USPSA passwords database has been hacked

[Shadyscott999]

This makes things interesting...

[ZackJones]

If only that big IT upgrade project had gotten started. You know the one that Kim wrote about back in February. Not saying it would have prevented it but it might have.

[shootingchef]

F.A.!

[Chuck Anderson]

I wouldn't guarantee that your information isn't compromised just because it isn't on the list the hacker chose to make public. Not sure why it would be limited to 15K instead of everything. Safe bet is to change the password on any sites you use the same password for.

[DWFAN]

Just got a Downrange email with notification in it about the hack.

[dave.w223]

If found, will USPSA allow us to use the hackers for movers instead of the standard metric target?

[Trent1k1]

Site is backup and i was not prompted to change my password. In fact, I didnt even have to login since the session or cookies still existed in my browser.

[MarkCO]

Site is backup and i was not prompted to change my password. In fact, I didnt even have to login since the session or cookies still existed in my browser.

Does not look like it is fixed to me. I am not entering a new PW until they can show it is fixed. All my settings for notification were changed, when I changed them back I get this.

Unknown column 'password' in 'field list'

[BritinUSA]

Site is backup and i was not prompted to change my password. In fact, I didnt even have to login since the session or cookies still existed in my browser.

NOTICE: All passwords have been reset as of 11/26/2014. If you have not set a new password please click Reset Password below.

[Iceman2733]

This is beyond sad as someone with an IT background such an attack should not have taken place. Whether your email is on there tonight passwords need to be changed. I agree there is no way they stopped there, this is what they wanted people to see. What there intent was with this we dont know yet, theft does seem to be one of them.

As for not requesting a new password it did request a password reset. Try clearing cookies and reopening browser.

[BritinUSA]

I tried the Reset Password but it did not send me an email with the link to reset.

[MarkCO]

This is beyond sad as someone with an IT background such an attack should not have taken place. Whether your email is on there tonight passwords need to be changed. I agree there is no way they stopped there, this is what they wanted people to see. What there intent was with this we dont know yet, theft does seem to be one of them.

As for not requesting a new password it did request a password reset. Try clearing cookies and reopening browser.

I did, and it still let me login with the old password and did not request a reset. I logged in and out a few times, then it finally asked for a password reset, but I have not gotten the link yet.

[Vlad]

Conspiracy theories are not required, btw. People hack easily compromised sites to obtain email and password combinations which then they can try against paypal, credit card and bank websites, etc.

I very much doubt is the the Bloomberg army after USPSA as I've already heard suggested today.

[Nealio]

Conspiracy theories are not required, btw. People hack easily compromised sites to obtain email and password combinations which then they can try against paypal, credit card and bank websites, etc.

And its not that hard to NOT be an "easily compromised site".

sad..

[Stan-O]

What could someone get from USPSA.?

The e-mail/password combinations that can be tried at other sites -- like eBay, PayPal, personal finance, cloud storage. Basically anything which can either get hackers the actual financial information to steal from you or access to documents with such information. Or the naughty pics from your cloud storage if you're a celebrity.

The database was compromised over a year ago when the Executive Director allowed third parties to access the info without a privacy agreement.

While I agree both cases are equally bad, one thing is hackers gaining access to the membership database (compromised data) and another thing granting permission to the third parties for access (lack of data handling regulations).

[Steve RA]

I also tried the Password Reset, no E-Mail as of yet (roughly 6 hours).

[yoshidaex]

Did you check your spam folder?

[NewColonial]

The password reset email was blocked by a spamhaus blacklist. Try adding uspsa.org as a trusted sender if you can.

[RadarTech]

CMD=SELECT email, password, local_match_results, major_match_results, uspsa_alerts, ipsc_alias, ipsc_alias_private, prematch_press FROM pin_pw WHERE person_number="70113"

Unknown column 'password' in 'field list'

I got this message when I changed my password..

[NewColonial]

I got that error earlier too. Just add dumping database fields to the growing list of poor security practices at USPSA.

[alma]

I tried the Reset Password but it did not send me an email with the link to reset.

Check your junk mail. I found my password reset email in gmail Spam.

[Bkreutz]

I use a unique password for the USPSA site. Personally I think it would be stupid to use the same password on multiple sites. The way I see it, if someone has gotten my USPSA password, the worst they can do is post on the USPSA forum as me. (or horror of horrors, look at my classifications). The security breach doesn't affect any of my financial accounts.

[BritinUSA]

I tried the Reset Password but it did not send me an email with the link to reset.

Check your junk mail. I found my password reset email in gmail Spam.

There's nothing in my Junk mail at all.

[Adam B]

The level of incompetence currently at uspsa is astounding. Between this and the $144k in question will be why I am canceling my membership.

[ktm300]

The level of incompetence currently at uspsa is astounding. Between this and the $144k in question will be why I am canceling my membership.

The level of incompetence is created by members that don't bother to vote, don't bother to run for office, etc. The membership is directly responsible for what USPSA does, we vote the people into office, they hire the staff.

This is not IDPA where you have a dictatorship. I like the game enough to try and make it better. Then again I never was someone that just gives up.