Old 15th February 2011, 21:50   #1
DJ Egg
Techorator
Winamp Team
 
Join Date: Jun 2000
Posts: 35,522
Winamp Forums Security Breach FAQ

Winamp Management Team —

Hello,

My name is Geno Yoham and I am the General Manager of Winamp. Our entire team is dedicated to protecting the privacy of our users and has put extensive measures in place to ensure your information remains secure. As a result of these precautions, we quickly detected and blocked an attack on the Winamp Forums database. We have confirmed that this breach was isolated to the Winamp Forum (forums.winamp.com) site only. Other Winamp sites and products such as Winamp.com, dev.winamp.com and the Winamp Desktop Media Player were not affected in any way.

We have determined that your email address was exposed as a result of this attack, so as a precautionary measure, we recommend that you change that your password on the Winamp Forums. In addition, we recommend that you change your password every few months as a best practice for keeping your information secure.

We have prepared the following FAQ for questions you may have about this incident. If you have additional questions please feel free to contact us at support@winamp.com.

We apologize for any inconvenience this has caused and want to assure you that we are taking steps to ensure that your information remains secure as a part of our ongoing commitment to protecting your privacy.

Geno Yoham
Winamp


1) What data was exposed in this breach?

We have confirmed that your email address was exposed as a result of this attack. As a security precaution, we recommend that you change your password on the Winamp Forum.

2) How do I change my password?

You can change your password in your “User Control Panel” settings. Login to your account, click the “User Control Panel” in the Forum Nav, then click "Edit Email & Password" under “Settings & Options” Enter your old password and your new password, re-enter to confirm new password and click "Save Changes." Your password will be updated. You can also change the email associated to your Winamp Forums account on the same screen.

3) Was my password compromised?

We found no evidence that anything other than the email addresses of Winamp forum users were accessed. The Winamp forum database supports an encrypted password hash, however we are recommending that you change your password as an extra precaution. In addition, we recommend changing your passwords on a periodic basis as best practice to ensure your personal security online.

4) Should I be concerned about my other online accounts? What if I used that password on other sites?

If you used your Winamp Forums (forums.winamp.com) password on any other web sites, we recommend that you change the password on those sites as well, particularly if you used the same username or email with that site.

5) What if I forgot my Winamp Forums password?

On the Login screen attempt to log once with no password. After you fail that login, you will see “Forgot your password? Click here!”. Enter the email associated to your account and text/numbers in the image verification box (aka Captcha). You will be sent an email at that address that will reset your password. Follow the link you will be taken back to Winamp Forums and another email will be sent to the same account. Use that username and temporary password to login. You can reset your password now by going to the User Control Panel.

6) How can I delete my account?

We understand how important trust is on the web, and some of you may wish to delete your Winamp Forums account. To delete your account make sure that you are logged into the Winamp Forums and follow these simple instructions:

Scroll down to the bottom of the forum home page and click on View Forum Leaders. Scroll down to the Root section to see the list of Administrators. Send your deletion request to DJ Egg or DrO using the contact link to the right of the administrator's name. The Administrator will delete your account upon receiving the private request message and send you a confirmation email once the account is deleted.

7) What happened?

As a result of our continuous security monitoring, we identified and blocked this attack. Additionally, new security measures have been deployed to help keep this type of breach from happening in the future.

8) How are you notifying those whose details were compromised?

We are in the process of notifying all users with a registered account for the Winamp Forums via email. If you have any questions, you can reach us at support@winamp.com.

9) What are you doing to ensure this doesn't happen in the future?

The security team has introduced new web application protections and monitoring processes to detect abusive activity.

10) I received an email from "Winamp" on February 15, was that from you?

Yes, we sent an email on February 15 to all Winamp Forums users informing them of this breach and asking them to reset their passwords for the Winamp Forums and any accounts where they use the same email and/or password. The subject was “Winamp Forums Security Notification.”

11) What can I do if I'm receiving spam because my email was leaked?

You can take steps on your own to wipe out spam from your inbox, but you also have legal recourse:

The CAN-SPAM Act of 2003 allows for private right of actions against spammers. If you receive any spam in your inbox that you believe is related to your leaked email address, please report it to the Federal Trade Commission. Send a copy of unwanted or deceptive messages to spam@uce.gov. The FTC uses the unsolicited emails stored in this database to pursue law enforcement actions against people who send deceptive spam email. For additional information, please visit the FTC’s website. Note, you should not respond to a spam email. By doing so, you confirm that your email account is active, and you'll likely be flooded with more spam.
DJ Egg is online now  
Closed Thread
Go Back   Winamp & SHOUTcast Forums > Winamp > Winamp Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump