Frequently Asked Questions - Christian Flatshare

Home page

Countries

If you cannot find the answer to your questions in this page please contact Jono [email protected].

Answers...

What’s the very short version?

Some of our member’s passwords may have been compromised. If you used the same password on CFS and on any other account, you should update those passwords immediately.

What is this page?

CFS was unfortunately caught up in a large-scale data breach of a third party which has exposed a limited amount of our users data on the internet. The purpose of this page is to be transparent with our users about what happened and to inform them of the risks posed by the breach, and what they can do to ensure they are protected from any further risk.

What has happened?

Before November 2020, the Christian Flatshare (CFS) website suffered a cyber-attack that allowed user details to be downloaded from our website via what is known as a SQL injection attack. This is where commands to manipulate a database are sent by hackers using sign up or account management forms to force the database to perform arbitrary actions such as providing a list of the database content.

This content was then indexed by a now-defunct website called ”Cit0day” which aggregated lists of stolen and compromised credentials for use by cybercriminals. In November 2020, the entire content of the Cit0day website was made public. This included several thousand Christian Flatshare accounts (amongst approximately 227,000,000 total unique accounts in the breach collected from tens of thousands of websites).

More technically-minded users may find this detailed explanation by well-known and respected security researcher Troy Hunt helpful https://www.troyhunt.com/inside-the-cit0day-breach-collection/.

There is some evidence from the UK’s National Crime Agency that cybercriminals have tried to exploit the information in the Cit0day breach and they are pursuing a criminal prosecution – they are directly in touch with those whose accounts have been exploited.

What data was exposed?

The data that was exposed was limited. It comprised the email address you used to register with CFS, a ‘hashed’ (i.e. encrypted) version of your password, and the text of any posts you may have made regarding accommodation offered or wanted. We don’t hold any further data and nothing else was exposed.

Why is this a risk?

The leaked information in itself is unlikely to pose any risk to you. Passwords were stored in an enencrypted format. However, short or weak passwords encrypted using hashing can potentially be reverse-engineered. If this were the case, a hacker could gain access to your CFS account. In itself, this is unlikely to pose a threat to you as the amount of information stored on our website is limited.

However, there is a potential risk if you re-used the same email address and password combination on other websites. In this case, it would mean a hacker could access other more sensitive accounts by trying the email and password combination on other popular websites (this is known as ‘credential stuffing’). This is a particular risk if the same password is used on your primary email account, as the hacker could then undertake password resets to take ownership of linked accounts to hijack the account. There is also a risk that if you have saved payment details on an account that is then compromised, an attacker could use the saved card details to make payments using that card.

Please note that if you have not re-used the same password from CFS for another online account, you are highly unlikely to be at risk in any way.

Questions...

What’s the very short version?

What is this page?

What has happened?

What data was exposed?

Why is this a risk?

What has CFS done to protect my data?

What do I need to do?

This happened a while ago; why are you only telling us now?

Next steps for CFS…

What has CFS done to protect my data?

Since becoming aware of the breach, CFS has been in direct contact with the relevant authorities, including the ICO (the UK Data Protection Regulator) and the National Crime Agency who are investigating and trying to bring criminal charges regarding the exploitation of the Cit0day breach, and we are helping them with their investigations.

We have undertaken a full review of our website security to close the vulnerability that allowed our database to be compromised in the first place using a respected independent cybersecurity contractor.

We provide this advice to help you take steps to ensure your security.

What do I need to do?

You should change your password on any site where you used the same password as you used on CFS.

You should monitor your online accounts for any suspicious activity, such as email sign-ups to services you don’t recognise, or password reset emails you did not request. If you are particularly worried about a payment card being compromised, you may wish to contact your bank.

If you do not already do so, refrain from re-using passwords for more than one account. Ensure that you use long and/or complex passwords.

If you do not already do so, consider adopting the use of a password manager. These are free or relatively cheap utilities that allow you to generate and save unique secure passwords which prevents this sort of credential stuffing attack.

On any account which allows it, you should enable two-factor authentication.

The National Cyber Security Centre maintains helpful advice on maintaining online security for members of the public, including more detail about the above steps. If you follow these steps, you will minimise the risk of harm from this data breach, and the risk of any future cyber-attacks on all of your online activity. The NSA guidance can be found here.

