Jump to content
rayin

FMCA passwords compromised?

Recommended Posts

According to this thread on irv2.com FMCA is storing our passwords in clear text: https://www.irv2.com/forums/f53/fmca-warning-change-your-password-asap-533881.html#post5725010

Is there actually cause for concern?

Share this post


Link to post
Share on other sites

And what about Credit Card info? How is it stored? Is it kept on file?  The CC must be kept of file for the Connect Plan or is that info kept by Sprint/T-Mobil?

Share this post


Link to post
Share on other sites

Right now we don't have enough information to really know what to make of this. Whether or not there is a data risk depends on more than the FMCA staff being able to see the information. Perhaps someone from Membership will join the conversation and let us know what's going on before people jump to conclusions.

Share this post


Link to post
Share on other sites
On 4/25/2021 at 10:40 PM, rayin said:

According to this thread on irv2.com FMCA is storing our passwords in clear text: https://www.irv2.com/forums/f53/fmca-warning-change-your-password-asap-533881.html#post5725010

Is there actually cause for concern?

Thanks for the heads up.  Whether it's true or not, I changed my password.  Doesn't hurt to do so, and my password was definitely not a good one!!!  hahaha!  It is now!!! :D 

Share this post


Link to post
Share on other sites

After reading every thing on irv2 in ref to above, the OP's CC was not breached at FMCA!  I have never had a problem in the 35+ years of using a CC or DC with FMCA....before that, we would mail in checks!

Ray, everybody, please always read  everything!  Skimming gives you out of context info.

As far as Password is concerned, who cares?  The worst that will happen, we get another Troll.

Share this post


Link to post
Share on other sites
39 minutes ago, akadeadeye said:

So how does one change their password on FMCA? (asking for a friend)😎

Don

Go to the main site/ my account / My Settings/ then My Password.

Bill

Share this post


Link to post
Share on other sites

I am really disappointed that there has not been any response from the leadership, not even a canned reply. Makes me wonder if maybe the accusations have some truth to them. I would expect more.  

Share this post


Link to post
Share on other sites

A few years ago, FMCA upgraded the software that handles credit card processing. The next independent audit stated that meets security recommendations. 

Share this post


Link to post
Share on other sites

Thank you for responding Ross, I thought that irv2 thread was nonsense but the only way to debunk it was to ask here.

Share this post


Link to post
Share on other sites
19 hours ago, rossboyer said:

A few years ago, FMCA upgraded the software that handles credit card processing. The next independent audit stated that meets security recommendations. 

I'm the person who created the IRV2 thread, and should make a couple things clear.  First, there was no issue with FMCA's credit card transaction data.  I never made that statement -- as someone else has said, it's important to read the entire post, not just skim it, especially if you see something alarming.  The security of their credit card processing is not the issue at all.

The issue is the simple fact that it's always a very bad practice -- and a completely unnecessary one -- to store user passwords in plain text, even if your credit card processing meets all requirements.  Why?  Well, because if your database gets compromised, the bad guys now know who you are (your email or other identifying information) *and* a password that you use.  Do you use that password somewhere else?  A bank, perhaps?  The bad guys will employ their bots to try various obvious combinations of user information and that password at every place they can think of.

That's why it's always a bad idea to store passwords in plain text.  That's why I recommended (in the original post) (1) you change your FMCA password to a unique one, so that if FMCA gets hacked in the future, the bad guys won't be able to use it elsewhere, and (2) you change the passwords on all other accounts that were the same as FMCA, so that if FMCA has already had a breach and just hasn't realized it yet then your other accounts will no longer be vulnerable that way.

 

Share this post


Link to post
Share on other sites

southadrv.  Welcome to the Forum! :)

Thanks for coming on and clarifying the out of context confusion! 

Carl

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...