Options

Forced Account Reset?

silence1186silence1186 Character shields down!As a wingmanRegistered User regular
Today when I tried to login to the forums on another device, there was a red error bar stating I needed to change my password because an administrator changed my account information.

Is this routine? Should I follow the link? Or is it some kind of error?

Posts

  • Options
    ani_game_bumani_game_bum Optimistic, Rule-Breaking Nice Guy The Final World/DestinationRegistered User regular
    Same here. Logged into forums on my work PC OK about 9:30 AM EST then tried logging in through my personal laptop around 10:15 AM EST but prompted me to change password due to a change on the admin side or something similar. Provided email address account is associated with, got the password change e-mail, and changed my password OK and logged in OK.

    Used Chrome on both PCs to get on the forums.

    That's about all I did/can recall.

    steam_sig.pngPSN: ani_game_bum Battle.net ID: Anigamebum#1354 Genshin UID: 660694297 Switch FC: SW-2127-8288-6505 Steam Wishlist
  • Options
    Commander ZoomCommander Zoom Registered User regular
    Same for me.

  • Options
    IrukaIruka Registered User, Moderator Mod Emeritus
    Incident report: https://status.vanillaforums.com/incidents/2zdqxf3bt7mj

    It was an intentional reset, details in the link.

  • Options
    silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    Thanks for the follow up.

  • Options
    Undead ScottsmanUndead Scottsman Registered User regular
    edited November 2019
    Greaaaatt...

    Thanks for the quick action, at least.

    Undead Scottsman on
  • Options
    Inquisitor77Inquisitor77 2 x Penny Arcade Fight Club Champion A fixed point in space and timeRegistered User regular
    Stuff like this is why I'm glad I use Lastpass. Just reset my password for this site and move on with my life...

  • Options
    AthenorAthenor Battle Hardened Optimist The Skies of HiigaraRegistered User regular
    @Iruka

    Just FYI, there's nothing on the forum landing page when you are signed out that points to this forced reset. It just happened to me, and I was freaking out for a bit until one of the Discord groups mentioned that it had happened to them too. And then I was freaking out because my account is so ancient, I was worried I had a now defunct email on it.

    I'd recommend a banner message, perhaps in a different color than the 4 Tube has up there right now when you are not logged in.

    Now that Keepass on my phone supports my fingerprint reader, I'm putting an actual secure password on my account. I didn't before because having to constantly log back in every couple of weeks was a pain on my phone.

    Long live my slightly modified password from 1996! I was an idiot back then.

    He/Him | "A boat is always safest in the harbor, but that’s not why we build boats." | "If you run, you gain one. If you move forward, you gain two." - Suletta Mercury, G-Witch
  • Options
    VishNubVishNub Registered User regular
    I was about to come suggest the same thing. It would be reassuring.

  • Options
    Kipling217Kipling217 Registered User regular
    Kinda scary for me since I have been using the same password since I signed up in 2007. I had no idea which email account I was using at all. Lucky I guessed it right.

    The sky was full of stars, every star an exploding ship. One of ours.
  • Options
    ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    Passwords were salted and hashed. The information was disclosed within two weeks of the initial breach.

    Thanks, Vanilla. I wish most companies would be half as decent.

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
  • Options
    Hey. So the email I used to sign up for my account over a decade ago has moldered into dust. Is there a way to get back to my old profile @astrobstrd without having access to that email?

    I have the same problem. My account is LockedOnTarget

    The email I used for it isn’t functional anymore, so I can’t do the password reset.

  • Options
    EspantaPajaroEspantaPajaro Registered User regular
    All right cool , just happened to me and gave me a mini heart attack.

  • Options
    TubeTube Registered User admin
    Pgroome@penny-arcade.com is the contact for this

  • Options
    Zilla360Zilla360 21st Century. |She/Her| Trans* Woman In Aviators Firing A Bazooka. ⚛️Registered User regular
    So it was due to a fix to a code regression that introduced a security vulnerability? Ah, I see.

  • Options
    MMMigMMMig Registered User regular
    I've already reset my password, but the banner is still there saying I might have to.


    OK to ignore after 1 reset, right?

    l4lGvOw.png
    Witty signature comment goes here...

    wra
  • Options
    CampyCampy Registered User regular
    edited November 2019
    Shadowfire wrote: »
    Passwords were salted and hashed. The information was disclosed within two weeks of the initial breach.

    Thanks, Vanilla. I wish most companies would be half as decent.

    Yeah, most companies would have sat on this for months, if not years.

    Campy on
  • Options
    JazzJazz Registered User regular
    edited November 2019
    Campy wrote: »
    Shadowfire wrote: »
    Passwords were salted and hashed. The information was disclosed within two weeks of the initial breach.

    Thanks, Vanilla. I wish most companies would be half as decent.

    Yeah, most companies would have sat on this for months, if not years.

    Not to mention may have stored passwords in plain text or something.

    Jazz on
  • Options
    AthenorAthenor Battle Hardened Optimist The Skies of HiigaraRegistered User regular
    MMMig wrote: »
    I've already reset my password, but the banner is still there saying I might have to.


    OK to ignore after 1 reset, right?

    As far as I can tell, the banner can't be dismissed. So yeah - if you can login, that means you've changed your password and are free to ignore.

    He/Him | "A boat is always safest in the harbor, but that’s not why we build boats." | "If you run, you gain one. If you move forward, you gain two." - Suletta Mercury, G-Witch
  • Options
    LockedOnTargetLockedOnTarget Registered User regular
    Issue resolved for me, thanks!

  • Options
    IanatorIanator Gaze upon my works, ye mighty and facepalm.Registered User regular
    Yahoo! mail was a jerk and wasn't giving me any of the several password reset mails, even when Tube sent one manually. Fortunately my account is now linked to my current address.

    steam_sig.png
    Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
    Backlog Challenge List
  • Options
    InfidelInfidel Heretic Registered User regular
    If you used the password you had here anywhere else, it would be good to change it elsewhere.

    Also try to not reuse passwords and look into a password keeper. :D

    OrokosPA.png
  • Options
    FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    This is a pretty milquetoast vulnerability but I appreciate Vanilla for taking it seriously.

    Other companies have far worse situations all the time but don't treat it with the same urgency.

    Thumbs-up to Vanilla for being ahead of the curve.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • Options
    TubeTube Registered User admin
    We’ve been able to ascertain that we were at low risk and have restored access to a number of accounts that were still awaiting a reset. We highly recommend making sure your email is up to date and resetting your password. Better safe than sorry.

  • Options
    halkunhalkun Registered User regular
    Man, that postmortem report was super sexy! I've worked with multi-million dollar enterprises and have never seen a report like that.

Sign In or Register to comment.