A quick search didn't show me any threads dealing with the April 2011 hack of this forum,
www.timewastersguide.com wherein 6000 email addresses and hashed passwords were stolen. I found out about it when my email address started receiving spam. I only use that address here, nowhere else, and I have never shared it or posted it or made it public.
ANYONE with a SIMPLE password whose email address is one of the 6000 addresses should log in and CHANGE their password. Even though the passwords appear to be hashed (MD5? SHAx?), a quick dictionary attack will reveal the passwords. I assume that this has already happened months ago.
Looking through the forums, I saw that at least one user reported his/her account was hijacked/stolen.
Site administrators, I'm curious as to what actions you have taken since April to close the security hole the hacker used. Was it a forum software bug that a subsequent upgrade has made secure?
If you wonder if YOUR email address was one of the 6000, check here:
http://pastebin.com/fYdHt3niHere are a few 'blog and web posts about the hack:
http://www.cyberwarnews.info/2011/08/16/time-wasters-guide-accounts-database-leaked-by-thehacker12/http://thehacker12.blogspot.com/2011/08/over-6500-email-passwords.htmlThanks for any/all info.
Aaron out.