daverich4 Posted September 20, 2018 Share Posted September 20, 2018 Just got a notice from JRiver that their servers were hacked and that everyone with an account there should change their password... christopher3393 1 Link to comment
jtwrace Posted September 20, 2018 Share Posted September 20, 2018 Lovely. W10 NUC i7 (Gen 10) > Roon (Audiolense FIR) > Motu UltraLite mk5 > (4) Hypex NCore NC502MP > JBL M2 Master Reference +4 subs Watch my Podcast https://www.youtube.com/channel/UCXMw_bZWBMtRWNJQfTJ38kA/videos Link to comment
MikeyFresh Posted September 20, 2018 Share Posted September 20, 2018 Are you referring to the incident they reported back on August 20th, or is this something brand new? Boycott HDtracks Boycott Lenbrook Boycott Warner Music Group Link to comment
One and a half Posted September 20, 2018 Share Posted September 20, 2018 I didn’t receive any notification... AS Profile Equipment List Say NO to MQA Link to comment
plissken Posted September 20, 2018 Share Posted September 20, 2018 Just received notice today. I'm glad I use Last Pass so I use different passwords for every single site I hit. Glad to hear that JRiver is 100% out of PCI-DSS scope also. " Good Day, I'm sorry to report that JRiver's servers were recently attacked and partially compromised. No credit card information was lost (we don't save any), but e-mail addresses probably were, and possibly passwords, although these were heavily encrypted. You should change your password for the forum here: Profile > Account Settings License passwords can be changed if you purchase in the future -- they are only used for changing your e-mail address. You can read more on Interact. We have spent the last few weeks recovering from this catastrophic event. If you have experienced problems with Media Network, cover art lookup, CD ripping, or other functions that use our servers, this break-in is probably the reason. All problems are fixed now. We're also sorry if you experienced a failure when you tried to purchase a new license or upgrade an old one. If you're willing to try again, here is a coupon that will save you $10 on a new or upgrade license during September: MEACULPA ($10 Coupon). Enter the coupon during purchase and confirm that the price is correct. We offer our sincere apologies. It was our fault, and we're embarrassed about it. You can be sure that we are much better prepared to defend our servers now. " Appreciate that they are out in front of this. Also NewEgg was just hacked and it was pretty significant. christopher3393 1 Link to comment
MikeyFresh Posted September 20, 2018 Share Posted September 20, 2018 14 minutes ago, One and a half said: I didn’t receive any notification... I didn't either, but had happened on their forum right around August 20th and saw it there. They don't store credit card information on their server so risks are minimal, but they did at that time recommend the changing of passwords, and more specifically changing the password used on other sites if that was one in the same with what you were using on JRiver's site. Boycott HDtracks Boycott Lenbrook Boycott Warner Music Group Link to comment
daverich4 Posted September 20, 2018 Author Share Posted September 20, 2018 2 hours ago, MikeyFresh said: Are you referring to the incident they reported back on August 20th, or is this something brand new? Not sure when it happened, I got the email notification from them today. Link to comment
One and a half Posted September 20, 2018 Share Posted September 20, 2018 1 hour ago, MikeyFresh said: I didn't either, but had happened on their forum right around August 20th and saw it there. They don't store credit card information on their server so risks are minimal, but they did at that time recommend the changing of passwords, and more specifically changing the password used on other sites if that was one in the same with what you were using on JRiver's site. Some people do and some people aren’t receiving the notice. I believe that a declaration must be sent to the user of the breach by law , isn’t this correct for the US. AS Profile Equipment List Say NO to MQA Link to comment
Popular Post jriver Posted September 26, 2018 Popular Post Share Posted September 26, 2018 I'm sorry if anyone wasn't notified. We mailed every address we have. It may have gone to a spam folder or you may have previously unsubscribed. I apologize for this very serious breach of trust. It's inexcusable. Here's the announcement we posted on August 20. https://yabb.jriver.com/interact/index.php/topic,117123.0.html To summarize the damage. 1. Our commerce and license servers were taken offline immediately and were down about 5 days. 2. The attack used SQL injection and we should have prevented it. 3. No credit card information was lost. We don't store any and never have. 4. Email addresses probably were taken. 5. Passwords were probably taken, but we believe the encryption method protected them. 6. We recommend that JRiver forum passwords be changed. https://yabb.jriver.com/interact/index.php?action=profile Again, I'm extremely sorry. Jim Hillegass CEO, JRiver PorkChop, Lobbster, MikeyFresh and 1 other 1 1 2 Jim Hillegass / JRiver Media Center / jriver.com Link to comment
PorkChop Posted September 26, 2018 Share Posted September 26, 2018 Those clarifications answered all my questions. Thanks Jim, I wish every CEO disclosed security breaches that succinctly. Link to comment
wittao Posted November 7, 2018 Share Posted November 7, 2018 On 9/26/2018 at 4:13 PM, jriver said: I'm sorry if anyone wasn't notified. We mailed every address we have. It may have gone to a spam folder or you may have previously unsubscribed. I apologize for this very serious breach of trust. It's inexcusable. Here's the announcement we posted on August 20. https://yabb.jriver.com/interact/index.php/topic,117123.0.html To summarize the damage. 1. Our commerce and license servers were taken offline immediately and were down about 5 days. 2. The attack used SQL injection and we should have prevented it. 3. No credit card information was lost. We don't store any and never have. 4. Email addresses probably were taken. 5. Passwords were probably taken, but we believe the encryption method protected them. 6. We recommend that JRiver forum passwords be changed. https://yabb.jriver.com/interact/index.php?action=profile Again, I'm extremely sorry. Jim Hillegass CEO, JRiver Hi Jim, thanks for your answers! It was important and helpful for me. Viktor Manufacturer of Core Audio equipments www.coreaudio.eu Source: Core Audio DAIDO ULTIMATE + CA KARUNA ULTIMATE USB/SPDIF Bridge + CA DENPO ULTIMATE DAC Amplifiers: MBL 6010D preamp + MBL 9008A monoblocks Loudspeakers: MBL 101emkII, YG Hailey 2.2 Cables: TARALABS USB, Muse Digit, Muse IC + ZERO Evolution, Muse SP Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now