CurlTalk

NC Under Attack

*Marah**Marah* Posts: 8,032Registered Users
Something is SERIOUSLY wrong about the website's security. It keeps logging me in as other people as well as making people's private messages available to me... I emailed the administrator.. I have no clue if that went thru.
tumblr_m9jonzYZmu1re7hjjo1_250.jpg

Comments

  • ninja dogninja dog Posts: 23,780Registered Users
    *Marah* wrote: »
    Something is SERIOUSLY wrong about the website's security. It keeps logging me in as other people as well as making people's private messages available to me... I emailed the administrator.. I have no clue if that went thru.

    It just logged me in as you.^
  • CurlyElectraCurlyElectra Posts: 1,145Registered Users
    Just happened to me too. I tried to provide feedback to the admin but it kept logging me in as someone else.
    People should be willing to stand by the things they say. Or they shouldn't say them. If your opinion can't stand in the light of day...maybe it should stay in the dark...in your head?

    - AmberBrown
  • FieryCurlsFieryCurls Posts: 2,904Registered Users
    Yeah. Something is going on. I have thus far been logged in as Wile, CaptainAwesome, and Spring1onu.
    2qhtm5.png

    WNckm6.png
  • cymprenicympreni Posts: 9,609Registered Users
    I've been TNB and someone else so far. I'm also getting random messages of invald security tolkens as well. I'm not really doing anything just hitting refresh or trying to open a thread. And for a while I was signed out, and no matter how many times i hit sign in nothing happened.
  • nynaeve77nynaeve77 Posts: 7,135Registered Users
    I showed up logged in as cympreni, but now I'm myself. Weird.
    "Maybe Lucy's right. Of all the Charlie Browns in the world, you're the Charlie Browniest."--Linus, A Charlie Brown Christmas


    My fotki: /home/leaving?target=http%3A%2F%2Fpublic.fotki.com%2Fnynaeve77%2F" class="Popup
    Password: orphanannie
  • redcelticcurlsredcelticcurls Posts: 17,502Registered Users
    Are you guys on the app or the site?


    Siri types my posts for me.
    Kiva! Microfinance works.

    Med/Coarse, porous curly.
  • FieryCurlsFieryCurls Posts: 2,904Registered Users
    RCC, I'm on the site.
    2qhtm5.png

    WNckm6.png
  • nynaeve77nynaeve77 Posts: 7,135Registered Users
    Yeah, I've been logged in as cympreni, Amneris, MoppyT, and Junipero.

    (this is nynaeve77, just in case this goes through as yet another poster)
    "Maybe Lucy's right. Of all the Charlie Browns in the world, you're the Charlie Browniest."--Linus, A Charlie Brown Christmas


    My fotki: /home/leaving?target=http%3A%2F%2Fpublic.fotki.com%2Fnynaeve77%2F" class="Popup
    Password: orphanannie
  • wild~hairwild~hair Posts: 9,890Registered Users
    This is happening to me too. I've had several posters names show up, the latest being cympreni and nynaeve. Now it says wild~hair again. It seems like posting doesn't work and I get a security error when someone else's name is showing up. When it's my own name, all works fine.

    I am on the website as well.
  • wild~hairwild~hair Posts: 9,890Registered Users
    This is happening to me too. I've had several posters names show up, the latest being cympreni and nynaeve. Now it says wild~hair again. It seems like posting doesn't work and I get a security error when someone else's name is showing up. When it's my own name, all works fine.

    I am on the website as well.

    ETA: One of the names that comes up for me is junipero and I saw someone reported them as a spammer. FWIW.
  • spring1onuspring1onu Posts: 16,528Registered Users
    It's not logging me in as anyone else, but it's being really buggy when I try to submit a reply on a thread. It's as if the page keeps trying to load and refreshing, sort of hard to explain.

    I'm on the site, not using the app.
    [SIGPIC][/SIGPIC]

    spring-smiley.gif?1292867680

    Byron,GA> Charleston, SC> Jacksonville, FL> Guilford, CT> Rohnert Park, CA! A southern drawl in sunny Cali! . :D
    The amount of time from slipping on the peel and landing on the pavement is exactly one bananosecond.
    I do have a secret yen for pink in unexpected places. ~ninja dog
    I've decided that I'll never get down to my original weight, and I'm OK with that--After all, 8 pounds 2 oz. is just not realistic.
  • *Marah**Marah* Posts: 8,032Registered Users
    I've been logged in as someone named Junipero (sp?) several times now.. for some reason the name seems familiar..but not a regular name I've seen before.

    This is Marah.
    tumblr_m9jonzYZmu1re7hjjo1_250.jpg
  • misspammisspam Posts: 5,318Registered Users
    I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.

    This is freaky!

    ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.
    [SIGPIC][/SIGPIC]
  • misspammisspam Posts: 5,318Registered Users
    Are you guys on the app or the site?


    Siri types my posts for me.

