Jump to content
IGNORED

JRiver hacked

daverich4

By daverich4
in General Forum

Recommended Posts

plissken

plissken

Posted
Posted

Just received notice today. I'm glad I use Last Pass so I use different passwords for every single site I hit.

 

Glad to hear that JRiver is 100% out of PCI-DSS scope also. 

 

"

Good Day,
I'm sorry to report that JRiver's servers were recently attacked and partially compromised.  No credit card information was lost (we don't save any), but e-mail addresses probably were, and possibly passwords, although these were heavily encrypted.  You should change your password for the forum here:   Profile > Account Settings   License passwords can be changed if you purchase in the future -- they are only used for changing your e-mail address.  You can read more on Interact.
 
We have spent the last few weeks recovering from this catastrophic event.  If you have experienced problems with Media Network, cover art lookup, CD ripping, or other functions that use our servers, this break-in is probably the reason.  All problems are fixed now.
 
We're also sorry if you experienced a failure when you tried to purchase a new license or upgrade an old one.  If you're willing to try again, here is a coupon that will save you $10 on a new or upgrade license during September:  MEACULPA ($10 Coupon).  Enter the coupon during purchase and confirm that the price is correct.
 
We offer our sincere apologies.  It was our fault, and we're embarrassed about it.  You can be sure that we are much better prepared to defend our servers now.
"
 
Appreciate that they are out in front of this. Also NewEgg was just hacked and it was pretty significant. 
 
 
Link to comment
MikeyFresh

MikeyFresh

Posted
Posted
14 minutes ago, One and a half said:

I didn’t receive any notification...

 

I didn't either, but had happened on their forum right around August 20th and saw it there.

 

They don't store credit card information on their server so risks are minimal, but they did at that time recommend the changing of passwords, and more specifically changing the password used on other sites if that was one in the same with what you were using on JRiver's site.

no-mqa-sm.jpg

Boycott HDtracks

Boycott Lenbrook

Boycott Warner Music Group

Link to comment
One and a half

One and a half

Posted
Posted
1 hour ago, MikeyFresh said:

 

I didn't either, but had happened on their forum right around August 20th and saw it there.

 

They don't store credit card information on their server so risks are minimal, but they did at that time recommend the changing of passwords, and more specifically changing the password used on other sites if that was one in the same with what you were using on JRiver's site.

Some people do and some people aren’t receiving the notice. I believe that a declaration must be sent to the user of the breach by law , isn’t this correct for the US.

AS Profile Equipment List        Say NO to MQA

Link to comment
  • Popular Post
jriver

jriver

Posted
  • Popular Post
Posted

I'm sorry if anyone wasn't notified.  We mailed every address we have.  It may have gone to a spam folder or you may have previously  unsubscribed.

 

I apologize for this very serious breach of trust.  It's inexcusable.  

 

Here's the announcement we posted on August 20.

 

https://yabb.jriver.com/interact/index.php/topic,117123.0.html

 

To summarize the damage.

 

1.  Our commerce and license servers were taken offline immediately and were down about 5 days.


2.  The attack used SQL injection and we should have prevented it.

 

3.  No credit card information was lost.  We don't store any and never have.

 

4.  Email addresses probably were taken.

 

5.  Passwords were probably taken, but we believe the encryption method protected them.

 

6.  We recommend that JRiver forum passwords be changed.   https://yabb.jriver.com/interact/index.php?action=profile

 

Again, I'm extremely sorry.

 

Jim Hillegass

CEO, JRiver

 

Jim Hillegass / JRiver Media Center / jriver.com

Link to comment
  • 1 month later...
wittao

wittao

Posted
Posted
On 9/26/2018 at 4:13 PM, jriver said:

I'm sorry if anyone wasn't notified.  We mailed every address we have.  It may have gone to a spam folder or you may have previously  unsubscribed.

 

I apologize for this very serious breach of trust.  It's inexcusable.  

 

Here's the announcement we posted on August 20.

 

https://yabb.jriver.com/interact/index.php/topic,117123.0.html

 

To summarize the damage.

 

1.  Our commerce and license servers were taken offline immediately and were down about 5 days.


2.  The attack used SQL injection and we should have prevented it.

 

3.  No credit card information was lost.  We don't store any and never have.

 

4.  Email addresses probably were taken.

 

5.  Passwords were probably taken, but we believe the encryption method protected them.

 

6.  We recommend that JRiver forum passwords be changed.  https://yabb.jriver.com/interact/index.php?action=profile

 

Again, I'm extremely sorry.

 

Jim Hillegass

CEO, JRiver

 

Hi Jim,

 

thanks for your answers! It was important and helpful for me.

 

Viktor

 

 

Manufacturer of Core Audio equipments

                www.coreaudio.eu

Source: Core Audio DAIDO ULTIMATE + CA KARUNA ULTIMATE USB/SPDIF Bridge + CA DENPO ULTIMATE DAC

Amplifiers: MBL 6010D preamp + MBL 9008A monoblocks

Loudspeakers: MBL 101emkII, YG Hailey 2.2

Cables: TARALABS USB, Muse Digit, Muse IC + ZERO Evolution, Muse SP

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing


sonore

aurender

Lumin

HEAP

Schiit

SOtM

Mytek

mutec

uptone

jcat

sotm usa

audioquest

Taiko Audio

Teddy Pardo

Eversolo




×
×
  • Create New...