This happened a while ago; why are you only telling us now?

The data incident was detected in March 2021 and the underlying security weakness was identified by a security expert and fixed within a week, accounts created after March 2021 are unaffected. CFS is maintained for the benefit of the Church community as a non-commercial venture largely by a single administrator. Unfortunately, the founder and administrator of the site has spent the last year in hospital due to sudden and life-changing circumstances. We confirm we have been working with the relevant authorities and have informed you as soon as possible given the circumstances.

This page will be updated and the content matured from any questions arising from the community Please contact Jono [email protected], acting DPO for this incident should you have any questions

Next steps for CFS…

We know CFS to be a valued resource within the church community at this juncture the present administrator needs to focus on his recovery and it may be best if CFS finds a new home and leadership we expect that this may be best found in an established church or para-church organisation with vision and alignment such that CFS could be a compliment to its ministry and to continue: finding homes-growing churches and building communities on the same non-commercial and ecumenical basis.

Pecuniary matters:
Presently CFS is not optimised for donations or monetized in any way and as such presently CFS runs a small net loss and day-to-day administration is usually minimal.

If you can offer input on what these next steps might be, please be in touch,
Happy Easter,
Ryan Davies
Christianflatshare Support
[email protected]

Posting Wanted Accommodation adverts

It is FREE to place adverts.

If you are looking for accommodation you should place a wanted accommodation advert. Join CFS, click login and click "Post an Accommodation Advert!".

Posting a Wanted ad before replying to Offered ads helps you because:

1. When you reply to Offered ads your Wanted ad (which decribes you and your requirements) is automatically included in your message

2. You are automatically shown Offered ads that match your Wanted ad requirements

3. Those offering accommodation will be able to see and reply to your advert

Taking care t put good descriptions and adding photos helps you get the best response. After you have posted an advert you can (from "Your ads", top right corner):

Preview your ad
Add photos
Edit your ad to change its details
Suspend your ad temporarily
Delete your ad
Facebook your ad, to share with Facebook friends
Change your advert's advert picture

Adverts Matching Yours

Offered accommodation adverts that match your Wanted advert will be shown below your advert summary, on the Your ads page. You should review these adverts and reply to any that are suitable.

Replying to Offerd Accommodation ads

You can search offered accommodation adverts from the front page. When you reply to any adverts it is helpful if you write a friendly note which introduces you and your accommodation requirement.

If you have placed a Wanted accommodation advert a link to it will automatically be included in your reply, so the recipiant can see your advert.

Advert posting tips

Some advert posting tips which are well worth following...

A friendly, helpful and informative description of those looking for accommodation is always a good start. Adverts with brief descriptions attract less response. When posting the ad, can initially put a brief description and later edit it to add more.
Adding *photos* can help to introduce the accommodation seeker(s) - and can be fun too!
If you have a website or a social-networking page, then including a link to it will help others to find out more about you.
class="mt0 mb5"Regularly logging in to CFS will help others see you are actively using CFS as your advert(s) will show how many days since you last logged in.

Posting Offered Accommodation adverts

It is FREE to place adverts.

If you have accommodation to offer you should place an Offered accommodation advert. Join CFS, click login and click "Post an Accommodation Advert!".

You can place different types of Offered adverts:

House or Flatshare - Houses or flats shared with others
Room Share - A room shared with someone of the same sex
Family Share - Accommodation shared with a family with children or with a married couple
Whole Place - An unoccupied house or flat

After you have posted an advert you can:

Preview your ad
Add photos
Edit your ad to change its details
Suspend your ad temporarily
Delete your ad
Facebook your ad, to share with Facebook friends
Change your advert's advert picture

Adverts Matching Yours

Wanted accommodation adverts that match your Offered advert will be shown below your advert summary, on the Your ads page. You should reply to any adverts that you think match.

Replying to Wanted Accommodation ads

If you enter a postcode of accommodation you have to offer in Quick Search (on the front page) you will be shown Wanted ads from who are looking for accommodation in that area.

If you have posted an Offered accommodation advert and reply to the Wanted ads, a link to your advert is automatically included in your reply.

