• Staff favorites and raffle winners have been announced for TBT's Season of Giving! See the latest announcement thread: TBT's Season of Giving 2024: Closing Ceremony. Thank you to everyone for sharing your creativity and generosity during this event!

TBT Data Breach?!

Ras

Ras

Senior Member
Joined
Oct 5, 2013
Posts
3,345
Bells
1,880
Winter Mittens
Guys, I just got an alert that says:

The site belltreeforums.com has been reported in April 2019 to possibly have suffered a data exposure that could include 120466 records

I don't know what's going on, but change your passwords and take precautions. This message will probably be deleted, but I want to warn people.
 
Interesting report, what source did you get this information from so people can decide for themselves how legitimate this information is?
 
can confirm this happened awhile ago. Nothing bad ever came of it as far as I know however. Just change your passwords if you're still worried and go on about your business.
 
Everyone should get a password manager anyway

Also I use haveibeenpwned to see if my email was leaked anywhere. I had a frigging calories app get breached
 
There was a mandatory password reset after the data breach. As long as you keep your passwords fresh, unique, and don't share passwords between sites, you have nothing to worry about.
 
As others have already mentioned, this was from February 2018. If you haven't changed your password since then or use the same one on other sites, you should change it. You can read more in the announcement thread for this here.
 
If anyone uses the same passwords for everything they use online for sites, apps, etc. they're not very bright. If one gets compromised that means everything you use online would be compromised.

Having a password in a foreign language isn't secure. Having only numbers and letters as a password isn't secure. Having only numbers isn't secure. You should have at least one capital letter and at least one symbol in your password. You should have 2-3 or more passwords that you use for things that you can easily remember them with this combination. I have 5-6 different passwords I use and remember them all.

Someone "hacking" your password isn't merely them guessing it. There's keyloggers, remote access trojans and programs that go through a dictionary of words combined with numbers, etc. to guess possible passwords.

Too long didn't read: Don't be naive on the internet.
 
BonkOnTheHead said:
There's keyloggers, remote access trojans and programs that go through a dictionary of words combined with numbers, etc. to guess possible passwords.
Click to expand...

Most websites, including this one, lock out users based on IP address for a while after however-many failed login attempts. Brute-force isn't really feasible for online accounts, and certainly wouldn't be worth the while just to get someone's account on a niche forums website. They go for the low-hanging fruit - buy a list of login details and try them on websites where accounts actually have value, such as PayPal. Security is good and all, but no-one's coming after your TBT account.
 
Last edited:
I ussally don't bother making a long and unique password every time becouse I rarely stay more than one year on an account so if an account gets hacked and it's almost a year old, no big deal for me (assuming the hacker won't do any mess on the site using my account)
 
Twiggy_Star said:
I ussally don't bother making a long and unique password every time becouse I rarely stay more than one year on an account so if an account gets hacked and it's almost a year old, no big deal for me (assuming the hacker won't do any mess on the site using my account)
Click to expand...

the hacker can still somehow get your personal info or sell it even if you think it's not too much of a deal.
heck, people have had their entire identities revealed just because they posted a simple image online.
 
Reckoner said:
heck, people have had their entire identities revealed just because they posted a simple image online.
Click to expand...
Using sites like tineye to do a reverse image search rarely works properly and doesn't make someone a "hacker".


AnimalCrossingPerson said:
Most websites, including this one, lock out users based on IP address for a while after however-many failed login attempts. Brute-force isn't really feasible for online accounts, and certainly wouldn't be worth the while just to get someone's account on a niche forums website. They go for the low-hanging fruit - buy a list of login details and try them on websites where accounts actually have value, such as PayPal. Security is good and all, but no-one's coming after your TBT account.
Click to expand...
Why wouldn't it be worthwhile on a niche forum? You don't think people on here aren't using the same email and password for here as they do for paypal, their online banking, facebook, etc? People are dumb. They use the same user names and/or passwords for everything they use online. Whether the place is a niche forum or a serious site isn't the point.
 
BonkOnTheHead said:
Using sites like tineye to do a reverse image search rarely works properly and doesn't make someone a "hacker".



Why wouldn't it be worthwhile on a niche forum? You don't think people on here aren't using the same email and password for here as they do for paypal, their online banking, facebook, etc? People are dumb. They use the same user names and/or passwords for everything they use online. Whether the place is a niche forum or a serious site isn't the point.
Click to expand...

that wasn't what I was talking about, but whatever
i was talking about the simple data within an image and how you could find someone's location and timezone using it
 
Reckoner said:
that wasn't what I was talking about, but whatever
i was talking about the simple data within an image and how you could find someone's location and timezone using it
Click to expand...

Oh, EXIF data? Most services should strip it, and I don't geotag my photos anyway, but yeah - best remember that exists if you care about it.

- - - Post Merge - - -

BonkOnTheHead said:
Why wouldn't it be worthwhile on a niche forum? You don't think people on here aren't using the same email and password for here as they do for paypal, their online banking, facebook, etc? People are dumb. They use the same user names and/or passwords for everything they use online. Whether the place is a niche forum or a serious site isn't the point.
Click to expand...

My point is no-one can really do anything with a TBT account. They can view your email address and private messages, and post "I stink", but that's about it.

Why go through the effort of spending ages cracking my TBT password, for example. "Oh look, AnimalCrossingPerson's email address is so and so and AnimalCrossingPerson's password is so and so. Let's try those login details on various websites. Oh, it doesn't work. That's a shame. I should have bought a list of leaked email address + password combos instead."
 
Last edited:
You must log in or register to reply here.

Similar threads

Zipper T. Bunny
  • Locked
TBT's Twelfth Annual Easter Egg Hunt (Answers Posted!)
55 56 57
Replies
1K
Views
77K
Zinnia.
Zinnia.
Bilaz
Play ... if:
Replies
0
Views
154
Bilaz
Bilaz
Jeremy
  • Locked
Twenty Years on The Bell Tree
11 12 13
Replies
244
Views
13K
Dunquixote
Dunquixote
Jeremy
  • Locked
The Bell Tree's Time Portal Tragedy
67 68 69
Replies
1K
Views
41K
ShinyDungeoneer
ShinyDungeoneer
Jeremy
  • Locked
Bell Tree Direct - 2.7.24 - Twenty Years of TBT
21 22 23
Replies
444
Views
22K
DaCoSim
DaCoSim
Back
Top