Friday, May 24, 2013

TriDeci finally open :)

Hi there!
Today finally TriDeci re-opened the site even though it is not totally funcional:
Earnings are not working yet and as we have not surfed any sites we have also not earned a dime. Unfortunately the membership has continued and mine was about to expire. As I do not want to put any more money out of my pocket online I decided to cancel my pending withdrawal to have funds to pay for my upgrade. I also wanted to purchase new DC Units but this feature is not yet available. Here is tue email:
TriDeci Members Update - What happened.
OK. So about 10 days ago we experienced an attack on the login system. An unidentified person was using an automated script to test combinations of usernames and basic passwords to try and gain access to user accounts. In several cases this person was successful and was then able to take over the user accounts and then use a similar script to guess the Security PIN. Thus they were able to change cashout destinations and make a withdrawal, a number of which were paid.
Here's our beef. There were 9 compromised accounts. In all cases the compromised accounts used 123456 as their password, or used their own username as their password. Seriously?
So we did a test of our own and tested all login passwords for 123456 and also their username. Guess what. We found that over 2000 other accounts were using these as well.
This is the most basic security error anyone can make in this day and age. Come on folks, its 2013! For all intensive purposes the internet is 25 years or more old and the number one rule about online security is - Use a proper password! Not doing so is like leaving your front door wide open!
So we shut down the system, and have reworked the login system to stop people using dumb passwords. We have issued a reset notice for everyone. All passwords must be changed, and passwords now have to have at least one Uppercase, one lowercase letter, and one number.
Now, we have thoroughly checked the logs, and we are certain that only those 9 accounts were compromised and had details changed. They have all been reset and any payments made will be refunded.
We are absolutely certain that our backend systems were not compromised, the database was not hacked and our system is still secure.
But we are implementing some additional rules, to guard against this in future.
1. In addition to the password requirements above, whenever your password or PIN is changed withdrawals are blocked for 72 hours.
2. Three failures entering your password or PIN will get you locked out for ten minutes. 7 or more fails and you will be permanently locked out and your IP address blocked. If you are the real account owner, this will not prseent a problem for you, only an attacker.
3.Your browser/ip address/country will be checked. Any changes to these and you will need to confirm it via a link sent to your email address.
Now 1 and 2 are already done, but 3 will be implemented in due course as we first need to check you all are actually receiving emails, thus we will soon ask you all to re-verify your default email address.
OK so far. Whats going to happen now.
Firstly, any outstanding withdrawals will be returned to your account. Once you have reset your password, there will be a 72 hour wait before you can issue another request.
Second. A number of your 30 Day upgrades expired while we were on hold. We have placed the commission system on hold now until Sunday Midnight GMT 26 May to allow you time to renew your upgrade (If you wish). Once this hold expires we will add 2 weeks to all upgraded members to allow for the missed days, so make sure you are upgraded before Sunday.
Third. Daily Commissions and surfing are on hold until Monday at the earliest. Take note! We will not be back-paying the missed days! The site did not make any sales, you did not do any surfing and no revenue was generated, thus no commissions will be paid. The expiry date of all units will however be extended by two weeks to cover the missed days. Once we are sure that all is well we will open the system back up.
Ok, thats all for now. Please go and login and reset your password.
TriDeci Admin.
At least it is good to see that our membership and DC Units are going to live two weeks longer ;)

No comments:

Post a Comment