Jump to content
daverich4

JRiver hacked

Rate this topic

Recommended Posts

Lovely.  


2 ch Setup:

Motorola Modem sb6141> Emo Systems EN-70HD > (5) eero > Synology 1813+ (DSM 6.2), 4TB Seagate NAS Drives, 4GB RAM & Zero Surge & APC XS BX1000G/backup to Synology DX513) > Emo Systems EN-60KDS  > Roon > Mola Mola Tambaqui > BSS BLU 50 > (2) Hypex NCore NC502MP > JBL M2 Master Reference

Share this post


Link to post
Share on other sites

Just received notice today. I'm glad I use Last Pass so I use different passwords for every single site I hit.

 

Glad to hear that JRiver is 100% out of PCI-DSS scope also. 

 

"

Good Day,
I'm sorry to report that JRiver's servers were recently attacked and partially compromised.  No credit card information was lost (we don't save any), but e-mail addresses probably were, and possibly passwords, although these were heavily encrypted.  You should change your password for the forum here:   Profile > Account Settings   License passwords can be changed if you purchase in the future -- they are only used for changing your e-mail address.  You can read more on Interact.
 
We have spent the last few weeks recovering from this catastrophic event.  If you have experienced problems with Media Network, cover art lookup, CD ripping, or other functions that use our servers, this break-in is probably the reason.  All problems are fixed now.
 
We're also sorry if you experienced a failure when you tried to purchase a new license or upgrade an old one.  If you're willing to try again, here is a coupon that will save you $10 on a new or upgrade license during September:  MEACULPA ($10 Coupon).  Enter the coupon during purchase and confirm that the price is correct.
 
We offer our sincere apologies.  It was our fault, and we're embarrassed about it.  You can be sure that we are much better prepared to defend our servers now.
"
 
Appreciate that they are out in front of this. Also NewEgg was just hacked and it was pretty significant. 
 
 

Share this post


Link to post
Share on other sites
14 minutes ago, One and a half said:

I didn’t receive any notification...

 

I didn't either, but had happened on their forum right around August 20th and saw it there.

 

They don't store credit card information on their server so risks are minimal, but they did at that time recommend the changing of passwords, and more specifically changing the password used on other sites if that was one in the same with what you were using on JRiver's site.


no-mqa-sm.jpg

 

Share this post


Link to post
Share on other sites
2 hours ago, MikeyFresh said:

Are you referring to the incident they reported back on August 20th, or is this something brand new?

 

Not sure when it happened, I got the email notification from them today.

Share this post


Link to post
Share on other sites
1 hour ago, MikeyFresh said:

 

I didn't either, but had happened on their forum right around August 20th and saw it there.

 

They don't store credit card information on their server so risks are minimal, but they did at that time recommend the changing of passwords, and more specifically changing the password used on other sites if that was one in the same with what you were using on JRiver's site.

Some people do and some people aren’t receiving the notice. I believe that a declaration must be sent to the user of the breach by law , isn’t this correct for the US.


AS Profile Equipment List        Say NO to MQA

Share this post


Link to post
Share on other sites
On 9/26/2018 at 4:13 PM, jriver said:

I'm sorry if anyone wasn't notified.  We mailed every address we have.  It may have gone to a spam folder or you may have previously  unsubscribed.

 

I apologize for this very serious breach of trust.  It's inexcusable.  

 

Here's the announcement we posted on August 20.

 

https://yabb.jriver.com/interact/index.php/topic,117123.0.html

 

To summarize the damage.

 

1.  Our commerce and license servers were taken offline immediately and were down about 5 days.


2.  The attack used SQL injection and we should have prevented it.

 

3.  No credit card information was lost.  We don't store any and never have.

 

4.  Email addresses probably were taken.

 

5.  Passwords were probably taken, but we believe the encryption method protected them.

 

6.  We recommend that JRiver forum passwords be changed.  https://yabb.jriver.com/interact/index.php?action=profile

 

Again, I'm extremely sorry.

 

Jim Hillegass

CEO, JRiver

 

Hi Jim,

 

thanks for your answers! It was important and helpful for me.

 

Viktor

 

 


Core Audio - high quality audio products

Music Server - USB/SPDIF Bidge - DAC - Power Amp

Full linear analogue power supply, passive cooling Barebone Audio PCs

www.coreaudio.eu 

(distributor for TARALABS in Hungary, Croatia, Romania)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...