    I'm on the site.
    [SIGPIC][/SIGPIC]
  • spring1onuspring1onu Posts: 16,528Registered Users
    ACK! I just went to my PM box and it has me logged in as Devushka. Absolutely promise I closed it right away and didn't read anything. Hopefully they're just doing some type of site upgrades that has everything freaked out and it's nothing malicious.
    [SIGPIC][/SIGPIC]

    spring-smiley.gif?1292867680

    Byron,GA> Charleston, SC> Jacksonville, FL> Guilford, CT> Rohnert Park, CA! A southern drawl in sunny Cali! . :D
    The amount of time from slipping on the peel and landing on the pavement is exactly one bananosecond.
    I do have a secret yen for pink in unexpected places. ~ninja dog
    I've decided that I'll never get down to my original weight, and I'm OK with that--After all, 8 pounds 2 oz. is just not realistic.
  • misspammisspam Posts: 5,318Registered Users
    It says I'm Spring1onu again... :error:
    [SIGPIC][/SIGPIC]
  • AmberBrownAmberBrown Posts: 1,072Registered Users
    misspam wrote: »
    I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.

    This is freaky!

    ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.

    I appreciate that Misspam! I've been trying to empty my folders since I first noticed the issues but I can't! I've been a bunch of people too, respecting everyone's privacy.
  • misspammisspam Posts: 5,318Registered Users
    AmberBrown wrote: »
    misspam wrote: »
    I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.

    This is freaky!

    ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.

    I appreciate that Misspam! I've been trying to empty my folders since I first noticed the issues but I can't! I've been a bunch of people too, respecting everyone's privacy.

    No problem. I'm hopeful everyone will do the same. This is all pretty freaky. I guess I should go empty my folders as well...
    [SIGPIC][/SIGPIC]
  • SariaSaria Posts: 15,963Registered Users
    I haven't looked at anyone's PMs, so nobody has to worry about that. At this point I've deleted all of mine in case this is someone's malicious attempt to get information as I have a few posters' personal info.
    This is so strange!
    por-que-no-te-callas.jpg
  • wild~hairwild~hair Posts: 9,890Registered Users
    Well, I for one am reading everyone's PMs and having a laugh.





    j/k

    I don't see how reading anyone's PMs is even possible because whenever I clicked a link, I was someone else or back to myself again. Or the site wigged out and threw a security error at me.

    That's not to say a hacker couldn't be accessing them.

    Anyway, it seems to have calmed down now …
  • nes223nes223 Posts: 347Registered Users
    wild~hair wrote: »
    Well, I for one am reading everyone's PMs and having a laugh.





    j/k

    Haha made me laugh
    -nes
    3a/3b
  • GretchenGretchen Administrator Posts: 8,424Administrators, Moderators Administrator
    Thank you, Ladies. I believe Tech has fixed this problem. I'm so sorry for all the troubles.

    Gretchen
    NaturallyCurly.com co-founder
    3A

    You are beautiful!
  • GretchenGretchen Administrator Posts: 8,424Administrators, Moderators Administrator
    I have some more info for you. The NC Smart Guy says the strange things you were seeing were not a breach of security (although it might have looked that way).
    The company was using some very aggressing caching techniques that, for a very short time, were serving up some cached pages.

    So a page would be requested by, say, "Gretchen", because I was logged in.

    This page has "Welcome, Gretchen" as part of the html in the upper left hand corner. When this page was cached, a subsequent request (by another user) would simply not go to our server, but just return this cached page (html). Although it appeared as if you were logged in as someone else, in fact you were not. You could not actually gain access to this other person's information, it was simply cached html markup.

    It was a weird uh oh, and we're truly sorry for any concern caused.

    Please know that NaturallyCurly takes security very seriously and would never permit a true breach to occur.

    Thanks for helping us track this one down!

    Gretchen
    NaturallyCurly.com co-founder
    3A

    You are beautiful!
  • *Marah**Marah* Posts: 8,032Registered Users
    Gretchen just to let you know..private messages meant for others were indeed readable. I was reading one that I thought was for me..and realized I was TOTALLY in someone else's PM box. I looked at the inbox to be sure and indeed I was in someone else's PM box even though I had logged on as myself. I tried to log in again and it happened with another members box. I immediately sent a message to the administration here. Then I started posting and creating threads about the issue to alert the staff and members.

    Maybe that's not a big deal or anything but I just wanted to let you know so you could be aware of it.. But I am glad to hear the site wasn't hacked!
    tumblr_m9jonzYZmu1re7hjjo1_250.jpg
  • GretchenGretchen Administrator Posts: 8,424Administrators, Moderators Administrator
    Ugh. That's no good, Marah. I'll share that with the team. Were you looking at your inbox via the site? Or did you get an email w/ someone else's PM?

    Gretchen
    NaturallyCurly.com co-founder
    3A

    You are beautiful!
  • *Marah**Marah* Posts: 8,032Registered Users
    Gretchen wrote: »
    Ugh. That's no good, Marah. I'll share that with the team. Were you looking at your inbox via the site? Or did you get an email w/ someone else's PM?

    I was here on the website looking in what I thought was my own inbox on my laptop. I don't get emails from here.
    tumblr_m9jonzYZmu1re7hjjo1_250.jpg

Leave a Comment