Tapatalk security breach?

Anything about use of this forum : NOT about cycling
TonyR
Posts: 5390
Joined: 31 Aug 2008, 12:51pm

Tapatalk security breach?

Postby TonyR » 14 Dec 2014, 10:04am

I've just received the email below. The links all check out to be to the Tapatalk site so it looks genuine but my password still works when it says it won't. Has anyone else received it and is it genuine or a phish that works by a means I haven't spotted?



Dear Tapatalk Forum Community,

Today we discovered that someone had used an exploit in a third party plugin on the Tapatalk support forums, leading to the disclosure of email addresses and encrypted passwords, and possibly passwords in cleartext if you attempted to login since December 9th.

Due to this incident, please log into http://www.tapatalk.com/v2 and change your password.

Please choose a strong password, containing a mix of upper and lower case letters, numbers and even symbols if possible.
Never use the same password on more than one site. Passwords should be unique to each site they access in order to comply with basic security best practices.
No other systems appear to have been affected and we will continue to perform audits. In the meantime our support forums will be brought back online but we will be rolling back the site approximately a week as a precaution. Posts and messages since that time will not be restored in this process.

Again, all passwords have been invalidated and will no longer work. Please reset your password using the reset password page and then following the instructions provided in the email.

We are sorry for this inconvenience and thank you for your patience,

The Tapatalk Team

Mark1978
Posts: 4912
Joined: 17 Jul 2012, 8:47am
Location: Chester-le-Street, County Durham

Re: Tapatalk security breach?

Postby Mark1978 » 14 Dec 2014, 11:15am

I have every reason to believe it's genuine. I got one too.

However it only relates to XenForo so nothing to do with this site.

Vorpal
Moderator
Posts: 18738
Joined: 19 Jan 2009, 3:34pm
Location: Not there ;)

Re: Tapatalk security breach?

Postby Vorpal » 14 Dec 2014, 11:21am

It doesn't have anything to do with this forum, but you should change your Tapatalk password.
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom

SteveHunter
Posts: 186
Joined: 24 Aug 2014, 10:02pm

Re: Tapatalk security breach?

Postby SteveHunter » 14 Dec 2014, 11:45am

It's your Tapatalk password you should change, not the password you have on this site which has not been compromised as Tapatalk don't hold it.

TonyR
Posts: 5390
Joined: 31 Aug 2008, 12:51pm

Re: Tapatalk security breach?

Postby TonyR » 14 Dec 2014, 12:49pm

So just wondering why it matters as all Tapatalk does is provide an interface for onwards logging onto this and other fora. The worst they could do is see the list of forums I'm signed up to. So is there any real problem with staying as is?

SteveHunter
Posts: 186
Joined: 24 Aug 2014, 10:02pm

Re: Tapatalk security breach?

Postby SteveHunter » 14 Dec 2014, 1:23pm

Tapatalk authenticates you to a forum using a token. If someone got your tapatalk password they could install tapatalk and log in as you, this would automatically re establish the tokenised connections you have with the forums you have registered in Tapatalk so could impersonate you on the forum, and have access to your PMs.

User avatar
Graham
Moderator
Posts: 6489
Joined: 14 Dec 2006, 8:48pm

Re: Tapatalk security breach?

Postby Graham » 14 Dec 2014, 5:10pm

How does the Tapatalk tokenised access get into the CTC Forum if it doesn't have access-to or knowledge-of ones CTC password ??

Tapatalk sounds like the Devil's work to me !!

Vorpal
Moderator
Posts: 18738
Joined: 19 Jan 2009, 3:34pm
Location: Not there ;)

Re: Tapatalk security breach?

Postby Vorpal » 14 Dec 2014, 6:00pm

The forum runs a Tapatalk plugin to allow Tapatalk users secure access. But Tapatalk passwords being compromised is like the Tapatalk forum users' passwords being compromised. Presumably anyone affected has gotten email, but people who don't check their email very often may have received a notice yet.

Note: edited for clarification
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom

User avatar
barrym
Posts: 633
Joined: 22 Jun 2012, 10:05am
Location: Corsham - North Wilts

Re: Tapatalk security breach?

Postby barrym » 14 Dec 2014, 7:31pm

Hmm, I'm a Tapatalk (Android) user on this and one other forum. I haven't had an email from them.
--
Cheers
Barry

Mark1978
Posts: 4912
Joined: 17 Jul 2012, 8:47am
Location: Chester-le-Street, County Durham

Re: Tapatalk security breach?

Postby Mark1978 » 14 Dec 2014, 7:37pm

There is some misunderstanding here I think.

Correct me if I'm wrong but this does NOT apply to this forum or any other forum using the Tapatalk App.

It only applies to the forum on the tapatalk website itself which forum owners tend to be a member of.

If you just use tapatalk to login to this forum you have no issue.

User avatar
barrym
Posts: 633
Joined: 22 Jun 2012, 10:05am
Location: Corsham - North Wilts

Re: Tapatalk security breach?

Postby barrym » 14 Dec 2014, 7:46pm

Yep, that seems to be right. I just read thru 6 pages and it seems to be just affecting people logging in to their support forum.

Confidence inspiring isn't it? <sigh>
--
Cheers
Barry

PDQ
Posts: 481
Joined: 6 Oct 2010, 11:54am

Re: Tapatalk security breach?

Postby PDQ » 14 Dec 2014, 7:51pm

The forum is alalways asking me to install Tapatalk but I always decline and I just use the forum from my existing bookmark. What advantages does Tapatalk offer?
It would seem pretty limited in the light of this.

User avatar
barrym
Posts: 633
Joined: 22 Jun 2012, 10:05am
Location: Corsham - North Wilts

Re: Tapatalk security breach?

Postby barrym » 14 Dec 2014, 7:59pm

PDQ wrote:The forum is alalways asking me to install Tapatalk but I always decline and I just use the forum from my existing bookmark. What advantages does Tapatalk offer?
It would seem pretty limited in the light of this.


Well firstly it is designed for the small screen of phones and tablets. Another benefit that springs to mind is the ability to scan unread messages from the whole forum, and mark therm as read which I don't think the web access does, which suits me. I'm sure there are more features, just can't think of them now and BBC Sports Personality is just starting....
--
Cheers
Barry

andy65
Posts: 43
Joined: 25 Oct 2014, 8:37am
Contact:

Re: Tapatalk security breach?

Postby andy65 » 17 Dec 2014, 7:47pm

I don't know if the email is genuine, but as a general rule to protect yourself online never follow a link in an email, particularly if it asks you to reveal any details like passwords because you may be taken to the wrong web page so that they can collect your password. If you want to change your password find the website, checking that you have the proper site, then change your password.

TonyR
Posts: 5390
Joined: 31 Aug 2008, 12:51pm

Re: Tapatalk security breach?

Postby TonyR » 17 Dec 2014, 10:03pm

andy65 wrote:I don't know if the email is genuine, but as a general rule to protect yourself online never follow a link in an email, particularly if it asks you to reveal any details like passwords because you may be taken to the wrong web page so that they can collect your password.


Thunderbird shows where you're linking to without clicking the link so you can see if it's risky or not