General Chat

Just received this email - has any one else had it and is it genuine (I ask because my credit card was skimmed last week :()

Dear Mrs (my full name),
Please change your password

A breach of security has recently occurred on BRS Genealogy / Roots Ireland which hosts the IFHF site (www.rootsireland.ie), in response to which all necessary defensive measures have been taken. In the breach part of the database which includes our member’s usernames, email addresses and passwords was accessed. This triggered a series of steps that has resulted in us sending you this warning email.

No data relating to your online payment transactions (credit or debit card details) was on these servers. Please be assured that we do NOT store credit card details or any payment details. Nothing of that nature is held on our site and as a result such data is not at risk. All payments are handled by a secure payment gateway Realex (http://www.realex.ie/).

What you need to do:

* We strongly recommend that all users take steps to change their passwords.
Click here for more information on how to change your password.
* You will be required to change your password at your next login, (unless you have recently done so).
* We recommend that users choose a non-dictionary word that is hard to guess containing both upper and lower case letters and numerals, and use different passwords for different websites.
* We also recommend that if you use the same email and password on other sites that you change your password on those sites also.

Since the breach a full review of security has taken place. Further security measures have been implemented to minimise the risk of such a breach happening again.

We apologise for this inconvenience.

Irish Family History Foundation, Main St. Newbridge, Co. Kildare., Email: [email protected]

I have had one of these too, and wondered if it is genuine.

I don't recall having a password with them. I have never paid anything to them, so I will ignore the email (for now).

It is genuine :( Thats how they managed to change my password on my credit card then :( They used my personal details to re set it.

http://news.bbc.co.uk/1/hi/northern_ireland/8473824.stm

I didnt have a password as far as I knew but Ive been to the forum and it has all my details, name, address and email address on there - Grrrr.

I have had one when i logged in to them i was told my old pass word was invalid .and had to make a new one. i dont think this is a scam.

No, its genuine and much to my disgust as on the BBC Ireland site it happened 2 weeks ago - my credit card was accessed by someone using my personal details to change the password - I can see know how they did it.

Would urge everyone to check your credit card accounts.

I just had an email too, cant remember ever putting password in, just went on the site and cant find anywhere that shows my details, ie log in etc. or my account. Have definitely never spent any money with them, not sure whether to ignore it or not. They havent got my card details.

If you make up a password, like I did - you can then open your account on there and it had all my personal details on there- stuff I must have used just to do a trial search of their records !!!

Thats what crooks use to change details on your accounts anywhere on line.

I sent an email to the Irish family forum yesterday asking them to remove all my personal details from their site. They sent me a mail today saying they dont hold credit card details so there is no need to worry. ERM, someone can use your personal information to do whatever they want, like apply for mortgages, loans, change your passwords on any of your sites, basically identity theft and they dont seem to realise this or be worried at all. IF they had sent those mails out 2 weeks ago when it actually happened I bet Id not had my credit card skimmed.

Whoever stole those thousands of names, addresses and personal details are sitting there now working out what to do with them

BBC NEWS:


Internet forum database 'hacked'
Boards.ie screengrab
Boards.ie has gone offline as a result of the attack

Irish internet forum Boards.ie has reported an attack on its user database which could affect thousands of users.

In a statement it confirmed that "an unauthorised source" from outside Ireland accessed its database server.

It urged members who use the same username/email and password on other sites to change passwords.

"Part of the database which includes our members' usernames, email addresses and obfuscated passwords was accessed," Boards.ie said on its homepage.

The site started life as a forum for the computer game Quake in 1998 and has more than 500 forums on a range of topics.

According to the most recent ABC internet traffic statistics in November, Boards.ie had more than 20m page views, averaging more than 1.1m page views a day.

Tom Murphy, co-founder of Boards.ie said, in a statement, that like all large sites they were "regularly the target for disruption and take continual actions to proactively protect data".

He said that the attack "was completely unprecedented despite our rigorous security measures and while we have no idea if this data will be used for any malicious reasons, we felt it vital to tell you this immediately".

Boards.ie says it is changing all user passwords and has notified Irish police, the Data Protection Commissioner Billy Hawkes and an independent security consultant.

Mr Hawkes said the attack should be taken as a warning to internet users to create different passwords for different websites.

