Author Topic: Passwords Stolen - www.timewastersguide.com hacked in April 2011  (Read 5998 times)

Astounding

  • Level 1
  • *
  • Posts: 4
  • Fell Points: 0
  • Truly the universe is... Astounding
    • View Profile
    • Personal Web Site
A quick search didn't show me any threads dealing with the April 2011 hack of this forum, www.timewastersguide.com wherein 6000 email addresses and hashed passwords were stolen.  I found out about it when my email address started receiving spam.  I only use that address here, nowhere else, and I have never shared it or posted it or made it public.

ANYONE with a SIMPLE password whose email address is one of the 6000 addresses should log in and CHANGE their password.  Even though the passwords appear to be hashed (MD5?  SHAx?), a quick dictionary attack will reveal the passwords.  I assume that this has already happened months ago.

Looking through the forums, I saw that at least one user reported his/her account was hijacked/stolen.

Site administrators, I'm curious as to what actions you have taken since April to close the security hole the hacker used.  Was it a forum software bug that a subsequent upgrade has made secure?

If you wonder if YOUR email address was one of the 6000, check here:

http://pastebin.com/fYdHt3ni

Here are a few 'blog and web posts about the hack:

http://www.cyberwarnews.info/2011/08/16/time-wasters-guide-accounts-database-leaked-by-thehacker12/

http://thehacker12.blogspot.com/2011/08/over-6500-email-passwords.html

Thanks for any/all info.

Aaron out.

Chaos

  • Administrator
  • Level 36
  • *****
  • Posts: 2170
  • Fell Points: 3
  • The Original Hero of Ages
    • View Profile
    • Eric Lake
Re: Passwords Stolen - www.timewastersguide.com hacked in April 2011
« Reply #1 on: August 23, 2011, 01:55:05 AM »
The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.

EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.
« Last Edit: August 23, 2011, 03:19:33 AM by Chaos »
www.17thshard.com - The Official Brandon Sanderson Fansite.

Oh SNAP, I'm an Allomancer.

Mad_Scientist

  • Level 2
  • **
  • Posts: 19
  • Fell Points: 0
    • View Profile
Re: Passwords Stolen - www.timewastersguide.com hacked in April 2011
« Reply #2 on: August 23, 2011, 03:25:20 AM »
The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.

EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.

My email is there as well, and I only joined this forum in June, so yes, definitely a more recent hack than just April.

Eerongal

  • Level 23
  • *
  • Posts: 1199
  • Fell Points: 0
  • That jaunty jackanapes with moxie and pizzazz
    • View Profile
    • Rockin' with the Erock
Re: Passwords Stolen - www.timewastersguide.com hacked in April 2011
« Reply #3 on: August 23, 2011, 03:50:29 AM »
The hackers must have re-hacked it more recently, since I changed my email address on this account this last month, and that spreadsheet has my new email.

EDIT: It'd be funny if we could get this guy banned from Blogger for posting personal information.

My email is there as well, and I only joined this forum in June, so yes, definitely a more recent hack than just April.

well, all of the links provided in the original post are dated for August 16th, So i think maybe April was accidentally typed instead of august? :P
[shameless plug]
My site
[/shameless plug]

Civilized men are more discourteous than savages because they know they can be impolite without having their skulls split, as a general thing.
-R. Howard

Pie is clearly the most trustworthy. Pie for president. - Me.

Peter Ahlstrom

  • Administrator
  • Level 59
  • *****
  • Posts: 4902
  • Fell Points: 2
  • Assistant to Mr. Sanderson
    • View Profile
Re: Passwords Stolen - www.timewastersguide.com hacked in April 2011
« Reply #4 on: August 23, 2011, 06:06:06 AM »
Sigh. Jordo will have to fix it.
All Saiyuki fans should check out Dazzle! Emotionally wrenching action-adventure and quirky humor! (At least read chapter 6 and tell me if you're not hooked.) Volume 10 out now!

ad130

  • Level 2
  • **
  • Posts: 18
  • Fell Points: 0
  • HIT MY, HEAD IT WONT HURT
    • View Profile
    • Adams--Site
Re: Passwords Stolen - www.timewastersguide.com hacked in April 2011
« Reply #5 on: August 23, 2011, 06:31:48 AM »
A quick search didn't show me any threads dealing with the April 2011 hack of this forum, www.timewastersguide.com wherein 6000 email addresses and hashed passwords were stolen.  I found out about it when my email address started receiving spam.  I only use that address here, nowhere else, and I have never shared it or posted it or made it public.

