2

I am in the process of De-Googling myself and setting complex passwords.

  • I changed my registered Gmail to an alternative mail provider
  • I changed my password to a complex one

I use mostly vBulletin and similar forums.

It's very well known that Facebook, Apple, Microsoft, Google and Amazon never delete any old records.

But does this also apply to off-the-shelf forum CMS systems? Can the admin see my previous email address and password hash?

Please describe how this is handled for the most popular discussion forum CMS (vBulletin, Discourse, phpBB and Simple Machines Forum). It's a privacy issue, so I don't want the admin to store my previous email and password hash.

It's very clear that the old records are in backup (mysqldump), so I’m asking more about the live DB.

Laurel
  • 129
  • 7
Sybil
  • 1,435
  • 2
  • 15
  • 29
  • 1
    I am not a lawyer but depending on the location/jurisdiction of the bulletin boards, they might fall under the EU's GDPR which enables users to request the full deletion of their data (Art. 17 - "right to be forgotten"). This should also apply to you even if you're not a EU citizen. Might be worth a shot :) – SeeYouInDisneyland Nov 14 '18 at 13:11

2 Answers2

1

Many off the shelf bulletin board and similar forum software are simplistic enough to not store history of changes. However some are more complex and do.

One way to positively identify ones that do (although the reverse is not true, this will not prove a negative) is to change your password to something, then try changing it back to the original. A good password change function will not allow you to re-use the most recently used n password hashes as this is a common user security compromise. If the system is able to block that behavior, then it is keeping password hashes.

As a rule of thumb, you can bank on their being some history out there, not necessarily from the website software itself, but from server backups. Anybody who snapshots their servers or runs regular dumps on their databases for backup purposes is going to have a some records with your old info floating around somewhere. The likelihood of these ever turning up anywhere is low, the as an end user your chances to find and eliminate them are even lower.

Caleb
  • 1,334
  • 11
  • 20
0

That depends.

If the site admin decides to store old records on the dump or on live db, they can.

If the site admin configures to delete old records, then those records will be deleted.