General > Suggestions Box
Passwords Stolen - www.timewastersguide.com hacked in April 2011
Astounding:
A quick search didn't show me any threads dealing with the April 2011 hack of this forum, www.timewastersguide.com wherein 6000 email addresses and hashed passwords were stolen. I found out about it when my email address started receiving spam. I only use that address here, nowhere else, and I have never shared it or posted it or made it public.
ANYONE with a SIMPLE password whose email address is one of the 6000 addresses should log in and CHANGE their password. Even though the passwords appear to be hashed (MD5? SHAx?), a quick dictionary attack will reveal the passwords. I assume that this has already happened months ago.
Looking through the forums, I saw that at least one user reported his/her account was hijacked/stolen.
Site administrators, I'm curious as to what actions you have taken since April to close the security hole the hacker used. Was it a forum software bug that a subsequent upgrade has made secure?
If you wonder if YOUR email address was one of the 6000, check here:
http://pastebin.com/fYdHt3ni
Here are a few 'blog and web posts about the hack:
http://www.cyberwarnews.info/2011/08/16/time-wasters-guide-accounts-database-leaked-by-thehacker12/
http://thehacker12.blogspot.com/2011/08/over-6500-email-passwords.html
Thanks for any/all info.
Aaron out.
Chaos:
The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.
EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.
Mad_Scientist:
--- Quote from: Chaos on August 23, 2011, 01:55:05 AM ---The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.
EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.
--- End quote ---
My email is there as well, and I only joined this forum in June, so yes, definitely a more recent hack than just April.
Eerongal:
--- Quote from: Mad_Scientist on August 23, 2011, 03:25:20 AM ---
--- Quote from: Chaos on August 23, 2011, 01:55:05 AM ---The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.
EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.
--- End quote ---
My email is there as well, and I only joined this forum in June, so yes, definitely a more recent hack than just April.
--- End quote ---
well, all of the links provided in the original post are dated for August 16th, So i think maybe April was accidentally typed instead of august? :P
Peter Ahlstrom:
Sigh. Jordo will have to fix it.
Navigation
[0] Message Index
[#] Next page
Go to full version