General > Suggestions Box

Passwords Stolen - www.timewastersguide.com hacked in April 2011

(1/3) > >>

Astounding:
A quick search didn't show me any threads dealing with the April 2011 hack of this forum, www.timewastersguide.com wherein 6000 email addresses and hashed passwords were stolen.  I found out about it when my email address started receiving spam.  I only use that address here, nowhere else, and I have never shared it or posted it or made it public.

ANYONE with a SIMPLE password whose email address is one of the 6000 addresses should log in and CHANGE their password.  Even though the passwords appear to be hashed (MD5?  SHAx?), a quick dictionary attack will reveal the passwords.  I assume that this has already happened months ago.

Looking through the forums, I saw that at least one user reported his/her account was hijacked/stolen.

Site administrators, I'm curious as to what actions you have taken since April to close the security hole the hacker used.  Was it a forum software bug that a subsequent upgrade has made secure?

If you wonder if YOUR email address was one of the 6000, check here:

http://pastebin.com/fYdHt3ni

Here are a few 'blog and web posts about the hack:

http://www.cyberwarnews.info/2011/08/16/time-wasters-guide-accounts-database-leaked-by-thehacker12/

http://thehacker12.blogspot.com/2011/08/over-6500-email-passwords.html

Thanks for any/all info.

Aaron out.

Chaos:
The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.

EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.

Mad_Scientist:

--- Quote from: Chaos on August 23, 2011, 01:55:05 AM ---The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.

EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.

--- End quote ---

My email is there as well, and I only joined this forum in June, so yes, definitely a more recent hack than just April.

Eerongal:

--- Quote from: Mad_Scientist on August 23, 2011, 03:25:20 AM ---
--- Quote from: Chaos on August 23, 2011, 01:55:05 AM ---The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.

EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.

--- End quote ---

My email is there as well, and I only joined this forum in June, so yes, definitely a more recent hack than just April.

--- End quote ---

well, all of the links provided in the original post are dated for August 16th, So i think maybe April was accidentally typed instead of august? :P

Peter Ahlstrom:
Sigh. Jordo will have to fix it.

Navigation

[0] Message Index

[#] Next page

Go to full version