ARRL

Secure Site Login

News

RSGB IOTA Reports Website Breach

09/29/2015

The RSGB Islands on the Air (IOTA) website reports that an “automatic bot” accessed the IOTA website at 0448 UTC on Sunday, September 27. The bot “was able to exploit a bug in the IOTA code in order to reset the password for every user on the site,” preventing users from logging in.

“There is no sign in the system logs that any data was read or that personal data was compromised,” IOTA said. “Once the IT team was aware of the issue, they immediately took the database offline for analysis and corrected the bug. User passwords are stored in a hashed format in the database, not in plain text. In accordance with best practice, however, we’d like to encourage all users of the IOTA website to change their passwords.”

IOTA added that if you use your IOTA password on other websites, you might consider changing your password on those sites too. Contact IOTA with any questions or concerns. — Thanks to The Daily DX



Back