Horizons Unlimited - The HUBB

Horizons Unlimited - The HUBB (https://www.horizonsunlimited.com/hubb/)
-   Website Feedback (https://www.horizonsunlimited.com/hubb/website-feedback/)
-   -   Website not secure when login (https://www.horizonsunlimited.com/hubb/website-feedback/website-not-secure-when-login-94973)

PatOnTrip 9 May 2018 14:52
Website not secure when login
 
Hi Grant,

I got a new message on the top of my browser on the webpage where I login "Webpage not secure". It was not there before. I tried two devices and it is the same.

If everything is ok on your side then forget this message.

Patrick

Grant Johnson 9 May 2018 16:07
Hi
all is well, nothing to worry about. Same as ever. If we were asking for money on the login page it w be but we’re not.
At some point in the future we will secure it anyway, but it’s not easy.

Walkabout 5 Aug 2018 23:24
Password hacked
 
Quote:
Originally Posted by Grant Johnson (Post 583778)
Hi
all is well, nothing to worry about. Same as ever. If we were asking for money on the login page it w be but we’re not.
At some point in the future we will secure it anyway.
I can't agree and I have to report that my password for this site has been hacked in the recent past.

I can only assume that this is related in some manner to the thread about this URL not being as secure as it could be.


I am sure that the password was hacked because that same password was sent to me, using my email address, in the form of an attempt to blackmail me; that particular attempt has been passed to the UK police for their attention.


Naturally, I have just changed my password and I recommend that any others who haven't done this on a regular basis consider such action.


ps
I continue to receive the "site insecure" message when logging on.

Grant Johnson 6 Aug 2018 01:47
Quote:
Originally Posted by Walkabout (Post 587839)
I can't agree and I have to report that my password for this site has been hacked in the recent past.

I can only assume that this is related in some manner to the thread about this URL not being as secure as it could be.

I am sure that the password was hacked because that same password was sent to me, using my email address, in the form of an attempt to blackmail me; that particular attempt has been passed to the UK police for their attention.

Naturally, I have just changed my password and I recommend that any others who haven't done this on a regular basis consider such action.

ps
I continue to receive the "site insecure" message when logging on.
Walkabout, WE haven't been hacked, we're pretty confident on that. We're VERY careful!

What's happened is part of a much larger (many millions of people) scam recently going around, for details see: https://krebsonsecurity.com/2018/07/...ked-passwords/

I received SEVERAL of those emails myself, all showing VERY old passwords I no longer use, and NONE EVER used on HU.

Basically I think that what's happened here is that the password you use on HU is the same as one you've used elsewhere or multiple elsewhere's, and one of them has been hacked.

You can see some potential results where an account of yours has been hacked if you put in your email address here: https://haveibeenpwned.com/

Here's the basic text of the scam email:
"I’m aware that <substitute password formerly used by recipient here> is your password,”
reads the salutation. The rest is formulaic:
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search "how to buy bitcoin" in Google)."

And it goes on, telling you how to pay them. A scam, pure and simple.

So no I don't think they got it from us. I'd be inundated by them if it had - I have about 10 accounts on HU for testing purposes and I'd have received this on all of them. One of my warnings that something is amiss!

A basic password security FAQ:

Should you change your password? YES, on a regular basis, annually at least!
Is it okay to use the same password on multiple sites? NO! ONE of them is hacked and ALL your accounts are wide open.
What sort of password is good? AT LEAST 16 characters made up of upper and lower case characters AND numbers AND symbols!

How do I remember hundreds of passwords? There are several excellent Password Managers out there, I STRONGLY recommend using one. We use Roboform, which works on my phone and on my PC and will also work on tablets, Mac and PC just fine. Lastpass is another excellent one.

Chrome will continue to give "Not secure" warnings logging into the HUBB for a while. NOTE that there is NO CHANGE on our end, it's the same level of security it's always been, it's just google using their might to force website owners to upgrade to https protocol, which we think is good, but a little drastic in the technique. IF we took credit cards, we'd be much more concerned and would have done it years ago. ALL we have is an email address and a password that SHOULD only be used on HU.

You can login securely on HU at https://new.horizonsunlimited.com/ and continue from there if you like. You will NOT receive the site insecure message starting from there.

Hope that makes sense!


All times are GMT +1. The time now is 16:38.


vB.Sponsors