Royal Yachting Association Resets Passwords After Breach

The Royal Yachting Association (RYA) is forcing a password reset for all online users after warning some that their data may have been compromised by a third party.

The UK’s national body for all things nautical appears to have moved quickly in response to the discovery.

“We have recently become aware that an unauthorized party accessed and may have acquired a database created in 2015 containing personal data associated with a number of RYA user accounts. The affected information included email addresses and RYA website passwords which were encrypted and therefore not visible,” it explained.

“The affected information included name, email and hashed passwords — the majority held with the salted hash function, which is used to secure passwords. The affected data did not include any financial or payment information and in this stage in our investigation there is no evidence that this data has been misused — it was legacy test data and it appears that the unauthorized party who gained access to a hosted server subsequently deleted that database.”

Despite passwords being salted and hashed, the RYA is taking no chances and will require all web users to choose a new credential. It is also urging members to be on the lookout for potential phishing scams attempting to capitalize on the breach notification.

“Please note that any email from the RYA about this issue (subject: Important notification regarding RYA Account Security) does not contain attachments and does not request your personal data,” it clarified.

“If you receive an email about this issue which suggests ..

Support the originator by clicking the read the rest link below.