He said his office would be investigating the security breach but he praised the company for pulling the website immediately and alerting its members.

I had the email as well, but had forgotten my password anyway.
Had to create a new one so I could check what information they held.
Have now had email confirming that my account has been removed from database as requested.

Thank you for your post Heather, as the original email was in my junk and I had forgotten ever opening an account, so without this post would probably have deleted email and thought nothing more about it.

This is it, I cant even remember signing up to the forum, but obviously I must have years ago. I do hope people arent ignoring it as one of the usual scams as they could have their identity stolen.

Keep an eye on your credit/bank statements as these people have got thousands and thousands of names, addresses, phone numbers and email addresses - all they need to steal your identity.

Phew, my bank is on the ball!
I had a letter today from their special investigations team, and thought it was to do with all the details stolen from Irish Family Forum.
Turned out it was just that this week I topped up my phone online instead of when doing weekly shop!
Good to know they are looking out for unusual transactions and acting so fast.

Thanks for the warning,Heather.

I have bought details from the brs site,but at present I have used up all my credit on there.I live in Australia and found what I thought was a dodgy transaction which I hadn't made on my last credit card statement.It appeared to originate in the UK,and as I haven't been over there for at least 7 or 8 months, I was suspicious. I queried it with the bank-it was a very small amount-$5.56 ,to be exact- I got a letter from the bank the other day saying that the amount of my "disputed transaction" had been credited to my account,so I was right,it was dodgy!

It just goes to show-certain "safe" and "secure" sites are not that at all!

I will change my password on that site.I didn't realise that my dodgy
transaction was from my details leaked from there.

Thank you,Heather,for passing that on.

Margot.

regarding your bank being on the ball Lyndi, I think most banks and CC companies now have an automatic alert for phone top ups on line or by phone as that is what these people do to check the account they have stolen is active. We had a phone call the other day, immediately we topped up.

One of the girls over on another site that I posted this has just checked her credit card statement and found a small amount lifted too. I would encourage everyone to check it out. As I said, I couldnt even remember going on that site - it must have been yonks ago and all my private details had been stored on there :(

The crooks often take a small amount first to check the account is still alive.

Heather but don't they have to have access to your card details before they can access it to change the password. Or are you saying they are opening a new account. If they don't have access to your card details do they do a random search to see what card you hold? I am a bit confused as to how they can do this. Might your card not have been accessed somewhere else? I think that is what I am getting at.

nudge for H

I recieved an e-mail today , i have changed my password
although i dont ever remember having a password with them ..but i must have for them to send me the e-mail but i have never used my card on the site, the only site that i have used my card is the GRO and Ancestry i have just changed my password on there as well .
but thank you Heather for putting this thread up, because to be honest i wouldn't of known whether to change my password or not, there seems to be so much scamming going on you dont know whether it real or false .
Hazelx

I dont know how they got it. The security bloke said they can get details from mates working at a call centre or company. The big sickener was that I had put extra security on in the form of Visa Verify. So when you actually buy something on the net you then have a further box come up before they verify the purchase. On that box you have to enter another password, different to your card. These people had changed that password. To change it you click that you have forgotten the details then you are asked questions like what is your date of birth, your post code, your phone number. To change it they had to know those details.(which are on the irish site data base)

I v'e just had a look on the Irish site and yes they do have my name and address but i have not bought any credits as of yet so they wont have my card details .. thank goodness ..
Hazelx
Deleted post below as posted twice ..

One more reason to never ever ever put personal info on the internet when you don't have to.

I got the email -- addressed to Ms. Janey C.

(Actually I had used my real first name and real surname initial -- but NOT my full real surname.)

The email came to an account that is also not in my real/full name.

There is no reason to put one's true personal details on any site like that one, or this one.

The one thing I do that isn't too clever is use the same password for different sites. The one I had there was the one I have at other similar sites (it ain't anymore!).

So if I *had* put my real/full name there, let alone other details like my address or an email account giving my real name (and often disclosing a general location), someone who had got my password there might have been able to access other places where I am registered on line and got more info.

I think they'd first have to figure out where else I'm registered on line. ;)

So as long as my real personal details aren't on record at places like that, I feel quite safe.

Putting one's real/full name at places like Facebook or FriendsReunited ... or here .......... the idea and the possibilities horrify me!