agree the passwords should be changed every year or maybe even every 6 months though.
 
Password expiration is a dying and outdated model. What is the point of daily, weekly, monthly when once breached damage is done within minutes.

What really matters is strength of password, as mentioned in an earlier post (password length, use of caps, special chars etc) and the system refusing any change too similar to previous password

and most important, 1 password, 1 point of access, DONT use same password for game and forum, or multiple forums
 
( deleted )
 
Last edited:
When I got the message to reset password I thought it was too much and decided not to reset my password instead I logged out to browse the forum. This is nice while it allows you to browse but a problem because then finding the page to reset password is hard to find. Also when you do have that page you can't log in because password is too old so you can't log in to reset password.

In short if you don't reset password when first given the chance you'll have problems.


Also this password reset every 7 days is ridiculous please change this as soon as possible.
 
The password expiration was a measure taken temporarily to ensure that as many members as possible would change their passwords. It was not supposed to require a second password change this soon, not sure why it triggered again today for some of you. Sorry for the inconvenience.

In any case, I have changed the setting so that passwords will need to be changed approximately once every seven months.
 
I apologize for having jumped to conclusions.
 
tbh, regarding my enquiry, i have received an answer from the austrian dataprotection agency some time ago already...

it wasn't really what i expected, but in some sort it was very enlightening.

i'm still amazed how freaking poor you guys handle this issue, even though we got GDPR as applicable law in the european union for quite some time already.

in no way i wanna threat, but if i don't receive an email notification regarding the breach quite fucking soon, then i can't guarantee for anything anymore, and maybe i'll file the complaint myself.

why you ask? because you simply can't tell that EU is quite a profitable product, while ignoring current law and your community, when it's about the security of our accounts. both emails and IP-addresses are personal and therefor protected data, in case your lawyers forgot to mention!

72 hours, from now on, as it should have been. sorry to bother! :silly2:
 
PlanetCalypsoForum.com Privacy Policy
Published on 09-22-2010 12:56 Number of Views: 31485
PlanetCalypsoForum.com Privacy Policy

2018-05-25

General
MindArk PE Aktiebolag (publ) (”we” or “MindArk” or "PlanetCalypsoForum.com") cares about your privacy. Therefore, we always strive to protect your personal data in the best possible way and to comply with all applicable laws and regulations for the protection of personal data. In this policy, we want to inform you about how we collect and process your personal data.

thats what you state ... but is it factual true too?
 
reported my own post, just to make sure. hopp hopp! :laugh:
 
For those living outside of EU the GDPR is a toothless tiger.
Yes its original proposal had lots of Roar! But a lot of change$ before it was pa$$ed into law. (cough)

Now all the websites are like its 1990's again and put up a idiotic warning to stupidly state they use cookies so you must accept them or no access! Go ahead, name 12 websites designed after 2010 that didn't use cookies! Yes I exaggerate about 12 websites........... but not by much.
So the GDPR as passed into EU law is actually good for business.
And the plebs must learn to still protect their own data before handing it out.

Plenty of articles that dive deeper into GDPR, what it is, and what it is not, and what it'll cost to use it.
https://medium.com/@fabien.ungerer/gdpr-feels-useless-b4bb70e89dd6
 
My Bitdefender just gave me an alert and blocked this from EU client...
Suspicious web page detected
now

Feature:
Online Threat Prevention

The page http://webhost.euso.com/ip has been detected with suspicious activity. It is not recommended to continue browsing this website.
Accessed by: Entropia.exe
 
interesting :D

Domain Name: euso.com
Registry Domain ID: 49343264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.domaininfo.com
Registrar URL: ports.domains
Updated Date: 2019-12-12T23:15:32Z
Creation Date: 2000-12-19T11:46:04Z
Registrar Registration Expiration Date: 2020-12-19T11:46:04Z
Registrar: PortsGroup AB
Registrar IANA ID: 73
Registrar Abuse Contact Email: email@portsgroup.se
Registrar Abuse Contact Phone: +46.317202000
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: EU Support & Operations AB
Registrant State/Province:
Registrant Country: SE
Name Server: NS1.MINDARK.COM
Name Server: NS2.MINDARK.COM
Name Server: NS3.MINDARK.COM
Name Server: NS4.MINDARK.COM
DNSSEC: unsigned

very suspicious i'd say!
 
btw i have received an email yesterday again telling me my old PCF password in plaintext, and that they've seen me fap through the webcam i don't have, asking for a bitcoin "donation" to keep it a secret...

let's talk about security! :laugh:
 
Status
Back
Top