USPSA.org passwords leaked

[bsdubois00]

Nevermind - its still there

 

[drmitchgibson]

It's gone now

 

[poopgiggle]

From the announcement here:

We made a decision “way back when” to store the passwords in plain text

so we could send a password reminder, upon member request, to the email

address on file for a member. This was [deemed] a reasonable decision

because the passwords did not protect any highly confidential data or

financial data (home addresses and phone numbers are not stored on the

server).

We made another decision “way back when” to do our credit card

processing on a separate system using a vendor that specializes in

commercially secure on-line commerce. Credit card numbers are NOT

stored on the USPSA server, and the passwords that were recently

disclosed do NOT give access to any credit card information.”

In case you were curious, this is really, really dumb.

 

[foghorn918]

I can't get my password reset, never get the email after the reset request even though the system message says it is sending. I've emailed them several times. Been trying for days. No response from anyone in the organization.

 

[racnsoonr]

Check spam folder Steve. .that's where mine was landing

 

[drmitchgibson]

They're still working on it. I logged in with my PIN a few days ago and it worked, but I probably won't do it again until they give the "all clear". I'm not that close to A class yet, and outside of classifier scores and major match results there's nothing I'm interested in on USPSA.org.

 

[Vanniek71]

I was able to reset mine tonight. Check spam folder it was in there, even though all other USPSA emails never go to spam...

 

[drmitchgibson]

The only effect I experienced from this issue is someone tried to access my Linked-In account, and failed.

 

[dennishoddy]

Password changed, no issues.

The only account I didn't have on Last Pass app.

 

[ryanncass]

The only effect I experienced from this issue is someone tried to access my Linked-In account, and failed.

Someone tried my LinkedIn as well but it was a different password so they did not get to far. USPSA was the only place i used that password.

 

[poopgiggle]

I hope I'm never grown up enough that I actually care if my LinkedIn is compromised.

It's bad enough that I have one.

 

[drmitchgibson]

I wouldn't ever have found out if they hadn't emailed me.

 

[Tech]

Just had eBay call me at 00:23. Yep, account hacked. These hacker ****s should be hung by their nads till dead!