Originally Posted by wonderman

I am still in process of withdrawing 7000 from my epassporte account. The fact that I can take only 300 dollars a day is sort of annoying. Worse than that is when it takes 6 days to get the money. That is way to long.

Originally Posted by darksoul

7000/300 = 23.33 which is nowhere close to 6

Originally Posted by minusonebit

You know what?

I always have thought that ePassporte's whole "scrambled passwords in the DB" story is bullshit. Now I know.

I signed into my account a second ago using the password they e-mailed me and went to change my password back so I can use "my" password to get into my account.

When I went to change it, I get this message:



Now, if they lost my password in this DB mess, how would the system know that I used that password before? Its lost, remember? So once again, ePassporte has blown smoke up my ass. Someone ain't tellin the truth.

What really happened, ePassporte? I cant wait to hear the explanation here.

Originally Posted by shaliza

Last week, ePassporte's LDAP server crashed and our backup was corrupted. The result: a number of account passwords were automatically reset. I know this issue was inconvenient for our account holders and we are extremely sorry for this. Most of you are able to login now and use your accounts again but if anyone is still having troubles, please feel free to contact me or Keyser and we will ensure your issue is handled immediately.

Were these accounts hacked??? NO! In fact, the database issue made it even harder for anyone to access any ePassporte account.

Some accounts were not effected by the crash however we were unable to differentiate between these accounts. Minusondebit, your account was one that was NOT effected but as I said we were unable to differentiate so we simply reset the password on accounts we thought would have an issue. We store the last three passwords with a one way encryption scheme. That means we can encrypt them, but we cannot decrypt them. We take the password that you enter and we encrypt it and compare it to the old encrypted password. If it matches, we don't let you use it again for security purposes.

I hope this answers your questions and everyone can put away their popcorn and milk duds.

Originally Posted by European Lee

That certainly would seem to explain the password issues however...

How does that explain all the recent emails people have been getting to their Epassporte email account addresses example; [email protected] containing links to pornsites in them?

Regards,

Lee

Originally Posted by shaliza

Last week, ePassporte's LDAP server crashed and our backup was corrupted. The result: a number of account passwords were automatically reset. I know this issue was inconvenient for our account holders and we are extremely sorry for this. Most of you are able to login now and use your accounts again but if anyone is still having troubles, please feel free to contact me or Keyser and we will ensure your issue is handled immediately.

Were these accounts hacked??? NO! In fact, the database issue made it even harder for anyone to access any ePassporte account.

Some accounts were not effected by the crash however we were unable to differentiate between these accounts. Minusondebit, your account was one that was NOT effected but as I said we were unable to differentiate so we simply reset the password on accounts we thought would have an issue. We store the last three passwords with a one way encryption scheme. That means we can encrypt them, but we cannot decrypt them. We take the password that you enter and we encrypt it and compare it to the old encrypted password. If it matches, we don't let you use it again for security purposes.

I hope this answers your questions and everyone can put away their popcorn and milk duds.

Originally Posted by woj

After taking a moment to analyze the "evidence", I concluded there are 2 possible logical explanations to all this:

1. They are telling the truth (there were some database problems)

The database got corrupted, stuff like that happens. Normally what happens in a situation like that everyone panics for a min, then someone in the group realizes, "Wait a min, don't we have a backup from last night?" Database gets restored, missing data since the backup is recovered from the log files. End result: Everything is back to normal. However, everything was not back to normal, everything got recovered except the passwords. Also, it's worth noting, that certain accounts were not effected at all by this "database problem." I don't see any logical explanation for that under this scenario.


2. There was a hacking attempt (which may or may not have been successful)

Hacking attempt was detected and narrowed down to certain accounts. For example, brute force attack was detected, and a list of accounts with failed logins in the past 24 hours was compiled. As a precaution, passwords to effected accounts were changed to minimize possible damage. This explains why only certain accounts were effected.


I guess there are also other possible explanations, like programmer error for example. Programmer was doing work on the database, and accidently wiped out half the passwords. But in my opinion they would all fall into "1" category, database corruption that can be easilly recovered.

Originally Posted by Keyser Soze

When people forward their ePassporte email address all emails send to [email protected] is forwarded this is why they see spam emails forwarded thru ePassporte.
But there is a filter in place so these emails don't show up in their inbox at https://mail.epassporte.com

Like stated earlier Lee if you have any real concerns or problems with your account you are welcome to contact either Shalize or me.