Tapatalk security breach?
Tapatalk security breach?
I've just received the email below. The links all check out to be to the Tapatalk site so it looks genuine but my password still works when it says it won't. Has anyone else received it and is it genuine or a phish that works by a means I haven't spotted?
Dear Tapatalk Forum Community,
Today we discovered that someone had used an exploit in a third party plugin on the Tapatalk support forums, leading to the disclosure of email addresses and encrypted passwords, and possibly passwords in cleartext if you attempted to login since December 9th.
Due to this incident, please log into http://www.tapatalk.com/v2 and change your password.
Please choose a strong password, containing a mix of upper and lower case letters, numbers and even symbols if possible.
Never use the same password on more than one site. Passwords should be unique to each site they access in order to comply with basic security best practices.
No other systems appear to have been affected and we will continue to perform audits. In the meantime our support forums will be brought back online but we will be rolling back the site approximately a week as a precaution. Posts and messages since that time will not be restored in this process.
Again, all passwords have been invalidated and will no longer work. Please reset your password using the reset password page and then following the instructions provided in the email.
We are sorry for this inconvenience and thank you for your patience,
The Tapatalk Team
Dear Tapatalk Forum Community,
Today we discovered that someone had used an exploit in a third party plugin on the Tapatalk support forums, leading to the disclosure of email addresses and encrypted passwords, and possibly passwords in cleartext if you attempted to login since December 9th.
Due to this incident, please log into http://www.tapatalk.com/v2 and change your password.
Please choose a strong password, containing a mix of upper and lower case letters, numbers and even symbols if possible.
Never use the same password on more than one site. Passwords should be unique to each site they access in order to comply with basic security best practices.
No other systems appear to have been affected and we will continue to perform audits. In the meantime our support forums will be brought back online but we will be rolling back the site approximately a week as a precaution. Posts and messages since that time will not be restored in this process.
Again, all passwords have been invalidated and will no longer work. Please reset your password using the reset password page and then following the instructions provided in the email.
We are sorry for this inconvenience and thank you for your patience,
The Tapatalk Team
Re: Tapatalk security breach?
I have every reason to believe it's genuine. I got one too.
However it only relates to XenForo so nothing to do with this site.
However it only relates to XenForo so nothing to do with this site.
Re: Tapatalk security breach?
It doesn't have anything to do with this forum, but you should change your Tapatalk password.
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom
― Nelson Mandela, Long Walk to Freedom
-
- Posts: 186
- Joined: 24 Aug 2014, 10:02pm
Re: Tapatalk security breach?
It's your Tapatalk password you should change, not the password you have on this site which has not been compromised as Tapatalk don't hold it.
Re: Tapatalk security breach?
So just wondering why it matters as all Tapatalk does is provide an interface for onwards logging onto this and other fora. The worst they could do is see the list of forums I'm signed up to. So is there any real problem with staying as is?
-
- Posts: 186
- Joined: 24 Aug 2014, 10:02pm
Re: Tapatalk security breach?
Tapatalk authenticates you to a forum using a token. If someone got your tapatalk password they could install tapatalk and log in as you, this would automatically re establish the tokenised connections you have with the forums you have registered in Tapatalk so could impersonate you on the forum, and have access to your PMs.
Re: Tapatalk security breach?
How does the Tapatalk tokenised access get into the CTC Forum if it doesn't have access-to or knowledge-of ones CTC password ??
Tapatalk sounds like the Devil's work to me !!
Tapatalk sounds like the Devil's work to me !!
Re: Tapatalk security breach?
The forum runs a Tapatalk plugin to allow Tapatalk users secure access. But Tapatalk passwords being compromised is like the Tapatalk forum users' passwords being compromised. Presumably anyone affected has gotten email, but people who don't check their email very often may have received a notice yet.
Note: edited for clarification
Note: edited for clarification
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom
― Nelson Mandela, Long Walk to Freedom
Re: Tapatalk security breach?
Hmm, I'm a Tapatalk (Android) user on this and one other forum. I haven't had an email from them.
--
Cheers
Barry
Cheers
Barry
Re: Tapatalk security breach?
There is some misunderstanding here I think.
Correct me if I'm wrong but this does NOT apply to this forum or any other forum using the Tapatalk App.
It only applies to the forum on the tapatalk website itself which forum owners tend to be a member of.
If you just use tapatalk to login to this forum you have no issue.
Correct me if I'm wrong but this does NOT apply to this forum or any other forum using the Tapatalk App.
It only applies to the forum on the tapatalk website itself which forum owners tend to be a member of.
If you just use tapatalk to login to this forum you have no issue.
Re: Tapatalk security breach?
Yep, that seems to be right. I just read thru 6 pages and it seems to be just affecting people logging in to their support forum.
Confidence inspiring isn't it? <sigh>
Confidence inspiring isn't it? <sigh>
--
Cheers
Barry
Cheers
Barry
Re: Tapatalk security breach?
The forum is alalways asking me to install Tapatalk but I always decline and I just use the forum from my existing bookmark. What advantages does Tapatalk offer?
It would seem pretty limited in the light of this.
It would seem pretty limited in the light of this.
Re: Tapatalk security breach?
PDQ wrote:The forum is alalways asking me to install Tapatalk but I always decline and I just use the forum from my existing bookmark. What advantages does Tapatalk offer?
It would seem pretty limited in the light of this.
Well firstly it is designed for the small screen of phones and tablets. Another benefit that springs to mind is the ability to scan unread messages from the whole forum, and mark therm as read which I don't think the web access does, which suits me. I'm sure there are more features, just can't think of them now and BBC Sports Personality is just starting....
--
Cheers
Barry
Cheers
Barry
Re: Tapatalk security breach?
I don't know if the email is genuine, but as a general rule to protect yourself online never follow a link in an email, particularly if it asks you to reveal any details like passwords because you may be taken to the wrong web page so that they can collect your password. If you want to change your password find the website, checking that you have the proper site, then change your password.
Re: Tapatalk security breach?
andy65 wrote:I don't know if the email is genuine, but as a general rule to protect yourself online never follow a link in an email, particularly if it asks you to reveal any details like passwords because you may be taken to the wrong web page so that they can collect your password.
Thunderbird shows where you're linking to without clicking the link so you can see if it's risky or not