Search the Community

This is a law passed in 2014 in order to help protect members of web sites when those web sites experience data breaches. Read about it here: Senate Bill 1524 (2014) - The Florida Senate In part: This rule appears to fit the situation that TAZ recently experienced, data breaches, possible vulnerabilities, password hacking attempts, with not much information from TheAdminZone.com LLC. I'd like to keep this thread updated with facts about information that people DO KNOW about these hacking attempts, breaches, or whatever is going on at TAZ. As I understand it, there have been at least 3 known incidents of security breaches at TAZ. ------------------------------------ In one instance, late May 2015, a password reset was performed for all members on TheAdminZone.com. At the time, members were told that a staff member's account had been "hacked" by a member of the Vietnamese site, Brivium.com. The staff member had accounts on both TAZ and Brivium.com. At first, there was an explanation that the staff member's password between TAZ and Brivium were "similar, but not identical". I'm still curious as to why that information was needed, as even a "similar" password wouldn't gain a hacker an advantage to accessing the TAZ forum. Later, claims were made that the Brivium "hacker" somehow installed a keylogger on the staff member's PC, and the TAZ password was then lifted from this staff member's account. After much discussion, the majority of members came to the conclusion that the staff member had simply used the SAME password on both sites, which allowed somebody with access to the Brivium forum database to access the TAZ staff member's account. Once the "hacker" had access to the TAZ staff member's account, the "hacker" attempted to remove posts on TheAdminZone's forum that were critical of Brivium.com. As a result of this breach, the staff member had their password changed, and all members of TheAdminZone.com had their passwords reset. As far as I know, I don't think the staff member was identified, whether they still are a staff member, nor if it was found out if Brivium was the real perpetrator. There was also no evidence provided that anybody had installed a keylogger on the staff member's PC. ------------------------------------ In another more recent instance, on or before May 13th, 2016, server problems and unavailability were present, and then a full member password reset was performed. The explanation was thus: TAZ Security No further information was provided. The only thing evident from that description is that the mention of 2FA, and "small number of accounts" means that there was an attempt to overtake another staff member's account. Was the hacking attempt successful? What was stolen, if anything? Why the password reset? What is the update? Will Brivium be blamed again? As of today, the official answer to that question is that the administrator is still looking into it. On May 13th, prior to this announcement, it was discovered that old installations of TheAdminZone's forum software were still located on the server, and that addons developed by Brivium were installed on at least one of these installations. It was surmised that these Brivium addons may have been the reason for the password reset announced on May 16th, but no connection or information has been forthcoming identifying or explaining the 2 incidents. ------------------------------------ I thought there was another password reset incident, or something defined as a "hacking attempt", but I can't find it at the moment. I'll update the thread to fix my mispellings, and to try better grammar.