Chief
~ Shmalpha ~
- Admin
- #1
This email went out to affected users last night our time. Seeing as it involves users whose email addresses no longer exist or the email may end up in spam folders, it's been decided to post it on the forum as well.
This situation only applies to people who have posted sensitive information in private conversations, restricted forums, and other places with any amount of restricted access, whether it's a convo between you and one other person, or a restricted board where 100 people have access.
Most people won't have shared private info like phone numbers and bank details and other sensitive information. However it can't be fully determined who has shared what, so everyone who has ever posted in a private feature like convos has been emailed.
From questions asked by users, the following needs to be added/clarified/expanded:
* It seems there's no evidence that the search index was copied in full.
* The main forum server is not affected. The breach doesn't include information you provided at registration.
* The breach does not include images - they are stored on a different server accessible through the forum privileges system. Images uploaded to BigFooty will appear in the text of messages as URLs. Images hosted elsewhere will rely on the security of the image host.
* The breach does not include information provided when paying for Premium Memberships.
If you have any questions or requests, please contact:
Email: helpdesk@biginterestgroup.com
Online contact form: Contact Us | Big Interest Group
Mail:
Big Interest Group LLC
3422 Old Capitol Trail, # 519
Wilmington, DE 19808
You will be responded to as quickly as possible.
From my personal point of view, I know this will be a worry to some people. I was floored when I heard about it. It sucks that it happened. I'll be around to help out with any requests that are passed my way.
Thanks for your understanding.
=======
The official notification:
Data Breach Notice - BigFooty Forum Search Index
What happened?
Recently we learned of a security breach on BigFooty's search index which, due to a mis-configuration, was publicly accessible without restriction. This search index included content that may have been removed from public view on the forum, and other content where access was restricted. Access to the index was blocked as soon as we became aware of the issue on the 14th of May and commenced assessment of the breach. Whilst we now know that there was some unwanted interaction by unauthorised people, our investigation leads us to believe the whole index was not copied. To be safe, we have chosen to inform you as if it was.
What kind of user data was affected?
We stress that this was not the core forum database, just the search index.
No account registration information like email and date of birth was involved.
The search index includes source documents, being forum posts, private conversations posted since mid-April 2012 when we changed forum software providers, profile comments, and other private and public messages. We believe that for most affected users there is no personally identifying information involved. Please check your own private messages and forum posts to assess what information has been potentially exposed.
We currently do not believe that the whole index was downloaded.
Big Interest Group apologises if this causes distress or inconvenience to any site members. We are incredibly embarrassed that this has happened in our system, which has remained secure for over 20 years. Our technical experts are reviewing our systems and processes and have put in more controls to make our system more secure.
What should you do now?
If you have shared personal contact or financial information in private boards, comments sections, and conversations, you may want to discuss this with people like your bank and phone service provider.
If you have shared any account login details you should change them immediately.
What can you do in future?
First up, check this free service to see if your data has been exposed through security breaches at other companies and organisations:
Everyone should always follow standard online safety practices, including things like:
* Don't post any sensitive information on BigFooty or any Internet site. Recipients of your messages can always take screenshots, or copies of messages can be shared with other users. Most sites do not have the security of a bank or phone service provider.
* Don't share passwords with anyone.
* If you absolutely have to share personal information via private posts or messages on any site or app, delete the message afterwards.
* For security of your own user account, consider two-step authentication where it is offered by a service provider or platform. BigFooty's is here: https://www.bigfooty.com/forum/account/security
* Find more tips via searches like this: tips to protect your personal data - Google Search
* Using services like 1Password - Password Manager for Families, Enterprise & Business | 1Password - and BitWarden - The password manager trusted by millions | Bitwarden - to generate strong passwords and manage them.
We have given all registered users the ability to change their user name for the next 60 days, if they wish:
Where users have elected to display their birth date and/or year, we have disabled this, as well as the "today's birthdays" display. You can still switch this back on if you like. Default settings for new registrations have had this disabled for a number of years.
More generally, you can change which other items of your registration information are visible to different groups of people via your Privacy settings:
Big Interest Group will provide further updates to affected members if more information becomes available.
Please contact us if you have any questions or requests and we will respond as quickly as we can.
