Read this first! > Announcements and site development

We were hacked.

(1/3) > >>

sl1982:
As many of you are aware someone gained access to an administrator account and locked us all out. Qhimm was nice enough to come save the day and set things back to the way they were before but there are some things to consider.

The hacker may have gotten access to the database so your email addresses and passwords may be compromised. Please update your passwords on here and change any passwords on other sites that are the same as this one.

It is not advisable to share the same password over many sites as one hack compromises everything else. Please use unique strong passwords on every site. I also recommend using a password manager. Keepass and bitwarden are good ones. They will create a unique strong password for every site.

Apologies for any inconvenience this has caused everyone.

Qhimm:
I've done a bare-bones post-mortem and secured what I could. Looks like they got in via an administrator account that used the same password as on another compromised site. (Never reuse passwords between websites!)

Unfortunately, it seems plausible they got hold of a database backup through the compromised account. In terms of sensitive material, this includes things like private messages and forum-internal data like password hashes.

No one is going to recover any cleartext passwords from those hashes anytime soon, but there are some unfortunate design flaws in SMF (the software powering this and many other forums) that mean there are a few additional concerns. I've patched these forums to protect against these issues for the time being, but to be on the safe side you should change your password, as well as double-check that you're not using the same username & password combination on any other forums or website.

As part of general checkup and mitigation efforts, I've also enabled always-on HTTPS, wiped all existing sessions, erased any unused accounts and removed the ability to make database backups from administrator accounts.

Koby:
As someone who has ran forums since 2000, I've never liked the ability to backup databases from the admin cp. One of the first things I do is disable the ability to do so. Leave stuff such as backups to the server side of things.

But yes, never use the same password on multiple sites for any account that has any kind of power that could be used to do harm. In fact, I'd also recommend staff to periodically change their password at least once or twice a year and not to use a repeat.

2FA is also a good idea so even if password is compromised, a user who shouldn't have access to the account has a harder time of actually getting into the account.

In any case, good that the compromise was discovered quickly. Sometimes bad actors will gain access, making backups, and not do anything to be noticed so they can continue to access the account in the future.

Yagami Light:
I was wondering what was going on, thought it was a joke due to the euro football finals, I've changed my password to be on the safe side, were you able to identify which account was compromised? So they can do a virus scan on their end etc

Covarr:

--- Quote from: Yagami Light on 2021-07-12 18:23:57 ---I was wondering what was going on, thought it was a joke due to the euro football finals, I've changed my password to be on the safe side, were you able to identify which account was compromised? So they can do a virus scan on their end etc

--- End quote ---
We know which account was compromised and how. No malware or anything, just a reused password on another site that was hacked.

Navigation

[0] Message Index

[#] Next page