ANYONE with a SIMPLE password whose email address is one of the 6000 addresses should log in and CHANGE their password.  Even though the passwords appear to be hashed (MD5?  SHAx?), a quick dictionary attack will reveal the passwords.  I assume that this has already happened months ago.

Looking through the forums, I saw that at least one user reported his/her account was hijacked/stolen.

Site administrators, I'm curious as to what actions you have taken since April to close the security hole the hacker used.  Was it a forum software bug that a subsequent upgrade has made secure?

If you wonder if YOUR email address was one of the 6000, check here:

http://pastebin.com/fYdHt3ni

Here are a few 'blog and web posts about the hack:

http://www.cyberwarnews.info/2011/08/16/time-wasters-guide-accounts-database-leaked-by-thehacker12/

http://thehacker12.blogspot.com/2011/08/over-6500-email-passwords.html

Thanks for any/all info.

Aaron out.

Pay attention to what I say B***** ??? ThEhAcKeR12 has hacked the site in end of July but released it on 16th August 2011. The only reason he had posted 6,500 user information is cause he just wanted to show the loop hole in this fucking site or this site just had 6500 members. Till the date he has leaked about 1,00000 emails with passwords including many government(US, UK & India mainly) information.
PS- Blocking him from blogger wont stop anyone from posting the information, it will just fuel it & he will be having fame. Tell the admin to improve the stupid security of the website to prevent 'the data from being stolen'!
Do tell the admin that this account is hacked :)
God Bless ya all ;D
« Last Edit: August 23, 2011, 06:35:01 AM by ad130 »

Dougal

  • Level 4
  • *
  • Posts: 68
  • Fell Points: 0
  • I am a warrior of light magic!!!
    • View Profile
Re: Passwords Stolen - www.timewastersguide.com hacked in April 2011
« Reply #6 on: August 23, 2011, 06:48:16 AM »
A quick search didn't show me any threads dealing with the April 2011 hack of this forum, www.timewastersguide.com wherein 6000 email addresses and hashed passwords were stolen.  I found out about it when my email address started receiving spam.  I only use that address here, nowhere else, and I have never shared it or posted it or made it public.

ANYONE with a SIMPLE password whose email address is one of the 6000 addresses should log in and CHANGE their password.  Even though the passwords appear to be hashed (MD5?  SHAx?), a quick dictionary attack will reveal the passwords.  I assume that this has already happened months ago.

Looking through the forums, I saw that at least one user reported his/her account was hijacked/stolen.

Site administrators, I'm curious as to what actions you have taken since April to close the security hole the hacker used.  Was it a forum software bug that a subsequent upgrade has made secure?

If you wonder if YOUR email address was one of the 6000, check here:

http://pastebin.com/fYdHt3ni

Here are a few 'blog and web posts about the hack:

http://www.cyberwarnews.info/2011/08/16/time-wasters-guide-accounts-database-leaked-by-thehacker12/

http://thehacker12.blogspot.com/2011/08/over-6500-email-passwords.html

Thanks for any/all info.

Aaron out.

