A security concern over Forces Reunited

Discussion in 'The Intelligence Cell' started by Rameses, Jan 7, 2012.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. Recently I received this email from Forces Reunited:
    Dear XXXXX,
    It has been more than a year since your last visit to Forces Reunited and we wondered if you have mislaid your account details. If so, here is a reminder for you.


    (I replaced my details in this post but they were sent in clear by Forces Reunited.)

    This horrified me as I work in IT security and I couldn’t believe that a web site serving the forces is doing this.
    I know I haven’t used the site for over a year but the data in my profile is still correct and the only thing stopping this getting into the wrong hands is that I still use the registered email address (also was never hacked).
    I am very concerned that people that are veterans or currently serving that registered a while ago but no longer use the registered email address, either due to forgotten password or the worst case it was hacked are at risk.

    I did contact Forces Reunited regarding this matter and I got the following response:
    07 January 2012 20:08:20 by Support
    The password is only sent to the registered email address but we note your concern Sir.
    Forces Reunited Support

    This is crap that they should NEVER send the username and password together to an email account, and also by their own admission they send it to an email address that has not be accessing the site for over a year ( a hint there I think). Yes send a reminder with a link to answer some security questions before giving out the password, but again they should NEVER SEND THE USERNAME AND PASSWORD TOGETHER TO AN EMAIL ACCOUNT

    The level of information that most people have put in this site is a concern and I thought I should let everyone here know about this security risk.

    This is not a publicly stunt to get you to login to the site, I am just letting you know about the risk, I am in the process of deleting my information from this site, I was just waiting for an answer to my question hoping it was an error.

    Forces Reunited don’t care about security because if they did they wouldn’t do this or they have would changed their policy immediately after my concern.

    I hope this helps.


  2. It's a good thing Arrse doesn't do that matey, as you'd have a mailbox full of reminders by now - nigh on eight years from joining to first post must be some kind of record!:)
    • Like Like x 2
  3. Jesus, it's 2006 again!! Do people even still use that site? Rameses, you are Michael J Fox and I claim my Delorian.
  4. Christ that's terrible - someone might hack your account and find out you have no life! ;-)
    • Like Like x 1
  5. Friends Reunited and its Forces forum the latter of which I never joined went downhill when ITV took it over. They made it childlike, note to owners here I don't like cartoon characters, and bombarded everyone with spam advertising.
  6. The outrage bus is out of fuel and awaiting spares so take a number and we will get back to you in about 8 years when you make your second post.

    We thank you for your support and remind you to get a life.
  7. So if I don't use this site I have no life, yes I am a member, but in the early days arrse was just another website of many that has sprung up, I left the army back in 2004/5 and yes I got a life, but I didn't know that I had to post here to prove that, I would still read the odd post and even my son who is still serving is a member here.

    The comments I have had back just reinforce, what is the point letting people know about issues if all you get is abuse.

    Oh god this is my second post, have I got a life now or should I get back to my "no life" in the real world.

    Also looking at your join dates I have been here the longest or is it all about how many posts you have??

    At least I know if I have anymore information to share which website doesn't want it.
  8. nobody_cares.jpg

    Can we be friends, your uber kool.
  9. I found your post after just receiving an almost identical email from force reunited, but there was an http: link which I have not yet followed. I thought you might like to know that they have cleaned up their act now. I do find it hard to believe that they could be so careless, or more likely - thoughtless.
    I find it hard to believe some of the small minded nonsense that follows your original post. I suppose the moderator has to allow free speach to a degree.
    I am glad to have found this forum, but I am departing to the parallel Navy List, not having served in the army.
    • Show again braincell Show again braincell x 1
  10. Don't let that deter you from staying, it hasn't the majority of members. :)
  11. It is now 2016, every couple of days I get an email supposedly from forces reunited telling me I have unread emails/messages there is of course no connection, I wonder where this is coming from. I can't unsubscribe for the same reason??
  12. These days no website should know what your password is.

    The way it should be is that your password goes through encryption, which is like a really complicated mathematical sum. The website only has your login and the answer to the check sum. This is why when you forget your password on most sites they send you a link to reset it....because they don't actually know what your password is.

    I hope forces reunited have changed their system.
  13. Never looked at their site before The first thing I see - "Veterans with Dogs"
    We've all had a bit of rough but that was a bit harsh I thought.
    • Funny Funny x 1