User database posted online
User database posted online
Hello
It seems the user database has been hacked and posted online: https://twitter.com/#!/ObSec_/status/106024604832768000
It seems the user database has been hacked and posted online: https://twitter.com/#!/ObSec_/status/106024604832768000
Re: User database posted online
And I was just having a conversation with someone about the recent "because we can" hack-a-thon going on.Nozavi wrote:Hello
It seems the user database has been hacked and posted online: https://twitter.com/#!/ObSec_/status/106024604832768000
Re: User database posted online
I don't know what this is supposed to be, I just get a plain white page with the twitter bar at the top.
Re: User database posted online
Seems like your browser isnt showing the twitter page correctly.
But crap like this is why i dont like signing up for anything on the web, -_-
But crap like this is why i dont like signing up for anything on the web, -_-
Re: User database posted online
This seems to be a serious problem!
Should we change our passwords, or ...?
Why the hell did this happen? Ooh...I'm having mixed feelings about this...I'd better stop writing until I say something I'll regret!
Should we change our passwords, or ...?
Why the hell did this happen? Ooh...I'm having mixed feelings about this...I'd better stop writing until I say something I'll regret!
Re: User database posted online
It is very serious... waiting for a word from Andrew... don't want to say anything just yet. I immediately changed my password. There's nothing useful in my profile information but I don't want anyone posting on my name.joby_toss wrote:This seems to be a serious problem!
Should we change our passwords, or ...?
Why the hell did this happen? Ooh...I'm having mixed feelings about this...I'd better stop writing until I say something I'll regret!
Re: User database posted online
Thank you for the heads-up, Nozavi.
Password Safe both generated a new password and will remember it for me. What a great application...
Password Safe both generated a new password and will remember it for me. What a great application...
My YouTube channel | Release date of my 13th playlist: August 24, 2020
Re: User database posted online
I disabled blocking on my browser, so now I can see the post, but both the pastebin links are dead.
It doesn't sound like it was that bad though, all our passwords are hashed, right?
It doesn't sound like it was that bad though, all our passwords are hashed, right?
- JohnTHaller
- Posts: 716
- Joined: Wed Feb 10, 2010 4:44 pm
- Location: New York, NY
- Contact:
Re: User database posted online
Yes, everyone should change their passwords, especially if they use the same password and login on other sites. phpBB uses a hashed password table (as any application should), but once someone has the hash to your password, they could brute-force it to figure out your possible password. And if you share that password and login with other sites (think PayPal, your email account, banking, etc) bad things can happen. So, yes, you should change your password as well as any other sites you use the same password on. And you should use a different password for each site. Something like KeePass can generate very secure passwords for you and remember them.joby_toss wrote:This seems to be a serious problem!
Should we change our passwords, or ...?
Why the hell did this happen? Ooh...I'm having mixed feelings about this...I'd better stop writing until I say something I'll regret!
Last edited by JohnTHaller on Wed Aug 24, 2011 1:08 pm, edited 1 time in total.
PortableApps.com - The open standard for portable software | Support Net Neutrality
Re: User database posted online
I saw the list and can confirm that the passwords are indeed hashed.Hydaral wrote:I disabled blocking on my browser, so now I can see the post, but both the pastebin links are dead.
It doesn't sound like it was that bad though, all our passwords are hashed, right?
However, all email addresses were leaked as well.
In addition, cracking the passwords may be possible with rainbow tables.
My YouTube channel | Release date of my 13th playlist: August 24, 2020
- JohnTHaller
- Posts: 716
- Joined: Wed Feb 10, 2010 4:44 pm
- Location: New York, NY
- Contact:
Re: User database posted online
Right, forgot about that bit. I use a standard email account for all signups like this that is separate from my main ones to avoid excessive spam, but many other users may not.SYSTEM wrote:However, all email addresses were leaked as well.
PortableApps.com - The open standard for portable software | Support Net Neutrality
-
- Posts: 1212
- Joined: Wed Jul 18, 2007 5:45 pm
Re: User database posted online
Hmm...this attack happened on July 5th! A SQL injection method was used. Damn!
I don't remember exactly, but wasn't that the time we started to get those login captcha requests?
And why did it took so long to find this out? Damn!
@Nozavi: Multumim frumos! Abia acum mi-am dat seama ca esti roman!
I don't remember exactly, but wasn't that the time we started to get those login captcha requests?
And why did it took so long to find this out? Damn!
@Nozavi: Multumim frumos! Abia acum mi-am dat seama ca esti roman!
Re: User database posted online
EDIT: NickR just explained this post is inaccurate. Ignore.
Actually only emails, usernames, and hashed passwords were leaked through A-M. If your username starts with N - Z you might want to change your password just to be safe, but your email address hasn't been exposed.
SYSTEM wrote:However, all email addresses were leaked as well.
Actually only emails, usernames, and hashed passwords were leaked through A-M. If your username starts with N - Z you might want to change your password just to be safe, but your email address hasn't been exposed.
Re: User database posted online
@webfork - There was a second file which cobtained the data for everyone else ie Michael84 to Zurgerok
and then circa 200 more entries which were not listed alphabeticaly
and then circa 200 more entries which were not listed alphabeticaly