Clubregistration Hacked?
#1
Clubregistration Hacked?
Hmph.
I just got spammed "Re: Salary [$900 /week]" at an email address that I've ONLY ever used to register for events on Club Registration.
Anyone here have any sort of official capacity with them?
I just got spammed "Re: Salary [$900 /week]" at an email address that I've ONLY ever used to register for events on Club Registration.
Anyone here have any sort of official capacity with them?
#3
WTF?? I drive a cheaper car and suddenly they think they can win me over with less money??
I'm being oppressed!!
I'm being oppressed!!
#4
Drifting
Apparently my car is so lame -- I'm not even spam worthy :-)
M
M
#6
Ah the joys of running a website. We've just become aware of this issue. Rest assured that we do NOT have access to any of your financial information nor is any of it stored on our servers. Now I'm off to figure out how to patch that hole so it doesn't happen again. If you have any questions, you can contact me directly at 512-431-3143.
Chris Alvarado
ClubRegistration.net
Chris Alvarado
ClubRegistration.net
#7
Happy to hear that Chris. I was wondering about it but didn't really want to bring it up in public.
Trending Topics
#8
Dragging this back from the dead.
I never received any official notification about this hack but recently I started getting emails to this address that also included my password.
I ignored them at first figuring they were just more generic phishing spam but today checked, and lo and behold, it actually WAS my clubregistration password.
I've gone and changed it and thankfully don't use the same passwords everywhere, but if your database was stolen and you're storing passwords in plain text and that's out in the wild, your users really deserve to know about it!
I never received any official notification about this hack but recently I started getting emails to this address that also included my password.
I ignored them at first figuring they were just more generic phishing spam but today checked, and lo and behold, it actually WAS my clubregistration password.
I've gone and changed it and thankfully don't use the same passwords everywhere, but if your database was stolen and you're storing passwords in plain text and that's out in the wild, your users really deserve to know about it!
#10
Wild Weasel and Sean,
First to answer your question. Yes, the passwords are encrypted. We believe this to be a small incident. That is why a large scale broadcast message was not sent out. That said we will be recommending that our users change their passwords. As for what can be stolen from ClubReg rest assured it isn't much. We do not store, nor have access to any of your financial data. Event payments are handled 100% through our merchant account and not us. If you have any questions you are welcome to contact me directly at 512-431-3143.
Thanks,
Chris Alvarado
ClubRegistration.net, CEO
512-431-3143
First to answer your question. Yes, the passwords are encrypted. We believe this to be a small incident. That is why a large scale broadcast message was not sent out. That said we will be recommending that our users change their passwords. As for what can be stolen from ClubReg rest assured it isn't much. We do not store, nor have access to any of your financial data. Event payments are handled 100% through our merchant account and not us. If you have any questions you are welcome to contact me directly at 512-431-3143.
Thanks,
Chris Alvarado
ClubRegistration.net, CEO
512-431-3143
#11
If they’re encrypted, do you know how they gained access to them?
Do they have your private keys too?
Do they have your private keys too?
#13
Rennlist Member
Join Date: Jan 2016
Location: On a pygmy pony over by the dental floss bush
Posts: 3,309
Received 618 Likes
on
422 Posts
If everything was encrypted like email addresses, how could a hacker obtain it? I am really sick of websites leaving themselves open to hacking like this. Why isn't everything encrypted?
#14
NASA Racer
Rennlist Member
Rennlist Member
putting aside financial data, you do store address and phone number - correct? So if they have passwords, i'm guessing they have that info as well.
#15
Rennlist Member
My wife (also a PCA member) and I reported this to the national office 3-4 weeks ago, and she identified the spam as coming from the club registration site. She asked that someone get back to her (never happened), and that a notice should be sent out to ALL people potentially affected by this hacking. Further, she strongly suggested that this be done ASAP. Last night, I received a similar message to hers, so clearly, in the interim 3-4 weeks, nothing has been done. Needless-to-say, she was less than amused and called PCA headquarters again today.
She was able to directly identify the password (in our case) as being unique to the club registration site, just in case anyone is wondering. The new hack is trying to extort money from members so it won't be published that they are looking at **** sites. In many cases, we are sure that this is not the case, as they claim to have noted on the supposedly hacked computers.
She was able to directly identify the password (in our case) as being unique to the club registration site, just in case anyone is wondering. The new hack is trying to extort money from members so it won't be published that they are looking at **** sites. In many cases, we are sure that this is not the case, as they claim to have noted on the supposedly hacked computers.