Email: helpdesk@biginterestgroup.com
Online contact form: Contact Us | Big Interest Group
Mail:
Big Interest Group LLC
3422 Old Capitol Trail, # 519
Wilmington, DE 19808
You should also review our:
Full Terms of Service - Terms Of Service | Big Interest Group
Privacy Policy - Privacy | Big Interest Group
This situation only applies to people who have posted sensitive information in private conversations, restricted forums, and other places with any amount of restricted access, whether it's a convo between you and one other person, or a restricted board where 100 people have access.
Most people won't have shared private info like phone numbers and bank details and other sensitive information. However it can't be fully determined who has shared what, so everyone who has ever posted in a private feature like convos has been emailed.
From questions asked by users, the following needs to be added/clarified/expanded:
* It seems there's no evidence that the search index was copied in full.
* The main forum server is not affected. The breach doesn't include information you provided at registration.
* The breach does not include images - they are stored on a different server accessible through the forum privileges system. Images uploaded to BigFooty will appear in the text of messages as URLs. Images hosted elsewhere will rely on the security of the image host.
* The breach does not include information provided when paying for Premium Memberships.
If you have any questions or requests, please contact:
Email: helpdesk@biginterestgroup.com
Online contact form: Contact Us | Big Interest Group
Mail:
Big Interest Group LLC
3422 Old Capitol Trail, # 519
Wilmington, DE 19808
You will be responded to as quickly as possible.
From my personal point of view, I know this will be a worry to some people. I was floored when I heard about it. It sucks that it happened. I'll be around to help out with any requests that are passed my way.
Thanks for your understanding.
=======
The official notification:
Data Breach Notice - BigFooty Forum Search Index
What happened?
Recently we learned of a security breach on BigFooty's search index which, due to a mis-configuration, was publicly accessible without restriction. This search index included content that may have been removed from public view on the forum, and other content where access was restricted. Access to the index was blocked as soon as we became aware of the issue on the 14th of May and commenced assessment of the breach. Whilst we now know that there was some unwanted interaction by unauthorised people, our investigation leads us to believe the whole index was not copied. To be safe, we have chosen to inform you as if it was.
What kind of user data was affected?
We stress that this was not the core forum database, just the search index.
No account registration information like email and date of birth was involved.
The search index includes source documents, being forum posts, private conversations posted since mid-April 2012 when we changed forum software providers, profile comments, and other private and public messages. We believe that for most affected users there is no personally identifying information involved. Please check your own private messages and forum posts to assess what information has been potentially exposed.
We currently do not believe that the whole index was downloaded.
Big Interest Group apologises if this causes distress or inconvenience to any site members. We are incredibly embarrassed that this has happened in our system, which has remained secure for over 20 years. Our technical experts are reviewing our systems and processes and have put in more controls to make our system more secure.
What should you do now?
If you have shared personal contact or financial information in private boards, comments sections, and conversations, you may want to discuss this with people like your bank and phone service provider.
If you have shared any account login details you should change them immediately.
What can you do in future?
First up, check this free service to see if your data has been exposed through security breaches at other companies and organisations:
Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
haveibeenpwned.com
Everyone should always follow standard online safety practices, including things like:
* Don't post any sensitive information on BigFooty or any Internet site. Recipients of your messages can always take screenshots, or copies of messages can be shared with other users. Most sites do not have the security of a bank or phone service provider.
* Don't share passwords with anyone.
* If you absolutely have to share personal information via private posts or messages on any site or app, delete the message afterwards.
* For security of your own user account, consider two-step authentication where it is offered by a service provider or platform. BigFooty's is here: https://www.bigfooty.com/forum/account/security
* Find more tips via searches like this: tips to protect your personal data - Google Search
* Using services like 1Password - Password Manager for Families, Enterprise & Business | 1Password - and BitWarden - The password manager trusted by millions | Bitwarden - to generate strong passwords and manage them.
We have given all registered users the ability to change their user name for the next 60 days, if they wish:
Where users have elected to display their birth date and/or year, we have disabled this, as well as the "today's birthdays" display. You can still switch this back on if you like. Default settings for new registrations have had this disabled for a number of years.
More generally, you can change which other items of your registration information are visible to different groups of people via your Privacy settings:
Big Interest Group will provide further updates to affected members if more information becomes available.
Please contact us if you have any questions or requests and we will respond as quickly as we can.
Email: helpdesk@biginterestgroup.com
Online contact form: Contact Us | Big Interest Group
Mail:
Big Interest Group LLC
3422 Old Capitol Trail, # 519
Wilmington, DE 19808
You should also review our:
Full Terms of Service - Terms Of Service | Big Interest Group
Privacy Policy - Privacy | Big Interest Group