Bug causes inadvertent security notification emails

News updates about the Prohashing pool
User avatar
Chris Sokolowski
Site Admin
Posts: 936
Joined: Wed Aug 27, 2014 12:47 pm
Location: State College, PA

Bug causes inadvertent security notification emails

Post by Chris Sokolowski » Fri Jun 08, 2018 10:33 pm

Hi Everyone,

I wanted to explain what is happening with security notification emails. I first want to emphasize that these messages are not a result of a hack or breach of our security.

I was performing a routine check of our services today, and I discovered that there was one customer with an invalid email address that was causing the routine that sends security notifications to fail. When I fixed the issue and the routine executed properly, all queued emails from the past three weeks were sent at the same time.

These notifications are correct, but they are not for changes made today. They are related to account changes that have occurred since May 21. If anything was changed multiple times since May 21, then multiple emails would have been sent today. Note that a security notification is sent if anyone changes a payout address or email address, even if it was the account owner and the change was intentional.

If you received a security notification, I recommend checking your account's payout addresses and email addresses to be sure they are correct. However, most likely you will not need to take any action because you were the one that changed the information and the email was just a routine warning.

I apologize for the issue and any concern it has caused. If you have any questions, feel free to ask. Thank you for mining with us.

Sincerely,

-Chris Sokolowski
User avatar
holygoof
Posts: 59
Joined: Fri Oct 27, 2017 11:02 am

Re: Bug causes inadvertent security notification emails

Post by holygoof » Fri Jun 08, 2018 10:57 pm

Thank you for the quick breakdown Chris.
Good
bachel
Posts: 19
Joined: Sun Jan 29, 2017 6:09 am

Re: Bug causes inadvertent security notification emails

Post by bachel » Sat Jun 09, 2018 2:59 am

So my payout address was definitely changed how do you explain that?
User avatar
Steve Sokolowski
Posts: 4011
Joined: Wed Aug 27, 2014 3:27 pm
Location: State College, PA

Re: Bug causes inadvertent security notification emails

Post by Steve Sokolowski » Sat Jun 09, 2018 6:54 am

bachel wrote:So my payout address was definitely changed how do you explain that?
Unfortunately, we can't explain how your payout address was changed, as that is out of the scope of this issue. The most likely cause is that someone obtained your password and changed it.

The scope of this post is solely to explain that E-Mails indicating payout address changes were delayed by a few weeks. There were no widespread hacks; the only impact was a delay in sending E-Mails, for which we apologize.
Foxx
Posts: 90
Joined: Mon Dec 04, 2017 6:20 pm

Re: Bug causes inadvertent security notification emails

Post by Foxx » Sat Jun 09, 2018 7:06 am

not sure if this feature is enabled here or not (as it has been some time since i have actually mined here) but on other pools, as a security feature, everytime a payout address is modified, payment is suspended for 24/48 hours. being that most will notice when a payment is missed, this feature helps to stop theft before it happens.
bachel
Posts: 19
Joined: Sun Jan 29, 2017 6:09 am

Re: Bug causes inadvertent security notification emails

Post by bachel » Sat Jun 09, 2018 12:15 pm

Steve Sokolowski wrote:
bachel wrote:So my payout address was definitely changed how do you explain that?
Unfortunately, we can't explain how your payout address was changed, as that is out of the scope of this issue. The most likely cause is that someone obtained your password and changed it.

The scope of this post is solely to explain that E-Mails indicating payout address changes were delayed by a few weeks. There were no widespread hacks; the only impact was a delay in sending E-Mails, for which we apologize.
So the 20 others in the chat this morning with the same problem all got fished ?
User avatar
Steve Sokolowski
Posts: 4011
Joined: Wed Aug 27, 2014 3:27 pm
Location: State College, PA

Re: Bug causes inadvertent security notification emails

Post by Steve Sokolowski » Sat Jun 09, 2018 12:58 pm

bachel wrote:
Steve Sokolowski wrote:
bachel wrote:So my payout address was definitely changed how do you explain that?
Unfortunately, we can't explain how your payout address was changed, as that is out of the scope of this issue. The most likely cause is that someone obtained your password and changed it.

The scope of this post is solely to explain that E-Mails indicating payout address changes were delayed by a few weeks. There were no widespread hacks; the only impact was a delay in sending E-Mails, for which we apologize.
So the 20 others in the chat this morning with the same problem all got fished ?
fished?

If you mean "phished," as in someone stealing information, then the answer is no. There were no systemwide hacks.
qosmio
Posts: 2
Joined: Thu Apr 26, 2018 6:24 pm

Re: Bug causes inadvertent security notification emails

Post by qosmio » Sat Jun 09, 2018 1:31 pm

1st this happened to my was in april 2018, I had not 2fa enabled and got back into my account after 3 days and I lost one payout because the address was changed, I fixed all back and enabled 2fa, yesterday 8jun18 it happened again and I could not get back into my account since 2fa did not send me the code to login. so I have to move my miners to another pool since I cannot use my account anymore and not want to mine and someone else get my payout. Can you fix my account so I can use it again? account: qosmio
bachel
Posts: 19
Joined: Sun Jan 29, 2017 6:09 am

Re: Bug causes inadvertent security notification emails

Post by bachel » Sat Jun 09, 2018 8:58 pm

Steve Sokolowski wrote:
bachel wrote:
Steve Sokolowski wrote:
Unfortunately, we can't explain how your payout address was changed, as that is out of the scope of this issue. The most likely cause is that someone obtained your password and changed it.

The scope of this post is solely to explain that E-Mails indicating payout address changes were delayed by a few weeks. There were no widespread hacks; the only impact was a delay in sending E-Mails, for which we apologize.
So the 20 others in the chat this morning with the same problem all got fished ?
fished?

If you mean "phished," as in someone stealing information, then the answer is no. There were no systemwide hacks.
So why did so many payout addresses get changed ?

Miracle Hack or Devs who develop on a live system without testing anything before hand ?
User avatar
dnprod
Posts: 82
Joined: Tue Feb 21, 2017 3:19 pm
Location: Ontario, Canada

Re: Bug causes inadvertent security notification emails

Post by dnprod » Sun Jun 10, 2018 4:04 am

request for improvement to the notification email:
1) state which coin it's talking about
2) it says "Action: Payout Address Changed" however the same email is generated if the minimum payout amount is
changed. so perhaps rephrase it to say "Payout Address and/or Minimum Amount Changed" or something similar.
Post Reply