Skip to main content

AAVSO Servers Compromised

kqr's picture
kqr
Offline
Joined: 2010-03-12

There has been a security breach on the AAVSO website. Because passwords may have been compromised, we have cleared all user passwords. If you have not done so already, you must reset your password before you can log in.

Please Note:

  • If you used your AAVSO web password for any other non-AAVSO account, we strongly advise that you change it there as well.
     
  • The AAVSO International Database has been validated. There has been no loss of data.
     
  • Personal financial information is not stored on any computer or database at the AAVSO, and therefore was in no way exposed.

If you have any questions or concerns we urge you to contact us at aavso@aavso.org or call us during regular business hours (Eastern Time) at 617-354-0484.

Great to see us back online
BGW's picture
BGW
Offline
Joined: 2010-10-03

I'm sure it has been several long days of hard work to get back on line:  thank you HQ staff!

Gary Billings

Wonderful!
JMLA's picture
JMLA
Offline
Joined: 2012-12-17

Gret Job Doc & Will!
 

Extra Kudos
uis01's picture
uis01
Offline
Joined: 2010-07-25

And it happened at the end of a week where all the staff had spent a large amount of time manning the booth at the AAS meeing downtown.  I think all AAVSO members would be proud of the way they represented us at the AAS.  Then this happened.  I think Doc in particular needs a well earned vacation :).

Doc and Will rock!
wel's picture
wel
Offline
Joined: 2010-07-26

 

My understanding is that both Doc and Will worked most of the weekend to bring us back online. Great job and thanks to both of you!!!

Cheers,

Doug

Thanks, Doc
sgor's picture
sgor
Offline
Joined: 2010-07-31

Thank you, Doc! Now get some sleep!

 

..george

Salut!
lmk's picture
lmk
Offline
Joined: 2010-07-23

I used to work in computer sys admin many eons ago, in the good old days of VAX/VMS and Unix. I am sure things are light years more complex nowadays with all the Windows security holes, cloud-based and internet apps, etc.

Thanks for the certainly hard work Doc & Will :)

Mike LMK

 

Password change
PYG's picture
PYG
Offline
Joined: 2010-07-08

Congratulations to everyone involved in getting the AAVSO site back up and running again.

There does apparently remain some problems though.  Eddy Muyllaert has asked me to mention here that he is unable to change his password to log-in, as he isn't receiving the e-mail back from AAVSO with further instructions (so he is unable to post here himself).  He has apparently sent a few e-mails to individuals asking for help, but no response (maybe they are getting some well earned sleep Eddy :-).  If someone at HQ reads this, perhaps they might contact Eddy and give him some advice please.

Gary [PYG]

Yes, thanks to everyone for
PJOC's picture
PJOC
Offline
Joined: 2012-12-01

Yes, thanks to everyone for getting things back up.

I sent an email to compstars@aavso.org. (I was after a sequenc for AO Aqr).  It bounced - I presume because things are not entirely fixed yet.  Justn letting you know in case it might be helpful.

Cheers

Jonathan

 

Password change problem
BGW's picture
BGW
Offline
Joined: 2010-10-03

I changed my password on first post-resurrection login.  I was forced to use a tricky password...  which I seem to have forgotten already, or at least it is not accepted.  When I use the "forgot my password" process again, it sends me a link that logs me in, but when I go to "reset my password", a page comes up saying I am not authorized to do so.

8-(

Gary Billings

Thank you for the efficient
JAC's picture
JAC
Offline
Joined: 2013-12-10

Thank you for the efficient recovery, and for the security information regarding password exchange.

thumbs UP for the staff involved.

there seems to be problems with the Tools of the aavso, several internal servers errors, and information disclosures of type of operating system. 

was there any problem with recent submission of measures of variables?

since they don't appear in the light curve generator?

kind regards

[CJGB] - JAC

 

Data upload to SunEntry
BRAF's picture
BRAF
Offline
Joined: 2010-08-27

Hello,

I'm no longer able to upload sunspot data through SunEntry, I now receive a server communication failure. I do not know if this problem is related to the security breach. I have changed my password and installed latest Java update but this did not help. 

Thank you for any assistance in solving this issue.

Raffaello Braga (Milano, Italy)

Security Breach
drob's picture
drob
Offline
Joined: 2010-08-31

My son manages a server farm and I know indirectly the amount of work that both Doc and Will had to do to get the system back up.  Yes there is still work to be done and system checks to go through, however I have been able to access everything that i need to access.  I greatly appreciate their efforts.  Thanks guys for all of your hard work

Cheers,

Bob

 

 

New Password
conan's picture
conan
Offline
Joined: 2012-01-25

I had the same problem as Mr. Billings when I tried to get a new password. But I noticed I was signed in after using the link, and I just went to my account page, and entered a new password like I would normally do any old day, and that works now. So if ones emailed link still works, you can try that. 

- - Conan 

 

Have overcome password changing problem
BGW's picture
BGW
Offline
Joined: 2010-10-03

Yes, what Conan reported works for me, too.  I.e. going to "my account" and changing the password, rather than using the link from the email re the one-time password.

Thanks!

Gary Billings

AAVSO 49 Bay State Rd. Cambridge, MA 02138 aavso@aavso.org 617-354-0484