Tapatalk security breach?

Anything about use of this forum : NOT about cycling
Post Reply
TonyR
Posts: 5390
Joined: 31 Aug 2008, 12:51pm

Tapatalk security breach?

Post by TonyR »

I've just received the email below. The links all check out to be to the Tapatalk site so it looks genuine but my password still works when it says it won't. Has anyone else received it and is it genuine or a phish that works by a means I haven't spotted?



Dear Tapatalk Forum Community,

Today we discovered that someone had used an exploit in a third party plugin on the Tapatalk support forums, leading to the disclosure of email addresses and encrypted passwords, and possibly passwords in cleartext if you attempted to login since December 9th.

Due to this incident, please log into http://www.tapatalk.com/v2 and change your password.

Please choose a strong password, containing a mix of upper and lower case letters, numbers and even symbols if possible.
Never use the same password on more than one site. Passwords should be unique to each site they access in order to comply with basic security best practices.
No other systems appear to have been affected and we will continue to perform audits. In the meantime our support forums will be brought back online but we will be rolling back the site approximately a week as a precaution. Posts and messages since that time will not be restored in this process.

Again, all passwords have been invalidated and will no longer work. Please reset your password using the reset password page and then following the instructions provided in the email.

We are sorry for this inconvenience and thank you for your patience,

The Tapatalk Team
Mark1978
Posts: 4912
Joined: 17 Jul 2012, 8:47am
Location: Chester-le-Street, County Durham

Re: Tapatalk security breach?

Post by Mark1978 »

I have every reason to believe it's genuine. I got one too.

However it only relates to XenForo so nothing to do with this site.
Vorpal
Moderator
Posts: 20700
Joined: 19 Jan 2009, 3:34pm
Location: Not there ;)

Re: Tapatalk security breach?

Post by Vorpal »

It doesn't have anything to do with this forum, but you should change your Tapatalk password.
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom
SteveHunter
Posts: 186
Joined: 24 Aug 2014, 10:02pm

Re: Tapatalk security breach?

Post by SteveHunter »

It's your Tapatalk password you should change, not the password you have on this site which has not been compromised as Tapatalk don't hold it.
TonyR
Posts: 5390
Joined: 31 Aug 2008, 12:51pm

Re: Tapatalk security breach?

Post by TonyR »

So just wondering why it matters as all Tapatalk does is provide an interface for onwards logging onto this and other fora. The worst they could do is see the list of forums I'm signed up to. So is there any real problem with staying as is?
SteveHunter
Posts: 186
Joined: 24 Aug 2014, 10:02pm

Re: Tapatalk security breach?

Post by SteveHunter »

Tapatalk authenticates you to a forum using a token. If someone got your tapatalk password they could install tapatalk and log in as you, this would automatically re establish the tokenised connections you have with the forums you have registered in Tapatalk so could impersonate you on the forum, and have access to your PMs.
User avatar
Graham
Moderator
Posts: 6489
Joined: 14 Dec 2006, 8:48pm

Re: Tapatalk security breach?

Post by Graham »

How does the Tapatalk tokenised access get into the CTC Forum if it doesn't have access-to or knowledge-of ones CTC password ??

Tapatalk sounds like the Devil's work to me !!
Vorpal
Moderator
Posts: 20700
Joined: 19 Jan 2009, 3:34pm
Location: Not there ;)

Re: Tapatalk security breach?

Post by Vorpal »

The forum runs a Tapatalk plugin to allow Tapatalk users secure access. But Tapatalk passwords being compromised is like the Tapatalk forum users' passwords being compromised. Presumably anyone affected has gotten email, but people who don't check their email very often may have received a notice yet.

Note: edited for clarification
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom
User avatar
barrym
Posts: 634
Joined: 22 Jun 2012, 10:05am
Location: Corsham - North Wilts

Re: Tapatalk security breach?

Post by barrym »

Hmm, I'm a Tapatalk (Android) user on this and one other forum. I haven't had an email from them.
--
Cheers
Barry
Mark1978
Posts: 4912
Joined: 17 Jul 2012, 8:47am
Location: Chester-le-Street, County Durham

Re: Tapatalk security breach?

Post by Mark1978 »

There is some misunderstanding here I think.

Correct me if I'm wrong but this does NOT apply to this forum or any other forum using the Tapatalk App.

It only applies to the forum on the tapatalk website itself which forum owners tend to be a member of.

If you just use tapatalk to login to this forum you have no issue.
User avatar
barrym
Posts: 634
Joined: 22 Jun 2012, 10:05am
Location: Corsham - North Wilts

Re: Tapatalk security breach?

Post by barrym »

Yep, that seems to be right. I just read thru 6 pages and it seems to be just affecting people logging in to their support forum.

Confidence inspiring isn't it? <sigh>
--
Cheers
Barry
PDQ
Posts: 481
Joined: 6 Oct 2010, 11:54am

Re: Tapatalk security breach?

Post by PDQ »

The forum is alalways asking me to install Tapatalk but I always decline and I just use the forum from my existing bookmark. What advantages does Tapatalk offer?
It would seem pretty limited in the light of this.
User avatar
barrym
Posts: 634
Joined: 22 Jun 2012, 10:05am
Location: Corsham - North Wilts

Re: Tapatalk security breach?

Post by barrym »

PDQ wrote:The forum is alalways asking me to install Tapatalk but I always decline and I just use the forum from my existing bookmark. What advantages does Tapatalk offer?
It would seem pretty limited in the light of this.


Well firstly it is designed for the small screen of phones and tablets. Another benefit that springs to mind is the ability to scan unread messages from the whole forum, and mark therm as read which I don't think the web access does, which suits me. I'm sure there are more features, just can't think of them now and BBC Sports Personality is just starting....
--
Cheers
Barry
andy65
Posts: 43
Joined: 25 Oct 2014, 8:37am
Contact:

Re: Tapatalk security breach?

Post by andy65 »

I don't know if the email is genuine, but as a general rule to protect yourself online never follow a link in an email, particularly if it asks you to reveal any details like passwords because you may be taken to the wrong web page so that they can collect your password. If you want to change your password find the website, checking that you have the proper site, then change your password.
TonyR
Posts: 5390
Joined: 31 Aug 2008, 12:51pm

Re: Tapatalk security breach?

Post by TonyR »

andy65 wrote:I don't know if the email is genuine, but as a general rule to protect yourself online never follow a link in an email, particularly if it asks you to reveal any details like passwords because you may be taken to the wrong web page so that they can collect your password.


Thunderbird shows where you're linking to without clicking the link so you can see if it's risky or not
Post Reply