Warning! Ebenefits Not Secure Site

[WAC-Vet75]

I just went to ebenefits to check on my claim.... Somehow, without logging in, I was able to go to "claim status", noticed that the dates were wrong, then looked and saw I was signed in as Dennis Houser, NOT me, and the claim is in Philadelphia, NOT where I live, nor where my claim is pending! I wonder if someone is presently accessing my records.......

[ExAirman]

I just logged into the E-benifits site and it brought up my information and not someone elses.

Has anyone received info from the VA that this is/was a hacking attempt? This doesn't seem like a 'hacking' issue to me, it actually seems like a database or web-query problem. If a database is configured incorrectly you might (MIGHT!) be passed the wrong records. If the web-query to the database is incorrectly configured you can experience the same problem. In actually, many hackers use a technique called 'SQL injection' to attempt to gain access to the actual database, that can give results like mention here (see other peoples records), once the hacker is in then they have access to extract, change, add, or delete records in the database.

The fact that this boards users are gaining access to others info accidentally and that others can access data correctly leads me to infer this a likely a problem with the database, and unlikely is a hacker.

[godeep]

Just got in from work and I am reading all the post here on e-benifits. It looks like the whole site has been hacked, and if so will be down for a very long time. The VA is not known for fixing anything in timely manner.-especially this issue. They may have to check each of our records to see if ours is stating the correct information or is hacked. God forbid if they have our banking information on there, that needs to be deleted. They keep tweeking the system until even the most amataur hacker can get in. Bravo Zula VA-you really opened up a can of worms. THis needs to be investigated by Congress, our privacy has been compromised-to what extent, that will need to be determined.. I will be contacting my Congressman tomorrow to get his input as this is a Federal Site.

eBenefits is up and running just fine. As for banking information, this is mine:

Commercial Banks, (National Bank Trust Companies).

Nothing to get too excited about. It's a tempest in a teapot, folks.

[COOL BREEZE]

I have received the official reply from the VA from their WEB site which is also posted on Facebook-You can post questions and they may reply)

"We did experience some technical issues with the latest release and we had to take the site down for a while and revert to an older version. The site was not hacked. Once the technical issues are resolved, we will release the upgraded version of eBenefits. "

[Vync]

"We did experience some technical issues with the latest release and we had to take the site down for a while and revert to an older version. The site was not hacked. Once the technical issues are resolved, we will release the upgraded version of eBenefits. "

nice....

[hulamatt]

is the site down again, i keep getting asked for a password and username to VISIT the site and it says myrealm whatever the hell that means anyone getting this?

[broncovet]

We need to remember the VA's history: They will tell Veterans ANYTHING just to shut us up and keep us from complaining. Remember how shredding was an "isolated incident" (when they later found it happened in 41 out of 57 RO's)?

Same thing with infection problems: They are an "isolated incident and no Veterans have been "acutally infected" with dirty equipment".

Same with the fiduciary fiasco.

Now they are telling us the VA "wasnt hacked" but they found out who was hacking the website and fixed the problem.

Scandal after scandal has plagued the VA: Shredding, dirty equipment, fiduciary fraud, IT fraud, and they are NEVER isolated incidents, and always appear in multiple locations.

All this being said, WAC vet, I simply suggest you do what you can, then stop worrying about who what has access to your data. You can worry yourself sick.

In regard to E benefits I recommend these security precautions:

1. DO NOT put in your private information online UNLESS your address bar says "https". The "S" means this is a secure site. Hackers can hack the rest, but have not yet figured out how to break 28 bit encryption, or, they dont have to because so many others leave the door open so they dont have to "crack the safe".

2. Keep your computer "clean". Dont store your passwords or usernames..enter them again each time. Hackers can hack your computer and steal your stored usernames passwords.

3. Be careful WHO uses your computer.

4. Remember a Wired internet connection is almost always more secure than wireless. The reason is a hacker can drive around looking for insecure websites and "get on" your wireless internet connection. He can not do that as easily with wired internet..he will have to go through your ISP.

T