Database Breach - An Update

[EKSPat]

While I'm glad to hear you're planning on implementing 2FA, for those of use with windows phones, we can't get Googles Authenticator on our phones, we only have Microsoft s Authenticator and a few other 3rd party ones, so the option to use either Googles or Microsoft's Authenticator would be amazing.

[JD777]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

btgbullseye wrote: +1

xenonblade wrote: +1

AlexZander40 wrote: Well said. May the modding goodness continue.

DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)

Legion563 wrote: +1.

ExtremeMod911 wrote: Absolutely :)

Domifax wrote: +1

Bernt wrote: Totally agree :)

Dragodian777 wrote: "Ditto"...well said.

Saltamontes1980 wrote: +1
I concur, thank you Dark0ne.

dagstar132 wrote: good point well made. transparency in operation and intention is paramount.

Thanks for sharing.

Dag

+(1 X infinity) :)

[JD777]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

btgbullseye wrote: +1

xenonblade wrote: +1

AlexZander40 wrote: Well said. May the modding goodness continue.

DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)

Legion563 wrote: +1.

ExtremeMod911 wrote: Absolutely :)

Domifax wrote: +1

Bernt wrote: Totally agree :)

Dragodian777 wrote: "Ditto"...well said.

Saltamontes1980 wrote: +1
I concur, thank you Dark0ne.

dagstar132 wrote: good point well made. transparency in operation and intention is paramount.

Thanks for sharing.

Dag

JD777 wrote: +(1 X infinity) :)

Sorry double post but no delete button. :( Edited December 10, 2015 by JD777

[MTZGG]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130, #31785185 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

btgbullseye wrote: +1

xenonblade wrote: +1

AlexZander40 wrote: Well said. May the modding goodness continue.

DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)

Legion563 wrote: +1.

ExtremeMod911 wrote: Absolutely :)

Domifax wrote: +1

Bernt wrote: Totally agree :)

Dragodian777 wrote: "Ditto"...well said.

Saltamontes1980 wrote: +1
I concur, thank you Dark0ne.

dagstar132 wrote: good point well made. transparency in operation and intention is paramount.

Thanks for sharing.

Dag

JD777 wrote: +(1 X infinity) :)

JD777 wrote: Sorry double post but no delete button. :(

Ad Victoriam.

[rizilliant]

In response to post #31737390. #31742135, #31743025, #31743530, #31762655, #31770055 are all replies on the same post.

deathdragon8547 wrote: "but right now we're leaning towards Google Authenticator that will allow you to generate secure codes from your smart phones)"

I don't have a cell phone, let alone a smart phone....

AndrewBlane wrote: A very good point. For a long time, niether did I (untill teh jobcentre told me that it was essential for getting a job)

I hate it when places do this.

DamianWayne wrote: Then you have bigger problems than worrying about your Nexus account. It's 2015, and even if you're a luddite, having a phone has become a social and workplace necessity. Maybe get on that.

Dark0ne wrote: 2FA is completely optional anyway.

DFX2K9 wrote: more or less. I get howled at every time I leave the phone at home to charge....

Kanegasi wrote: No one should be forced to have a device they don't want. "It's whatever year" means nothing.

I dont own, nor would i want to own a smart phone... Get with the times you say, and i say, majority of people with smart phones, walk around like mind numbed robots, staring at a small screen all day.. Its a sad society, when more people crash their car, dont interact with humans, and cant even look up from their phone when making a purchase, all because of a damn phone... No thank you!!!

[Sulhir]

In response to post #31737390. #31742135, #31743025, #31743530, #31762655, #31770055, #31791685 are all replies on the same post.

deathdragon8547 wrote: "but right now we're leaning towards Google Authenticator that will allow you to generate secure codes from your smart phones)"

I don't have a cell phone, let alone a smart phone....

AndrewBlane wrote: A very good point. For a long time, niether did I (untill teh jobcentre told me that it was essential for getting a job)

I hate it when places do this.

DamianWayne wrote: Then you have bigger problems than worrying about your Nexus account. It's 2015, and even if you're a luddite, having a phone has become a social and workplace necessity. Maybe get on that.

Dark0ne wrote: 2FA is completely optional anyway.

DFX2K9 wrote: more or less. I get howled at every time I leave the phone at home to charge....

Kanegasi wrote: No one should be forced to have a device they don't want. "It's whatever year" means nothing.

rizilliant wrote: I dont own, nor would i want to own a smart phone... Get with the times you say, and i say, majority of people with smart phones, walk around like mind numbed robots, staring at a small screen all day.. Its a sad society, when more people crash their car, dont interact with humans, and cant even look up from their phone when making a purchase, all because of a damn phone... No thank you!!!

^ Set a better example

[Gooberish1]

I would think if anyone is seriously worried about password/email security on any site, it may be worth considering; not using the same password/email that you use for financial related matters as you use for non financial related matters.

 

That said, people by definition are imperfect, the better person/persons are those who recognize this in them selves, admit this and accept this, while striving to make improvements, which is a concept clearly demonstrated by A) Peoples acceptance and support to such announcements B) People who make those announcements, in recognition that hiding a fault; does not repair it and inevitably makes it worse.

 

So my thanks and respect to the nexus team and community as a whole.

[Oberrill]

In response to post #31737390. #31742135, #31743025, #31743530, #31762655, #31770055, #31791685, #31796770 are all replies on the same post.

deathdragon8547 wrote: "but right now we're leaning towards Google Authenticator that will allow you to generate secure codes from your smart phones)"

I don't have a cell phone, let alone a smart phone....

AndrewBlane wrote: A very good point. For a long time, niether did I (untill teh jobcentre told me that it was essential for getting a job)

I hate it when places do this.

DamianWayne wrote: Then you have bigger problems than worrying about your Nexus account. It's 2015, and even if you're a luddite, having a phone has become a social and workplace necessity. Maybe get on that.

Dark0ne wrote: 2FA is completely optional anyway.

DFX2K9 wrote: more or less. I get howled at every time I leave the phone at home to charge....

Kanegasi wrote: No one should be forced to have a device they don't want. "It's whatever year" means nothing.

rizilliant wrote: I dont own, nor would i want to own a smart phone... Get with the times you say, and i say, majority of people with smart phones, walk around like mind numbed robots, staring at a small screen all day.. Its a sad society, when more people crash their car, dont interact with humans, and cant even look up from their phone when making a purchase, all because of a damn phone... No thank you!!!

Sulhir wrote: ^ Set a better example

Big thumbs down to "smart" phones. I do not have one and will not have one. To the devil with all the people who think they are necessary. And to those who are trying to turn our world to credit cards and "smart" phones, you can go down the hole into which the devil launches the remnants of what he has eaten.

[komarr12]

First off I want to say "thank you" to Dark0ne and all the other folks running this site. I think you did the right thing by promptly telling the community what happened and then keeping us informed. That's all too rare these days.

[Mycu]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130, #31785185, #31786765 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

btgbullseye wrote: +1

xenonblade wrote: +1

AlexZander40 wrote: Well said. May the modding goodness continue.

DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)

Legion563 wrote: +1.

ExtremeMod911 wrote: Absolutely :)

Domifax wrote: +1

Bernt wrote: Totally agree :)

Dragodian777 wrote: "Ditto"...well said.

Saltamontes1980 wrote: +1
I concur, thank you Dark0ne.

dagstar132 wrote: good point well made. transparency in operation and intention is paramount.

Thanks for sharing.

Dag

JD777 wrote: +(1 X infinity) :)

JD777 wrote: Sorry double post but no delete button. :(

MTZGG wrote: Ad Victoriam.

100% agreed.