NC Under Attack

*Marah**Marah* Registered Users Posts: 8,032 Curl Neophyte
Something is SERIOUSLY wrong about the website's security. It keeps logging me in as other people as well as making people's private messages available to me... I emailed the administrator.. I have no clue if that went thru.
tumblr_m9jonzYZmu1re7hjjo1_250.jpg

Comments

  • ninja dogninja dog Registered Users Posts: 23,780 Curl Neophyte
    *Marah* wrote: »
    Something is SERIOUSLY wrong about the website's security. It keeps logging me in as other people as well as making people's private messages available to me... I emailed the administrator.. I have no clue if that went thru.

    It just logged me in as you.^
  • CurlyElectraCurlyElectra Registered Users Posts: 1,145 Curl Neophyte
    Just happened to me too. I tried to provide feedback to the admin but it kept logging me in as someone else.
  • FieryCurlsFieryCurls Registered Users Posts: 2,904
    Yeah. Something is going on. I have thus far been logged in as Wile, CaptainAwesome, and Spring1onu.
    2qhtm5.png

    WNckm6.png
  • cymprenicympreni Registered Users Posts: 9,609 Curl Neophyte
    I've been TNB and someone else so far. I'm also getting random messages of invald security tolkens as well. I'm not really doing anything just hitting refresh or trying to open a thread. And for a while I was signed out, and no matter how many times i hit sign in nothing happened.
  • nynaeve77nynaeve77 Dallas/Ft. Worth MetroplexRegistered Users Posts: 7,135 Curl Novice
    I showed up logged in as cympreni, but now I'm myself. Weird.
    "Maybe Lucy's right. Of all the Charlie Browns in the world, you're the Charlie Browniest."--Linus, A Charlie Brown Christmas


    My fotki: http://public.fotki.com/nynaeve77/
    Password: orphanannie
  • redcelticcurlsredcelticcurls PittsburghRegistered Users Posts: 17,502 Curl Neophyte
    Are you guys on the app or the site?


    Siri types my posts for me.
    Kiva! Microfinance works.

    Med/Coarse, porous curly.
  • FieryCurlsFieryCurls Registered Users Posts: 2,904
    RCC, I'm on the site.
    2qhtm5.png

    WNckm6.png
  • nynaeve77nynaeve77 Dallas/Ft. Worth MetroplexRegistered Users Posts: 7,135 Curl Novice
    Yeah, I've been logged in as cympreni, Amneris, MoppyT, and Junipero.

    (this is nynaeve77, just in case this goes through as yet another poster)
    "Maybe Lucy's right. Of all the Charlie Browns in the world, you're the Charlie Browniest."--Linus, A Charlie Brown Christmas


    My fotki: http://public.fotki.com/nynaeve77/
    Password: orphanannie
  • wild~hairwild~hair Registered Users Posts: 9,890 Curl Neophyte
    This is happening to me too. I've had several posters names show up, the latest being cympreni and nynaeve. Now it says wild~hair again. It seems like posting doesn't work and I get a security error when someone else's name is showing up. When it's my own name, all works fine.

    I am on the website as well.
  • wild~hairwild~hair Registered Users Posts: 9,890 Curl Neophyte
    This is happening to me too. I've had several posters names show up, the latest being cympreni and nynaeve. Now it says wild~hair again. It seems like posting doesn't work and I get a security error when someone else's name is showing up. When it's my own name, all works fine.

    I am on the website as well.

    ETA: One of the names that comes up for me is junipero and I saw someone reported them as a spammer. FWIW.
  • spring1onuspring1onu Registered Users Posts: 16,528 Curl Connoisseur
    It's not logging me in as anyone else, but it's being really buggy when I try to submit a reply on a thread. It's as if the page keeps trying to load and refreshing, sort of hard to explain.

    I'm on the site, not using the app.
    [SIGPIC][/SIGPIC]

    spring-smiley.gif?1292867680

    Byron,GA> Charleston, SC> Jacksonville, FL> Guilford, CT> Rohnert Park, CA! A southern drawl in sunny Cali! . :D
    The amount of time from slipping on the peel and landing on the pavement is exactly one bananosecond.
    I do have a secret yen for pink in unexpected places. ~ninja dog
    I've decided that I'll never get down to my original weight, and I'm OK with that--After all, 8 pounds 2 oz. is just not realistic.
  • *Marah**Marah* Registered Users Posts: 8,032 Curl Neophyte
    I've been logged in as someone named Junipero (sp?) several times now.. for some reason the name seems familiar..but not a regular name I've seen before.

    This is Marah.
    tumblr_m9jonzYZmu1re7hjjo1_250.jpg
  • misspammisspam Registered Users Posts: 5,318
    I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.

    This is freaky!

    ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.
    [SIGPIC][/SIGPIC]
  • misspammisspam Registered Users Posts: 5,318
    Are you guys on the app or the site?


    Siri types my posts for me.

