Winamp Forums hacked – Winamp Forums Security Breach FAQ
If you ever use Winamp and have ever registered for their forums then you should consider changing your password for that site, if you use that password elsewhere then change them there as well:
http://forums.winamp.com/showthread.php?p=2747002
They were recently hacked and now your details may have been exposed.
Winamp Management Team — On February 11, we discovered that the Winamp Forums (forums.winamp.com) servers were compromised, resulting in a security breach where Winamp Forums users’ email addresses and passwords may have been compromised.
We understand how important trust is, and we’re deeply sorry for and embarrassed about this breach of security. We immediately closed the exploit that led to this compromise and we’re working around the clock to ensure our security moving forward. We’re also committed to communicating openly with you to make sure you understand what has happened, how it may or may not affect you, and what we’ve done to fix things. If you are a registered Winamp Forums user, you should have received an email from us notifying you that your account may have been compromised.
We have confirmed that this attack was isolated to the Winamp Forum (forums.winamp.com) site only. Other Winamp sites and products such as Winamp.com, dev.winamp.com and the Winamp Desktop Media player were not affected in any way.
We have prepared the following FAQ for questions you may have about this incident. If you have additional questions please feel free to contact us at support@winamp.com.
1) How do I know if my password was hacked?
If you’ve registered an account on the Winamp Forums (forums.winamp.com), then it’s best to assume that your username and password were included among the compromised data.
Passwords in our database are encrypted (i.e., not stored in plain text), but they may still be vulnerable to hackers. You should immediately change the password on your account, and if you used that password on any other web site, you should change your passwords on all of those accounts as well.
2) What data was exposed in this breach?
We have confirmed that your email address was exposed as a result of this attack. We have not confirmed but must assume that other Winamp forums user account detail, including your forums username, date of birth, time zone preference and password hash (not your clear text password).
3) Should I be concerned about my other online accounts? What if I used that password on other sites?
If you used your Winamp Forums (forums.winamp.com) password on any other web sites, you should change the password on those sites as well, particularly if you used the same username or email with that site. To be safe, however, you should change the password on those accounts whether or not you were using the same username. We’ve put together a guide to help you audit and change your passwords.
4) How can I delete my account?
We understand how important trust is on the web, and some of you may wish to delete your Winamp Forums account. To delete your account make sure that you are logged into the Winamp Forums and follow these simple instructions:
Scroll down to the bottom of the forum home page and click on ‘View Forum Leaders’. Scroll down to the Root section to see the list of Administrators. Send your deletion request to DJ Egg or DrO using the contact link to the right of the administrator’s name. The Administrator will delete your account upon receiving the private request message.
5) How do I change my password?
You can change your password in your “User Control Panel” settings. Log in to your account, click the “User Control Panel” in the Forum Nav, then click “Edit Email & Password” under “Settings & Options” Enter your old password and your new password, re-enter to confirm new password and click “Save Changes.” Your password will be updated. You can also change the email associated to your Winamp Forums account on the same screen.
6) What if I forgot my Winamp Forums password?
On the Login screen attempt to log in once, after you fail one login you will see “Forgot your password? Click here!”. Enter the email associated to your account and text/numbers in the image verification box (aka Captcha). You will be sent an email at that address that will reset your password. Follow the link you will be taken back to Winamp Forums and another email will be sent to the same account. Use that username and temporary password to login. You can reset your password now by going to the User Control Panel. See instructions in #5 above.
7) Who was responsible for the security breach? How did it happen?
Our security team was able to identify and block access to the application flaw which resulted in this breach. The application was patched and new security measures have been deployed to keep this type of breach from happening in the future.
How are you notifying those whose details were compromised?
We are in the process of notifying all users with a registered account for the Winamp Forums via email. Please feel free to forward these FAQs to anyone you know who uses Winamp Forums. We can also be reached at support@winamp.com
9) What are you doing to ensure this doesn’t happen in the future?
The security team has introduced new web application protections and monitoring processes to detect abusive activity.
10) What should I do now?
You should change your password as soon as possible, both on the Winamp Forums and on any other site where you use that password.
11) When did you discover the breach had occurred?
We discovered the breach on Feb. 11. We actively monitor Winamp Forums and all Winamp products via a rigid security plan and software that alerts us whenever there are attempts to breach that security. Those processes alerted us of this breach and we reacted within 24 hours and shut down the exploit.
12) I received an email from “Winamp” on February 15, was that from you?
Yes, we sent an email on February 15 to all Winamp Forums users informing them of this breach and asking them to reset their passwords for the Winamp Forums and any accounts where they use the same email and/or password. The subject was “Winamp Forums Security Notification” and the body of that email was as follows:
Hello,
My name is Geno Yoham and I am the General Manager of Winamp. First, thank you for your support of Winamp. The Winamp Team is dedicated to providing you with the best possible media player experience so it gives us great pain to share that we have recently experienced a security breach of our user forums database.We have confirmed that your email address was exposed as a result of this attack. We have not proven but must assume that other Winamp Forums user account detail which includes your forums username, date of birth, time zone preference and encrypted password (not your clear text or unencrypted password) was exposed. We have secured our Winamp Forums application and we would like to notify you of the incident and ask you to immediately change your password as a precautionary measure. If you have used your Winamp forums password across other web sites, please change the password on those web sites as well.
