⛔ You need to reset your password. This is most likely because...
admin
Vanilla Forums Status:
On Friday, November 15th at 5pm our devs were made aware that full user records in BCRYPT Hash Format were being outputted to browsers when users were quoted. Our team immediately deployed patches to fix this, reset passwords, and terminated sessions for all potentially affected users as a preventative measure. This was to ensure the security of your user accounts. A full incident report has been published on our status page here - https://status.vanillaforums.com/incidents/2zdqxf3bt7mj
This should have minimal impact on Polycount users. Your email addresses and passwords (in encrypted form) could have been leaked, if particular steps were taken, within a short time window. But your passwords are encrypted, difficult to break, you can read about BCRYPT here.On Friday, November 15th at 5pm our devs were made aware that full user records in BCRYPT Hash Format were being outputted to browsers when users were quoted. Our team immediately deployed patches to fix this, reset passwords, and terminated sessions for all potentially affected users as a preventative measure. This was to ensure the security of your user accounts. A full incident report has been published on our status page here - https://status.vanillaforums.com/incidents/2zdqxf3bt7mj
Ultimately, we don't think you should be worried. We're not a banking site, we're an art forum. There's no crazy personal or financial data here.
You may wish to take this opportunity to update your forum password; that's not required here, but it is a smart thing to do periodically with all your sites.
Please let us know if you have any questions.
Muchly sorries. Not our fault, I swaer.
Replies
...shared sum $$$ too, heh
Check the "here" link which should be
https://polycount.com/entry/passwordrequest
and enter your account email address.
When you get the email, click the link, which should be similar to this:
https://polycount.com/entry/passwordreset/NNNN/NNNN
You can then reuse your old password if you like, or you can make a new one.
Really sorry for the hassle on this, not our doing. Well at least you can update your password.
It's the internet, so beware no matter what. Check links before you click them. Ours start with https so at least that's a help.
You definitely shouldn't be reusing passwords from other sites, no matter where you log in. Common sense, really. A password manager is an essential piece for me these days, I'm never without it.
I don't see any reason to be worried here. Except we have the hassle of sign-in cookies not being checked, causing more frequent sign-ins than usual.
Just a hassle. Should be solved in a couple days.
Vanilla Forums Status:
On Friday, November 15th at 5pm our devs were made aware that full user records in BCRYPT Hash Format were being outputted to browsers when users were quoted. Our team immediately deployed patches to fix this, reset passwords, and terminated sessions for all potentially affected users as a preventative measure. This was to ensure the security of your user accounts. A full incident report has been published on our status page here - https://status.vanillaforums.com/incidents/2zdqxf3bt7mj
This should have minimal impact on Polycount users. Your email addresses and passwords (in encrypted form) could have been leaked, if particular steps were taken, within a short time window. But your passwords are encrypted, difficult to break, you can read about BCRYPT here.
Ultimately, we don't think you should be worried. We're not a banking site, we're an art forum. There's no crazy personal or financial data here.
You may wish to take this opportunity to update your forum password; that's not required here, but it is a smart thing to do periodically with all your sites.
Please let us know if you have any questions.
Btw: I changed my password to 123secure which is the same Eric is now using for years without issues. Hope this makes it now harder for future quote-hack-attacks.
Cheers everyone!
Email us at helpdesk@polycount.com using your Polycount account email, and we'll help you out.
Things you can try: