FMCA passwords compromised?

[rayin]

According to this thread on irv2.com FMCA is storing our passwords in clear text: https://www.irv2.com/forums/f53/fmca-warning-change-your-password-asap-533881.html#post5725010

Is there actually cause for concern?

[RRR]

And what about Credit Card info? How is it stored? Is it kept on file?  The CC must be kept of file for the Connect Plan or is that info kept by Sprint/T-Mobil?

[richard5933]

Right now we don't have enough information to really know what to make of this. Whether or not there is a data risk depends on more than the FMCA staff being able to see the information. Perhaps someone from Membership will join the conversation and let us know what's going on before people jump to conclusions.

[gatripsters]

On 4/25/2021 at 10:40 PM, rayin said:

According to this thread on irv2.com FMCA is storing our passwords in clear text: https://www.irv2.com/forums/f53/fmca-warning-change-your-password-asap-533881.html#post5725010

Is there actually cause for concern?

Thanks for the heads up.  Whether it's true or not, I changed my password.  Doesn't hurt to do so, and my password was definitely not a good one!!!  hahaha!  It is now!!!  

[manholt]

After reading every thing on irv2 in ref to above, the OP's CC was not breached at FMCA!  I have never had a problem in the 35+ years of using a CC or DC with FMCA....before that, we would mail in checks!

Ray, everybody, please always read  everything!  Skimming gives you out of context info.

As far as Password is concerned, who cares?  The worst that will happen, we get another Troll.

[akadeadeye]

So how does one change their password on FMCA? (asking for a friend)😎

Don

[wildebill308]

39 minutes ago, akadeadeye said:

So how does one change their password on FMCA? (asking for a friend)😎

Don

Go to the main site/ my account / My Settings/ then My Password.

Bill

[RRR]

I am really disappointed that there has not been any response from the leadership, not even a canned reply. Makes me wonder if maybe the accusations have some truth to them. I would expect more.  

[rossboyer]

A few years ago, FMCA upgraded the software that handles credit card processing. The next independent audit stated that meets security recommendations. 

[rayin]

Thank you for responding Ross, I thought that irv2 thread was nonsense but the only way to debunk it was to ask here.

[southardrv]

19 hours ago, rossboyer said:

A few years ago, FMCA upgraded the software that handles credit card processing. The next independent audit stated that meets security recommendations. 

I'm the person who created the IRV2 thread, and should make a couple things clear.  First, there was no issue with FMCA's credit card transaction data.  I never made that statement -- as someone else has said, it's important to read the entire post, not just skim it, especially if you see something alarming.  The security of their credit card processing is not the issue at all.

The issue is the simple fact that it's always a very bad practice -- and a completely unnecessary one -- to store user passwords in plain text, even if your credit card processing meets all requirements.  Why?  Well, because if your database gets compromised, the bad guys now know who you are (your email or other identifying information) *and* a password that you use.  Do you use that password somewhere else?  A bank, perhaps?  The bad guys will employ their bots to try various obvious combinations of user information and that password at every place they can think of.

That's why it's always a bad idea to store passwords in plain text.  That's why I recommended (in the original post) (1) you change your FMCA password to a unique one, so that if FMCA gets hacked in the future, the bad guys won't be able to use it elsewhere, and (2) you change the passwords on all other accounts that were the same as FMCA, so that if FMCA has already had a breach and just hasn't realized it yet then your other accounts will no longer be vulnerable that way.

 

[manholt]

southadrv.  Welcome to the Forum! 

Thanks for coming on and clarifying the out of context confusion! 

Carl