Forums have again been hacked

Status
Not open for further replies.
I have received at least one spam email to the email I registered with on this site, but I use it on a few sites, so can’t say for sure it was compromised here. It’s not a very complicated one though, and in the last week have had a couple spam messages, far less than usual, so I’m not worried.
 
I am going to close this thread for exactly the same reason the last one was closed. If you have concerns about the security of your personal information or about the site in general, please send a PM to Admin. If there has been a breach (and I and the other moderators have no access to the underlying systems to check), then discussing here only validates a hacker's efforts.

Admin and the engineers who provide hosting and administration functions will investigate and respond, either by PM or posting here as appropriate.

If you believe you have evidence of hacking, please send via PM to Admin.

Please understand that a thorough investigate of such issues can take time to complete. Also note that no personal financial details are held on the computer systems running the forum, only email addresses as required to communicate with forum members.
 
As serfty has indicated, I've been away for a few days with no internet/mobile access. Will be returning this week-end and will fully investigate the issue with our server administrator.

At this stage it does not look as though the site has been hacked again. (The previous time, there were a number of tell-tale signs indicating that the site had indeed been hacked.) I suspect any spam members have received may have been due to the previous hack which happened about 18 months. For those that have received spam, you you please PM me the (approximate) date you registered and/or changed your AFF email address. As I say, I think the problem could be due to an ealier security breach.

Please rest assured that we take security very seriously. AFF runs on a dedicated server located in a secure data centre in Australia. We do not use commercial hosting, but own and operate our own equipment. We employ a highly skilled server administrator who manages server security. That said, AFF runs on commercial forum software which is prone to being hacked.

In the worst cast scenario, the only information which could be compromised would be the personal information you enter when registering. This includes your email address but excludes your password which is encrypted. No financial information is stored.

As I say, we will investigate the matter fully next week, and report back.
 
We have completed our investigation and can now confirm that the frequentflyer.com.au database has NOT BEEN HACKED and remains secure.

Over the last 18 months, we have invested heavily in new infrastructure, security staff and process to ensure that our forum data remains secure and confidential. I am confident that the databases that we manage are as secure as they can be.

That said, there was a security breach in the subscription database of The Frequent Flyer Gazette, our weekly newsletter which many of you receive. The Frequent Flyer Gazette is a completely separate to AFF. It has its own domain name and subscription database. We use a Aweber, the leading subscription management company and a highly reputable company, to manage this subscription list and send the weekly newsletter. It appears as they were hacked late last month. See www.aweber.com/blog/uncategorized/data-compromise.htm. So it is possible that spam you might be receiving is due to the breach in their security.

We take great care and do every thing in our control to maintain security and privacy. We have been operating since 1998 and certainly don't spam or sell our email lists to anyone. As we all know, nothing on the internet is 100% secure. Hacking can happen to anyone, even a large company such as Aweber. Unfortunately, this is the reality of the internet and users do need to take some responsibility such as installing a spam filter.

So, in summary, there was a security breach in an outsourced service used to distribute the Frequent Flyer Gazette, our weekly newsletter. The AFF database was not hacked, and all information contained in it continues to be secure.

I am now going to permanently close this thread. Keeping it open only encourages hackers, and (as we have witnessed in this thread) can cause unnecessary concern and anxiety. If you suspect that there is a security problem, please PM me rather than putting up a post. We take security very seriously, and all such messages will take top priority and be responded to as soon as possible.
 
It seems as though Aweber was hacked again. :(

Please see note on their website
Email Subscriber Data Accessed; What We’re Doing About It.

I'm obviously extremely disappointed as this is the 2nd time this has occurred in less than a year. I'll now be investigating alternatives to Aweber for the management of the Frequent Flyer Gazette subscription database. (Although I suspect that all companies which offer these services have similiar vulnerabilities and are prone to such attacked)

IMPORTANT: The AFF Server remains secure and no information on our database has been compromised.
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Status
Not open for further replies.

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

Total: 1,148 (members: 22, guests: 1,126)
Back
Top