Advert posting tips

Some advert posting tips which are well worth following...

A warm, helpful and informative description of the accommodation (and any living there) is always helpful. Adverts that have a brief description and have no photos attract less response. Once an advert is posted you can edit it to add photos and add more details.
Adding *photos* is key to getting the best response as they can show what the accommodation is like, and can help introduce others living in the accommodation - photos can be fun too!
If you have a website or a social-networking page, then including a link to it will help others to find out more about you.
Regularly logging in to CFS will help others see you are actively using CFS as your advert(s) will show how many days since you last logged in.

Below are some common sense pointers to observe when interacting with others online, and will help you to spot any unusual behaviour.

Scam attempts are commonplace in websites that allow interaction between people. Here are some pointers which may help you detect scams:

Always see the accommodation first, before paying a deposit or rent.
Any requests for payments through untraceable money transfer services such as "Western Union Money Transfer" or "Moneygram" should be treated as highly suspicious.
Overpayments scams: overpayments made with a request for the 'change' (sometimes blamed on a clerical error) should be treated suspiciously.
Be wary of anyone who appears to want to remain distant from you, and does not wish to see you or the accommodation before parting with money.
Do not disclose your banking information to individuals over the internet.

Do not send images or copies of identification, such as your driving license or passport, which can be used in identity theft.
Do not sign a contract or make a payment without seeing the accommodation first. Adverts for accommodation that does not exist is a common scam, and can be used to catch those moving to the UK. Protracted or seemingly awkward situations which make it difficult to see accommodation before paying a deposit or rent should be treated very cautiously. Those unable to see the accommodation might like to consider making use of a church reference and obtain church contact details through an official church website. Those working in a church office are likely to be only to willing to help vouch for the existance of a person, and their accommodation situation, and likewise those offering accommodation willing to connect you with their church to make.

If you receive a suspicious scam-type email we advise that you do not reply to the email, as this can only encourage those who send them. Those sending scam emails are likely to have sent multiple similar emails and will not be waiting on individual replies. Please contact us so that we can prevent the same email going to other members.

Some flat-finding tips from our international team of flat finding experts (ahem)...

Deposits

Landlord's must keep deposits in a government-backed tenancy deposit scheme (TDP). Full details here.

Never pay a depsoit until you have seen the accommodation, met other housemates (where applicable), and have witten down what the agreemnent is for letting. Ensure you have a recipet for your deposit. It is a good idea to include on the recipt when your deposit will be returned to you and any terms applicable. Common sense prevails in such matters and a parper record will help avoid any misunderstandings.

Recording arrangments

One of the best pieces of advice we can give, is to write things down - price, dates, routines, obligations etc. This can be done formally using short-term tenancy agreement (example, others online), or informally (especially useful when logging with a family or flatmates arrangments).

Informally the arrangement could be recorded by both parties signing a friendly letter. Havng a written agreement is good practice, can help avoid any confusions, and ensures both parties have a record.

Here is an example of a friendly letter which does that:

The landlord
New address
New town

Dear John,

Sue and I are both very pleased that you are going to stay with us for a while. To avoid any misunderstandings, here is a list of the points that we have agreed:

- Rent is £300 per celendar month (payable on the 12th, by transfer). This includes all household bills (inc. broadband and TV license, but not personal calls made from the landline).

- Our agreed moving in date in 25th of July, for three months (ending 25th October). Please can you give us two weeks notice of any change to this.

- On Tuesdays we have a weekly church meeting in the house, which you are welcome to join at any point.

- We like to keep the house and kitchen tide, and free from washing up. We share in the cleaning and bins go out on Tuesday morning.

- Sue gets up for work early, as as discussed we try to keep the house quite from 10.30pm.

Signed:
Date:

Peter Johnson John Smith

Visiting a new place - why not take a friend along? A second opinion is often helpful, and fun to visit a new place in pairs.

