USPSA Website hacked and PWs/Emails compromised

Friction · Nov 26, 2014

USPSA password and email database was hacked and leaked. Site is down at this time but everyone will presumably need to change their PW once it is back up and ensure any other sites that used that PW and email combo have been changed (if you do that, which isn't smart).
Apparently the PWs were stored in an unencrypted DB which makes a lot of sense...in 1991. ****ing Clownshoes!

http://www.brianenos.com/forums/index.php?showtopic=205850&hl=

USPSA Web Site Hacked - USPSA Shooting - Invision Power Board

Friction · Nov 26, 2014

Incase you want to know if your info is listed:
http://www.uspsa.org/ Email+Pass Dump 15k+ Plain Text - Pastebin.com

people are actively using this to get into people's paypal accounts right now.

Kane406 · Nov 26, 2014

What service does uspsa.org offer that requires an email address and password?
I have only viewed match results and my personal profile.

Friction · Nov 26, 2014

None really, most things are accessible via the pin but when you first register you can create a password before you receive your first membership card with the pin on it.

Kane406 · Nov 26, 2014

Okay, I was wondering if I was missing out on some benefit/service. I checked the link you provided and I my
info was not included. But I did look for a few email addresses that I know and they were there, so the list appears to be real.

Jimbovia · Nov 26, 2014

S.o.a.B!!!! Thanks for the heads up.

pudly · Nov 26, 2014

Just an information security reminder folks. Please do not reuse your passwords between sites, especially passwords for financial and major sites (like Google, Twitter, Facebook, etc). Apparently a lot of people on this list didn't do that and are now vulnerable to Paypal and other hacks. If you did use the same password at USPSA and some other sites, please change both passwords.

rvb · Nov 26, 2014

Thanks for the heads up!
-rvb

Dog1 · Nov 26, 2014

I scrolled through that list, saw mine and a bunch of names and emails I knew or recognized.

When caught hackers should have their hands cut off and their eyes gouged out.

Friction · Nov 26, 2014

There are 90 people on that list that used "password" as their password. I sincerely hope that by this point people know better than to use any complete word, or combination of words that can be found in a dictionary as a password for anything more important that the USPSA site.

rhino · Nov 27, 2014

Friction said:
Incase you want to know if your info is listed:
http://www.uspsa.org/ Email+Pass Dump 15k+ Plain Text - Pastebin.com

people are actively using this to get into people's paypal accounts right now.

Did anyone make a copy of the list? It's gone now.

I wish I could be surprised that password file was unencrypted. That's a huge douche move.

Jackson · Nov 27, 2014

rhino said:
Did anyone make a copy of the list? It's gone now.

I wish I could be surprised that password file was unencrypted. That's a huge douche move.

I have a PDF screen print of the page. I will e-mail it to you.

rhino · Nov 27, 2014

Jackson said:
I have a PDF screen print of the page. I will e-mail it to you.

Thank you!

The password I had on there won't help anyone get into anything of mine, but it was a good reminder that we all need to be vigilant to protect our assets from thieves and vandals. I made some changes to my financial institution logins that will make it a little tougher for them.

rhino · Nov 27, 2014

So . . . how many DAYS should I expect to wait for the password reset? If they're sending an email to me with a link, it's not arriving, nor is it going to my spam folder.

Of course, why should expect that to function from people who left thousands of email/password combinations available as a plain text file after being warned in the past?

DUMBASSES.

Kane406 · Nov 27, 2014

rhino said:
So . . . how many DAYS should I expect to wait for the password reset? If they're sending an email to me with a link, it's not arriving, nor is it going to my spam folder.

I received an email from USPSA last night at 7:22

Dog1 · Nov 27, 2014

rhino said:
So . . . how many DAYS should I expect to wait for the password reset? If they're sending an email to me with a link, it's not arriving, nor is it going to my spam folder.

Of course, why should expect that to function from people who left thousands of email/password combinations available as a plain text file after being warned in the past?

DUMBASSES.

They sent me one in a few minutes after I requested one. However, it ended up in my spam folder.

You using gmail? If so, go to gmail and check the spam folder there. The email was in that folder, but not in my Windows Live folder.

rvb · Nov 27, 2014

rhino said:
So . . . how many DAYS should I expect to wait for the password reset? If they're sending an email to me with a link, it's not arriving, nor is it going to my spam folder.

Of course, why should expect that to function from people who left thousands of email/password combinations available as a plain text file after being warned in the past?

DUMBASSES.

My request wasn't coming, so after a while I requested again and it came instantly....
-rvb

rhino · Nov 27, 2014

I requested half a dozen times throughout the day/evening after I learned about this ENTIRELY PREDICTABLE AND EASILY AVOIDABLE DEBACLE. Nothing in my spam filter (not gmail) and no sign of email with a link for a password reset.

Friction · Nov 27, 2014

I'm not sure if this is consistent with what the civilian business world requires but obviously the DOD has put some effort into ensuring their password protocols are difficult to crack by using as many keyboard characters as possible. Here are the standards that we have to deal with. Use of this methodology for high level sites like banking and such is probably a goos idea.
[FONT=lucida_sansregular]
Must be 9 to 30 characters in length
[/FONT][FONT=lucida_sansregular]Contain at least one UPPERCASE letter
[/FONT][FONT=lucida_sansregular]Contain at least one lowercase letter
[/FONT][FONT=lucida_sansregular]Contain at least one number (0-9)
[/FONT][FONT=lucida_sansregular]Contain at least one of the following special characters:[/FONT][FONT=lucida_sansregular]# (pound or number sign)
@ (at sign)
$ (dollar sign)
= (equal sign)
+ (plus sign)
% (percent sign)
^ (caret)
! (exclamation)
* (asterisk)
_ (underline/underscore)

[/FONT]

singlesix · Nov 27, 2014

Here is the Blonde Password Solution:

During a recent password audit, it was found that a blonde was using the following password: "MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento"
When asked why such a long password, she said she was told that it had to be at least 8 characters long and include at least one capital.

USPSA Website hacked and PWs/Emails compromised

The #1 community for Gun Owners in Indiana

Member Benefits:

Plinker

Plinker

Marksman

Plinker

Marksman

Marksman

Grandmaster

Grandmaster

Master

Plinker

Grandmaster

Master

Grandmaster

Grandmaster

Marksman

Master

Grandmaster

Grandmaster

Plinker

Grandmaster

Log in

Site Supporter

Forum statistics