@Hypex

Quote:

So even after you pay them they will still erase your data. Offering to erase it for 700 BT. LOL. Lose everything by that logic. Another FORMAT C: warning.

Either I didn't understand you, or you misread their email (they offer to erase the data they supposedly collected upon payment of $700).

_________________
RETREAM - retro dreams for Amiga, Commodore 64 and PC

@wakido

Quote:

wakido wrote: @saimo Same here. Exclusive email and password Are the passwords stored as plain text??

No, passwords never have been here. All are encrypted and salted.

_________________
Test sig (new)

@all
I feel like I'm taking crazy pills reading through most of these comments, as they don't address saimo's main point at all.

The real mystery here is how the Amigaworld.net password was obtained. As saimo has suggested that he doesn't use this password on other sites, the only plausible explanations (so far) are:

1. This was the password in use during the 2012 Amigaworld.net data breach.

2. There has been a more recent data breach at Amigaworld.net.

3. saimo logged into Amigaworld.net on a computer with a keylogger running.

I'd add a new possibility to this list:

4. saimo logged into Amigaworld.net via a compromised network (e.g. a spoofed WiFi network at a coffee shop).

The topic was raised to address point 2. If points 1, 3 and 4 are not valid, then that only leaves point 2 (unless someone comes up with another explanation for how the password could have been obtained).

@saimo, regarding the keylogger and compromised network possibilities, have you ever logged into Amigaworld.net when you're not at home?

@_Steve_

Quote:

No, passwords never have been here. All are encrypted and salted.

With "encrypted" I hope you mean that they are run through a cryptographic hash function (after salt is applied). Also ideally the hash function should be safer than md5 as I remember reading somewhere that it has been cracked.

@salass00
Highly unlikely that MD5 is being used for Amigaworld.net passwords, and even if it was it'd be necessary to steal the database that holds the passwords first, which would almost certainly be secured using a stronger password hashing algorithm.

@HenryCase

Quote:

The real mystery here is how the Amigaworld.net password was obtained. As saimo has suggested that he doesn't use this password on other sites, the only plausible explanations (so far) are: 1. This was the password in use during the 2012 Amigaworld.net data breach. 2. There has been a more recent data breach at Amigaworld.net. 3. saimo logged into Amigaworld.net on a computer with a keylogger running. I'd add a new possibility to this list: 4. saimo logged into Amigaworld.net via a compromised network (e.g. a spoofed WiFi network at a coffee shop). The topic was raised to address point 2. If points 1, 3 and 4 are not valid, then that only leaves point 2 (unless someone comes up with another explanation for how the password could have been obtained). @saimo, regarding the keylogger and compromised network possibilities, have you ever logged into Amigaworld.net when you're not at home?

Regarding point 1: I can't remember the details, but I'm pretty sure that after the breach I changed the password (and possibly the email; chances are that I changed the email also afterwards).

Regarding point 4: I access the internet exclusively from home, with this machine (running both Windows and Linux) and an AmigaOne cabled to the router (well, actually the AmigaOne is not connected anymore since a month or so) - and, no, I don't have a mobile/tablet.

Regarding point 3: I guess that a malicious keylogger would have been detected by the antivirus scans I made; but, even if it had escaped, it should have been running at the time when I set the email address, which would be quite a long time ago (one or more years, probably) - it would be weird if the hackers remembered about it only now.


@all

Please don't miss the fact that wakido (earlier post) and Birbo (post below) reported that the same happened to them.

Last edited by saimo on 03-Oct-2018 at 11:06 AM.
Last edited by saimo on 03-Oct-2018 at 11:05 AM.
Last edited by saimo on 03-Oct-2018 at 09:46 AM.

_________________
RETREAM - retro dreams for Amiga, Commodore 64 and PC

@saimo

Same happened to me (e-Mail was in SPAM-Folder).

My Password must have been taken from Amigaworld.net. I'm not using it anywhere else.

_________________
Sometimes we give people a lot of credit just because they’re writing nice sentences even if it isn’t adding up to much.

@Birbo

Quote:

Same happened to me (e-Mail was in SPAM-Folder). My Password must have been taken from Amigaworld.net. I'm not using it anywhere else.

Thanks for the additional feedback!

_________________
RETREAM - retro dreams for Amiga, Commodore 64 and PC

@_Steve_

Hmm interesting. My old password was an easy decode probably. But interesting that it’s never been stored as plain text.
Them knowing a password and email I used here exclusively surely looks at a data breach from aw.

It may have been a long time back. It must be years since I changed my aw password

@saimo

Yes, I know what they "offer" but I don't trust the use of the word "data". They pretty much state they will erase all your data. I draw a double meaning from this. I bet, just for laughs, they would take someones money and erase all their files if they could. That's how they like to work. Steal money then lock out the user from logging in. Happened to a friend of mine and they wrecked the login by disabling accounts so login was totally broken. The trend now to hack into and corrupt the data with encryption then demand a ransom.

Hello Folks,

today I got a nice jerking off email ... and so on.
With a spam-level ''minus 9.1'' WOW

He tells me my password ... this is unique from here.
The email-adress is, sorry, for a few community-sides.

I have checked my email-adress here
https://sec.hpi.de/ilc/
at the moment it not compromised.