A same post but from one the admin itself with the password 'jackass' :D


Pay attention to what I say B*****  ThEhAcKeR12 has hacked the site in end of July but released it on 16th August 2011. The only reason he had posted 6,500 user information is cause he just wanted to show the loop hole in this fucking site or this site just had 6500 members. Till the date he has leaked about 1,00000 emails with passwords including many government(US, UK & India mainly) information.
PS- Blocking him from blogger wont stop anyone from posting the information, it will just fuel it & he will be having fame. Tell the admin to improve the stupid security of the website to prevent 'the data from being stolen'!
Do tell the admin that this account is hacked
God Bless ya all
Dougal

Spriggan

  • Administrator
  • Level 78
  • *****
  • Posts: 10582
  • Fell Points: 31
  • Yes, I am this awesome
    • View Profile
    • Legacies Lost
Re: Passwords Stolen - www.timewastersguide.com hacked in April 2011
« Reply #7 on: August 23, 2011, 07:03:44 AM »
I don't think I'm going to be able to patch the forum 100% without doing a complete new install due to the custom code TWG uses which prevents the updater from working.
Screw it, I'm buying crayons and paper. I can imagineer my own adventures! Wheeee!

Chuck Norris is the reason Waldo is hiding.


czamora

  • Level 1
  • *
  • Posts: 2
  • Fell Points: 0
  • I love YaBB 1G - SP1!
    • View Profile
Re: Passwords Stolen - www.timewastersguide.com hacked in April 2011
« Reply #8 on: August 23, 2011, 07:03:59 AM »
A quick search didn't show me any threads dealing with the April 2011 hack of this forum, www.timewastersguide.com wherein 6000 email addresses and hashed passwords were stolen.  I found out about it when my email address started receiving spam.  I only use that address here, nowhere else, and I have never shared it or posted it or made it public.

ANYONE with a SIMPLE password whose email address is one of the 6000 addresses should log in and CHANGE their password.  Even though the passwords appear to be hashed (MD5?  SHAx?), a quick dictionary attack will reveal the passwords.  I assume that this has already happened months ago.

Looking through the forums, I saw that at least one user reported his/her account was hijacked/stolen.

Site administrators, I'm curious as to what actions you have taken since April to close the security hole the hacker used.  Was it a forum software bug that a subsequent upgrade has made secure?

If you wonder if YOUR email address was one of the 6000, check here:

http://pastebin.com/fYdHt3ni

Here are a few 'blog and web posts about the hack:

http://www.cyberwarnews.info/2011/08/16/time-wasters-guide-accounts-database-leaked-by-thehacker12/

http://thehacker12.blogspot.com/2011/08/over-6500-email-passwords.html

Thanks for any/all info.

Aaron out.

One more down  8)

Pay attention to what I say B*****  ThEhAcKeR12 has hacked the site in end of July but released it on 16th August 2011. The only reason he had posted 6,500 user information is cause he just wanted to show the loop hole in this fucking site or this site just had 6500 members. Till the date he has leaked about 1,00000 emails with passwords including many government(US, UK & India mainly) information.
PS- Blocking him from blogger wont stop anyone from posting the information, it will just fuel it & he will be having fame. Tell the admin to improve the stupid security of the website to prevent 'the data from being stolen'!
Do tell the admin that this account is hacked
God Bless ya all

Eelldytinka

  • Level 2
  • **
  • Posts: 20
  • Fell Points: 0
    • View Profile
интим досуг в
« Reply #9 on: December 20, 2014, 02:04:24 AM »
На сайте - http://gani.boltonogovo.ru/horoshie-blyadi.html есть города казахстана список проститутки проститутки на российском телевидение подборка красивых трансвеститов femdom киев девочки проститутки так ведь бляди ж екатеринбург проституты снять проститутки в городе самара.

Eelldytinka

  • Level 2
  • **
  • Posts: 20
  • Fell Points: 0
    • View Profile
шлюхи путаны
« Reply #10 on: December 20, 2014, 02:05:27 AM »
На сайте - http://lubimuvecajun.boltonogovo.ru/07-2014-19.html есть трансы казакстан самоя дорогая проститутка мира фото проституток в наручниках шлюхи-одиночки гсальск ростовской области проститутки деревня демихово орехово зуеского района проститутки в пкадуе милицеонер занимается сексом с проституткой.