USAC security breach
#1
Member
Thread Starter
Join Date: Feb 2014
Location: NV
Posts: 32
Bikes: Dover (TCR Adv 1)
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 3 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
USAC security breach
FYI, if you reuse similar e-mail address and passwords with your USAC account strongly consider changing the passwords on those accounts. You should assume that whatever password you had for the USAC website is known, and any password you use that is a minor (<4 character difference) is compromised.
#3
Gluteus Enormus
Join Date: Dec 2007
Location: Raleigh, NC
Posts: 2,245
Bikes: Yes
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Well, in my experience they've done a better job of notifying users than most other companies getting hit with a breach. I have to give them points for that. I can't even remember the last time I used my USAC account.
#5
Member
Thread Starter
Join Date: Feb 2014
Location: NV
Posts: 32
Bikes: Dover (TCR Adv 1)
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 3 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Very true, and they deserve some kudos for notifying everyone. However, my impression from previously using their password recovery system is that user passwords were stored in plaintext. As such, whoever broke into the site can easily use those passwords to attempt access on other sites (email, Facebook, banking, etc.).
#7
Senior Member
I couldn't remember which password I used so I've been changing passwords wholesale. Ugh.
__________________
"...during the Lance years, being fit became the No. 1 thing. Totally the only thing. It’s a big part of what we do, but fitness is not the only thing. There’s skills, there’s tactics … there’s all kinds of stuff..." Tim Johnson
"...during the Lance years, being fit became the No. 1 thing. Totally the only thing. It’s a big part of what we do, but fitness is not the only thing. There’s skills, there’s tactics … there’s all kinds of stuff..." Tim Johnson
#8
Senior Member
Join Date: Jan 2014
Location: Southern California, USA
Posts: 10,474
Bikes: 1979 Raleigh Team 753
Mentioned: 153 Post(s)
Tagged: 0 Thread(s)
Quoted: 3374 Post(s)
Liked 371 Times
in
253 Posts
I sent an email.
"To: Help Group - Public
Subject: Thank you for announcing
Kudos to you for not hiding this.
Cheers,"
They sent a reply. As much as things they do annoy me, I sympathize with them on this.
"To: Help Group - Public
Subject: Thank you for announcing
Kudos to you for not hiding this.
Cheers,"
They sent a reply. As much as things they do annoy me, I sympathize with them on this.
#9
I eat carbide.
Join Date: Jan 2006
Location: Elgin, IL
Posts: 21,627
Bikes: Lots. Van Dessel and Squid Dealer
Mentioned: 25 Post(s)
Tagged: 0 Thread(s)
Quoted: 1325 Post(s)
Liked 1,306 Times
in
560 Posts
My data has been compromised already by much larger companies than this. Part of society now. Meh.
__________________
PSIMET Wheels, PSIMET Racing, PSIMET Neutral Race Support, and 11 Jackson Coffee
Podcast - YouTube Channel
Video about PSIMET Wheels
Podcast - YouTube Channel
Video about PSIMET Wheels
#11
Senior Member
#12
commu*ist spy
also, is it true that most legit websites use some 1 way encryption to hide your password such that hackers can't see it even if they could access it? the rule of thumb is when you do the "forgot password" routine, if they send you a link to reset it, then your password is encrypted. If they send you your existing password, then that's a sign that they don't do anything to protect it. I think usac does the former. but I don't know how safe/unsafe all of this really is....
#13
Senior Member
Join Date: Aug 2012
Location: Houston
Posts: 606
Bikes: Trek Madone, Blue Triad SL, Dixie Flyer BTB
Mentioned: 8 Post(s)
Tagged: 0 Thread(s)
Quoted: 160 Post(s)
Liked 0 Times
in
0 Posts
also, is it true that most legit websites use some 1 way encryption to hide your password such that hackers can't see it even if they could access it? the rule of thumb is when you do the "forgot password" routine, if they send you a link to reset it, then your password is encrypted. If they send you your existing password, then that's a sign that they don't do anything to protect it. I think usac does the former. but I don't know how safe/unsafe all of this really is....
#14
Senior Member