But since today I know it's the calm
before the storm.

Check your system. Tapatalk ?
Other services pass thru ?
Facebook ?

Mmmh, no, it's got to be a theft in one piece.
Because I haven't been online for many months.

Hope it helps

@_Steve_

First of all md5 sum is cracked, hackers have collected md5 hash'es for years, stored this database, so you can do reverse look up, at least for common passwords, it won't be hard find out what some password are in database.

https://md5.gromweb.com/

More information about this:
https://www.forbes.com/sites/leemathews/2017/12/11/billion-hacked-passwords-dark-web/#52081d3421f2

1)
Who can have access to web page like this, well the hosting provider might have access to web pages, who works for hosting provider, can you trust the employs of hosting provider?

2)
is possible to embed javascripts in forum post on Amigaworld? if so then some might stolen your cookies, not actually accessed the database, web browser and some pages offers to save your password in cookies.

https://null-byte.wonderhowto.com/how-to/write-xss-cookie-stealer-javascript-steal-passwords-0180833/

3)
The web browser, password manager, if you have installed program on your PC, the program might have accesses the password manager database.

4)
Password manager programs written by someone you do not know who is. Way do every one think that it is good idea download program form mister anonymous, and store you passwords in mister anonymous password manager.

5)
SQL injection, lots of web pages are badly coded, maybe using badly coded engine from someone who does not have clue.

Last edited by NutsAboutAmiga on 05-Nov-2018 at 10:22 PM.
Last edited by NutsAboutAmiga on 05-Nov-2018 at 10:18 PM.
Last edited by NutsAboutAmiga on 05-Nov-2018 at 10:16 PM.
Last edited by NutsAboutAmiga on 05-Nov-2018 at 10:09 PM.

_________________
http://lifeofliveforit.blogspot.no/
Facebook::LiveForIt Software for AmigaOS

@halbvier

and checking your e-mail in my anonymous web page is also bad idea, now mr anonymous knows you e-mail and can spam you.

_________________
http://lifeofliveforit.blogspot.no/
Facebook::LiveForIt Software for AmigaOS

@NutsAboutAmiga
all your links have lot of clicks until you can read anything.
WOW ... security ? ... or get I tomorrow a washmachine?
My little english helps me not really.

---

However ... fact :
- since many, many month (two three years?) no login here.
(no man in the middle, no injection...)
- really unique password (not 12345 not password...)

And again: here is a problem. It has to check !

Last edited by halbvier on 05-Nov-2018 at 10:39 PM.

@saimo

I can add at least two more compromised aw.net accounts, which use exclusive email addresses and passwords. I wager to say it is clear that the aw.net database was compromised/breached and that passwords were not as strongly encrypted as assumed.

As long as the breach or rather the underlying vulnerability is not fixed, there is no sense in changing any passwords here on aw.net, because it can leak again at any point in time.

Those of you not using site exclusive passwords should rather change the passwords on all _other_ sites (preferably to something exclusive) and live with the "burned" aw.net password until the site is secure again.

_________________
Regards, Cyborg.
AmigaOS4 development team member

"In the beginning was CAOS.."
-- Andy Finkel, 1988 (ViewPort article, Oct. 1993)

@saimo

I've recived a gazilion of these scam emails. When they quote a password it's always a password I used on this site (and others of a similar type) before the 2012 data breach, and has never been any of my recent passwords nor one of my batch of 'secure passwords' (ones I used on critical sites like banks etc so never reused on other sites).

So I think this data was stolen and in the original and known 2012 data breach and not since.

Don't over panick, do use diferent passwords on non critical social media than on more important sites.

_________________
BroadBlues On Blues BroadBlues On Amiga Walker Broad

@broadblues

Uh Oh! Just checked my spam folder and just today I got an email using the new password! So the site has defintely been recently rehacked and my statement above is out of date. Bah!

Last edited by broadblues on 06-Nov-2018 at 11:17 AM.

_________________
BroadBlues On Blues BroadBlues On Amiga Walker Broad

@ Cyborg broadblues

Thanks for the additional feedback.


@all

Make sure you don't use the same email/password anywhere else.


@admins

Please keep us posted.

_________________
RETREAM - retro dreams for Amiga, Commodore 64 and PC

Well, this doesn't look good.

Might be an idea to put an alert on the front page telling users to take the usual steps.

I just checked my account and the email address associated with it is one that ceased to be many years ago so I'm guessing that's why I haven't had anything through but not so much luck for everyone else.

_________________
Robert
--
A1XE G4, OS4.1. Peg1 G3, MOS 1.4.
Abel Soul - Check out our tunes on Spotify

It is extremely disgraceful how the Amigaworld.net admins are handling this situation.

First of all if AW claims to be GDPR compliant (which they should), they also have an obligation to inform authorities about a data breach, which I'm pretty sure they didn't.

Next to that, since this is happening more often, I would expect them to temporarily put the site offline until the dataleak has been fixed to protect their users and themselves.

Even worse, if AW is indeed (partly) owned by A-EON as is stated under privacy, this is going to give A-EON a very bad reputation with such a lacking (if existing at all) security policy.

Of course I can partly understand, our beloved Amiga platform is so obscure it automatically implies Security through obscurity. However this can not be said about public websites in the real world.