Smoke alarms – no place is a home without a smoke alarm. If there isn’t one fitted we recommend that you make enquiries to have one installed. Smoke alarms cost as little as £5 and are easy to install. Smoke alarms should be tested regularly.
Carbon monoxide alarms – If the property has a gas supply a carbon monoxide alarm is strongly recommended by the Health and Safety Executive.
How could you bless your potential new flat mates? How could they bless you? What could you learn from them? How would you complement and encourage each other?
Are there any household rules you should be aware of?
Have you met all the members of your potential new household? It would normally be wisest to meet everyone, so that you know who you would be living with and so that you can assess how well you would all get on.
How tidy is your potential new household? How tidy do you like to be?
The term that the accommodation is available – make sure you understand the date when you could move in, and the length of time the accommodation is available, if there is a specified end date.
How is food and cleaning done? Is cleaning done? Are there any habits for cooking and eating together? Is there a chef??
If the person offering accommodation has specified in the ad “would suit someone who, if asked, could provide a recommendation from a church…”, then it may be helpful to take the friendly initiative and to offer to provide any such recommendation.
Do you understand all the Terms and Conditions in the tenancy agreement? What is the required notice period? What sort of agreement is it, joint liability or individual liability?
Are there any regular uses of the flat? A weekly bible study? A weekly indoor football contest??
Do you understand how and when rent should be paid?
Budget and bills – what are your obligations to the regular household bills? Is Council tax and the TV license included? Writing a budget can be helpful.
Security – is the accommodation suitably secure? Are there window and door locks?
Location, location, location – how far is the accommodation from your friends, work place, college, your sports club, the gym, your church, public transport, a supermarket? the beach, the cinema (single-screen or multiplex??), a nice picnic spot or an appealing cake shop??
Insurance – is there contents insurance and will it adequately cover your belongings?
Prayer - we need to be spiritually tuned-in for the big (and the small) decisions in life… prayer is the key for good guidance and for successful flat-finding.

Accommodation letting pointers

Whether letting accommodation to formally or informally, one of the best pieces of advice we can give is to write things down - price, dates, routines, obligations etc. A more formall method could be to use a short-term tenancy agreement. Here is an example, and there are many others online. The arrangment maybe more informal (such as when logging with a family or some flatmate arrangments).

Informally the arrangement could be recorded by both parties signing a friendly letter. This is good practice: it can help avoid any confusions, give all parties clarity, can set a good tone, and ensures both parties have a record. Writing such an informal arrangment is a helpful process and may uncover items you ought to include which you had not yet thought of.

Here is an example of a friendly letter which does that:

The landlord
New address
New town

- Our agreed moving in date in 25th of July, for three months (ending 25th October). Please can you give us two weeks notice of any change to this.

- On Tuesdays we have a weekly church meeting in the house, which you are welcome to join at any point.

- We like to keep the house and kitchen tide, and free from washing up. We share in the cleaning and bins go out on Tuesday morning.

- Sue gets up for work early, as as discussed we try to keep the house quite from 10.30pm.

Signed:
Date:

Peter Johnson John Smith

Smoke alarms – no place is a home without a smoke alarm. Smoke alarms cost as little as £5 and are easy to install. Smoke alarms should be tested regularly.
Carbon monoxide alarms – If the property has a gas supply a carbon monoxide alarm is strongly recommended by the Health and Safety Executive.
If you are receiving a deposit you should ensure that this is properly recorded and a recipt given to the tenant. On the reciept, or in your written agreement, it is a good idea to include the terms of the deposit (when it will be repaid, and terms for any deductions).
Taking up references - when placing an Offered Accommodation advert to advertise accommodation you can choose the option "Would prefer someone who, if asked, could provide a recommendation from someone on church staff&. This can be followed up as a form of reference. Work place or previous landlord references could be be taken up too, as appropriate.
Setting a price - one approach to use is to set a price which is lower than market average, which may attract a greater number of interested tenants. From those tenants you can select the one best to you, and with which you can enjoy a good relationship.

Christian Flatshare... helping accommodation seekers connect with the local church community
Finding homes, growing churches and building communities © ChristianFlatShare.org 2007-2024

Data Incident Questions

...and their answers

Answers...

Questions...

Posting Wanted Accommodation adverts

Adverts Matching Yours

Replying to Offerd Accommodation ads

Advert posting tips

Posting Offered Accommodation adverts

Adverts Matching Yours

Replying to Wanted Accommodation ads

Advert posting tips

Some flat-finding tips from our international team of flat finding experts (ahem)...

Accommodation letting pointers