    I'm on the site.
    [SIGPIC][/SIGPIC]
  • spring1onuspring1onu Registered Users Posts: 16,528 Curl Connoisseur
    ACK! I just went to my PM box and it has me logged in as Devushka. Absolutely promise I closed it right away and didn't read anything. Hopefully they're just doing some type of site upgrades that has everything freaked out and it's nothing malicious.
    [SIGPIC][/SIGPIC]

    spring-smiley.gif?1292867680

    Byron,GA> Charleston, SC> Jacksonville, FL> Guilford, CT> Rohnert Park, CA! A southern drawl in sunny Cali! . :D
    The amount of time from slipping on the peel and landing on the pavement is exactly one bananosecond.
    I do have a secret yen for pink in unexpected places. ~ninja dog
    I've decided that I'll never get down to my original weight, and I'm OK with that--After all, 8 pounds 2 oz. is just not realistic.
  • misspammisspam Registered Users Posts: 5,318
    It says I'm Spring1onu again... :error:
    [SIGPIC][/SIGPIC]
  • AmberBrownAmberBrown Registered Users Posts: 1,072
    misspam wrote: »
    I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.

    This is freaky!

    ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.

    I appreciate that Misspam! I've been trying to empty my folders since I first noticed the issues but I can't! I've been a bunch of people too, respecting everyone's privacy.
  • misspammisspam Registered Users Posts: 5,318
    AmberBrown wrote: »
    misspam wrote: »
    I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.

    This is freaky!

    ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.

    I appreciate that Misspam! I've been trying to empty my folders since I first noticed the issues but I can't! I've been a bunch of people too, respecting everyone's privacy.

    No problem. I'm hopeful everyone will do the same. This is all pretty freaky. I guess I should go empty my folders as well...
    [SIGPIC][/SIGPIC]
  • SariaSaria New YorkRegistered Users Posts: 15,963
    I haven't looked at anyone's PMs, so nobody has to worry about that. At this point I've deleted all of mine in case this is someone's malicious attempt to get information as I have a few posters' personal info.
    This is so strange!
    por-que-no-te-callas.jpg
  • wild~hairwild~hair Registered Users Posts: 9,890 Curl Neophyte
    Well, I for one am reading everyone's PMs and having a laugh.





    j/k

    I don't see how reading anyone's PMs is even possible because whenever I clicked a link, I was someone else or back to myself again. Or the site wigged out and threw a security error at me.

    That's not to say a hacker couldn't be accessing them.

    Anyway, it seems to have calmed down now …
  • nes223nes223 CaliforniaRegistered Users Posts: 347
    wild~hair wrote: »
    Well, I for one am reading everyone's PMs and having a laugh.





    j/k
    …

    Haha made me laugh
    -nes
    3a/3b
  • GretchenGretchen Administrator Moderators Posts: 10,840 Curl Virtuoso
    Thank you, Ladies. I believe Tech has fixed this problem. I'm so sorry for all the troubles.

    Gretchen
    NaturallyCurly.com co-founder
    3A

    You are beautiful!
  • GretchenGretchen Administrator Moderators Posts: 10,840 Curl Virtuoso
    I have some more info for you. The NC Smart Guy says the strange things you were seeing were not a breach of security (although it might have looked that way).
    The company was using some very aggressing caching techniques that, for a very short time, were serving up some cached pages.

    So a page would be requested by, say, "Gretchen", because I was logged in.

    This page has "Welcome, Gretchen" as part of the html in the upper left hand corner. When this page was cached, a subsequent request (by another user) would simply not go to our server, but just return this cached page (html). Although it appeared as if you were logged in as someone else, in fact you were not. You could not actually gain access to this other person's information, it was simply cached html markup.

    It was a weird uh oh, and we're truly sorry for any concern caused.

    Please know that NaturallyCurly takes security very seriously and would never permit a true breach to occur.

    Thanks for helping us track this one down!

    Gretchen
    NaturallyCurly.com co-founder
    3A

    You are beautiful!
  • *Marah**Marah* Registered Users Posts: 8,032 Curl Neophyte
    Gretchen just to let you know..private messages meant for others were indeed readable. I was reading one that I thought was for me..and realized I was TOTALLY in someone else's PM box. I looked at the inbox to be sure and indeed I was in someone else's PM box even though I had logged on as myself. I tried to log in again and it happened with another members box. I immediately sent a message to the administration here. Then I started posting and creating threads about the issue to alert the staff and members.

    Maybe that's not a big deal or anything but I just wanted to let you know so you could be aware of it.. But I am glad to hear the site wasn't hacked!
    tumblr_m9jonzYZmu1re7hjjo1_250.jpg
  • GretchenGretchen Administrator Moderators Posts: 10,840 Curl Virtuoso
    Ugh. That's no good, Marah. I'll share that with the team. Were you looking at your inbox via the site? Or did you get an email w/ someone else's PM?

    Gretchen
    NaturallyCurly.com co-founder
    3A

    You are beautiful!
  • *Marah**Marah* Registered Users Posts: 8,032 Curl Neophyte
    Gretchen wrote: »
    Ugh. That's no good, Marah. I'll share that with the team. Were you looking at your inbox via the site? Or did you get an email w/ someone else's PM?

    I was here on the website looking in what I thought was my own inbox on my laptop. I don't get emails from here.
    tumblr_m9jonzYZmu1re7hjjo1_250.jpg

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file