We apologize for any inconvenience this has caused and want to assure you that we are taking every possible step to ensure that your data and personal information remains secure as a part of our ongoing commitment to protecting your privacy.
If you have any questions or would like to speak to someone at Winamp for more information about your account, please contact:support@winamp.com. We have also set up an FAQ at forums.winamp.com for questions you may have related to this incident.
Best,
Geno Yoham
Winamp13) What can I do if I’m receiving spam because my email was leaked?
You can take steps on your own to wipe out spam from your inbox, but you’ve also got legal recourse.
The CAN-SPAM Act of 2003 allows for private right of actions against spammers. If you receive any spam in your inbox that you believe is related to your leaked email address, please report it to the Federal Trade Commission. Send a copy of unwanted or deceptive messages tospam@uce.gov. The FTC uses the unsolicited emails stored in this database to pursue law enforcement actions against people who send deceptive spam email. For additional information, please visit the FTC’s website. Note, you should not respond to a spam email. By doing so, you confirm that your email account is active, and you’ll likely be flooded with more spam.
How To Turn Off Emails From Facebook Groups.
I was asked by various Facebook friends, and people within the new Facebook groups (updated version of groups) how to turn off their automated e-mails letting them know of every post and update made. Rather than repeating myself I thought I would knock up a quick tutorial, here it is. 
Where Is Our Robin Hood?
In today’s society its all about control and dictatorship, it doesn’t matter if you think we live in a free society or not, the fact of the matter is that we are controlled by the rules and walls that govern us and no matter who we vote into power things don’t really change, perhaps someone we don’t see is really pulling the strings. 
The poor get poorer and the rich….. well you know the rest!
Money dictates how we live our life, what we do and how we survive. It restricts us and in a way it can define us with relation to how giving we can be towards Nobel causes.
So where is our Robin Hood to stave off excessive fuel prices in the petrol stations, or take on the giants that withhold electric and gas unless we pay extortionate prices. What about food and the cost of living, in an ever increasingly difficult world. We are by no means suffering in comparison to what some people have to endure in this world, in fact compared to third world countries we, ourselves would be considered rich, so are we greedy for wanting more?
No, I don’t think we are, its not greed to want a better life for you or your family and lets face it money, the controller, the dictator is what limits us in our ability to evolve as human beings. But this thing we call money which the government and powers that be use to control us, they are numbers, they mean nothing really, only we place value on those numbers because society conditions us to. When a company makes millions every day how does that change anything, it only adds a few more numbers to a balance sheet, or a computer program running a bank. Its not like the old days where you would barter with live stock because you needed something which someone else had.
Our need for money holds us back, it controls the lifestyle we live.
However, the fact is that this is how our society has evolved unless we all made it change then nothing ever will. Nothing can change because humanity is selfish, if you owned a business you wouldn’t give your things away, and if you didn’t need to work because food, water, electric etc was readily available and free, then chances are most people would simply do nothing but then again that is what a fair few draining the countries fictional numbers (money) do. As a world we need to evolve beyond selfish greed to control and dominate.
I digress a little……
If we are to live by numbers, we are to pay by numbers and die by numbers, then there are things we can do to regain a little power. Stop using some of the bigger players or related companies until their prices come down, if they are not making money then they have no choice but to become more competitive. Imagine if we stopped using a whole chain of companies of companies like BP, if they are not selling their petrol they will go under and so we take control in refusing to hand over our hard earned numbers (money) until it becomes more affordable. The same could be done for large supermarkets, stop using them and revert back to the local traders, the market traders, the people who it benefits the most because with our obsession for retail parks, shopping malls and 24 hour large supermarkets this is what is killing independent traders who buy produce locally, get our farms working again and stop relying on the EU to pay our farmers not to farm. Keep abusing your local councils to make parking near down and city/town centres FREE, this is one of the main reasons people go to retail parks and such and thats because it costs them nothing to park. We could even grow our own!
Lets bullet point:-
- Boycott one large petrol manufacturer and retailer for 6 months, 12 months or more. If they are not making money they will need to become cheaper to get people in.
- School projects could be to farm and grow produce to resell locally, keeps the money local for the school whilst educating the kids to grow.
- Use local farmers for meat and dairy products. There are plenty around who you can buy direct from, in fact buying half a pig (which they butcher for you) and freezing it will save you money.
- Use local market traders for fruit, veg, other meat and fish produce, keeps local people in business and employment whilst keeping the money local.
- Move to one supplier across the country for gas and electric (everyone) other suppliers would have no choice to cut their prices because they are simply not making money with no customers otherwise.
Doing this will hit the bigger brands where it matters for them, doing this allows us to gain some control over what we pay or at least who we pay it to and which outside country gets our numbers (money), in essence we are our own Robin Hood, we just need to step up!