Jump to content
digitaltoast

MoDaCo site breach notification

Recommended Posts

https://haveibeenpwned.com/ just notified me that my account here has been pwnd.

Quote

 

MoDaCo: In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

Date of breach:    1 Jan 2016
Number of accounts:    879,703

 

Now, these things happen and I have a pretty strong, unique password here (now changed again). But I've been back through gmail and I see no email notification of this?

Was there an alert sent out at the time? And shouldn't the site have forced a password change on me when I logged in today, as I last updated  the password in 2014.

  • Upvote 2

Share this post


Link to post
Share on other sites

Just got same alert, key piece in email alert is that it's a salted hash, these are usually harder to crack or would at least take a bit longer. 

 

I agree notification should go out, I would like to delete my account not used this in years but no option.... 

 

Also I got notified by have I been pwned months before LinkedIn notified me so I am not too Suprised we haven't heard anything yet. 

Share this post


Link to post
Share on other sites

I'd also like to be able to delete my account. 

Is it possible to change the attached email address and screen name? Can't see an option here on the mobile site. 

Share this post


Link to post
Share on other sites

Breach:

MoDaCo

Date of breach:

1 Jan 2016

Number of accounts:

879,703

Compromised data:

Email addresses, IP addresses, Passwords, Usernames

Description:

In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

Share this post


Link to post
Share on other sites

Ditto....again see attachement, why did it take from January until now to be notified of this? Come on Mods get your act together on something as important as this and look after OUR data in a more responsible way!!!!

MoDaCo.JPG

Share this post


Link to post
Share on other sites

You assume this website knew they were breached, it may be that the data has just become readily available on the Internet and that's the date they indicate they originally got it. I suspect it's news to modaco in only last few hours/days. 

Share this post


Link to post
Share on other sites

Same here. Never use this site any more as XDA is superior and there's no way to my knowledge to delete your account.

 

I'd appreciate if an Administrator could remove my account permanently please.

Share this post


Link to post
Share on other sites

Yeah, I want my account deleted as well, and any references to it or my personal data completely removed (DPA).

This was months ago, and no notice?

Share this post


Link to post
Share on other sites
1 hour ago, PierceUK said:

You assume this website knew they were breached, it may be that the data has just become readily available on the Internet and that's the date they indicate they originally got it. I suspect it's news to modaco in only last few hours/days. 

Given the information is public, they should have known, in which case we should have been contacted. If they didn't know then they're negligent. Either way, it doesn't look good. 

It should be the admin's first priority to notify users as it's our data and our privacy that's at risk.

Share this post


Link to post
Share on other sites

Yes, please delete my account. I no longer trust this site with any of my information and I would like all of my personal information to be forgotten (you may keep my posted content under a pseudonym if you wish).

Share this post


Link to post
Share on other sites
31 minutes ago, ramboky said:

Given the information is public, they should have known, in which case we should have been contacted. If they didn't know then they're negligent. Either way, it doesn't look good. 

It should be the admin's first priority to notify users as it's our data and our privacy that's at risk.

Agreed, I just think people assume they knew about this for months but it's more likely days if that, I always think incompetence over neglect.

As I mentioned in another post, I usually get "have I been pwned"  messages weeks/months before the company lets me know... I really need to clean up my old accounts as this is like the 4th email this year :-/ 

Share this post


Link to post
Share on other sites

Good afternoon all.

I am preparing an official statement on this and will be posting it later today after we have completed some investigations.

I would like to assure everyone that passwords are held in a strongly encrypted form however.

P

Share this post


Link to post
Share on other sites

I would also like to add that obviously, for anyone who wants to remove their data from the site, we will of course facilitate this, details will also be in the statement later.

The security of your data is of utmost importance to us - I appreciate we've let you down in this regard but hope we can allay some concerns and do our best to rebuild your confidence starting with our statement.

P

Share this post


Link to post
Share on other sites

Thanks Paul. I'm cool with remaining here - from what you're saying, it sounds like today is the first you've known about it, hence why no email. Anyway, I'll wait and read the statement.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×