Poster | Thread |
saimo
| |
Re: Amigaworld.net hacked? Posted on 2-Oct-2018 17:02:38
| | [ #21 ] |
|
|
|
Elite Member |
Joined: 11-Mar-2003 Posts: 2453
From: Unknown | | |
|
| @Hypex
Quote:
So even after you pay them they will still erase your data. Offering to erase it for 700 BT. LOL. Lose everything by that logic. Another FORMAT C: warning. |
Either I didn't understand you, or you misread their email (they offer to erase the data they supposedly collected upon payment of $700)._________________ RETREAM - retro dreams for Amiga, Commodore 64 and PC |
|
Status: Offline |
|
|
_Steve_
| |
Re: Amigaworld.net hacked? Posted on 2-Oct-2018 23:41:52
| | [ #22 ] |
|
|
|
Team Member |
Joined: 18-Oct-2002 Posts: 6808
From: UK | | |
|
| @wakido
Quote:
wakido wrote: @saimo
Same here. Exclusive email and password
Are the passwords stored as plain text?? |
No, passwords never have been here. All are encrypted and salted._________________ Test sig (new) |
|
Status: Offline |
|
|
HenryCase
| |
Re: Amigaworld.net hacked? Posted on 3-Oct-2018 7:03:07
| | [ #23 ] |
|
|
|
Cult Member |
Joined: 12-Nov-2007 Posts: 728
From: Unknown | | |
|
| @all I feel like I'm taking crazy pills reading through most of these comments, as they don't address saimo's main point at all.
The real mystery here is how the Amigaworld.net password was obtained. As saimo has suggested that he doesn't use this password on other sites, the only plausible explanations (so far) are:
1. This was the password in use during the 2012 Amigaworld.net data breach.
2. There has been a more recent data breach at Amigaworld.net.
3. saimo logged into Amigaworld.net on a computer with a keylogger running.
I'd add a new possibility to this list:
4. saimo logged into Amigaworld.net via a compromised network (e.g. a spoofed WiFi network at a coffee shop).
The topic was raised to address point 2. If points 1, 3 and 4 are not valid, then that only leaves point 2 (unless someone comes up with another explanation for how the password could have been obtained).
@saimo, regarding the keylogger and compromised network possibilities, have you ever logged into Amigaworld.net when you're not at home? |
|
Status: Offline |
|
|
salass00
| |
Re: Amigaworld.net hacked? Posted on 3-Oct-2018 8:10:23
| | [ #24 ] |
|
|
|
Elite Member |
Joined: 31-Oct-2003 Posts: 2707
From: Finland | | |
|
| @_Steve_
Quote:
No, passwords never have been here. All are encrypted and salted.
|
With "encrypted" I hope you mean that they are run through a cryptographic hash function (after salt is applied). Also ideally the hash function should be safer than md5 as I remember reading somewhere that it has been cracked. |
|
Status: Offline |
|
|
HenryCase
| |
Re: Amigaworld.net hacked? Posted on 3-Oct-2018 8:36:05
| | [ #25 ] |
|
|
|
Cult Member |
Joined: 12-Nov-2007 Posts: 728
From: Unknown | | |
|
| @salass00 Highly unlikely that MD5 is being used for Amigaworld.net passwords, and even if it was it'd be necessary to steal the database that holds the passwords first, which would almost certainly be secured using a stronger password hashing algorithm. |
|
Status: Offline |
|
|
saimo
| |
Re: Amigaworld.net hacked? Posted on 3-Oct-2018 9:45:19
| | [ #26 ] |
|
|
|
Elite Member |
Joined: 11-Mar-2003 Posts: 2453
From: Unknown | | |
|
| @HenryCase
Quote:
The real mystery here is how the Amigaworld.net password was obtained. As saimo has suggested that he doesn't use this password on other sites, the only plausible explanations (so far) are:
1. This was the password in use during the 2012 Amigaworld.net data breach.
2. There has been a more recent data breach at Amigaworld.net.
3. saimo logged into Amigaworld.net on a computer with a keylogger running.
I'd add a new possibility to this list:
4. saimo logged into Amigaworld.net via a compromised network (e.g. a spoofed WiFi network at a coffee shop).
The topic was raised to address point 2. If points 1, 3 and 4 are not valid, then that only leaves point 2 (unless someone comes up with another explanation for how the password could have been obtained).
@saimo, regarding the keylogger and compromised network possibilities, have you ever logged into Amigaworld.net when you're not at home? |
Regarding point 1: I can't remember the details, but I'm pretty sure that after the breach I changed the password (and possibly the email; chances are that I changed the email also afterwards).
Regarding point 4: I access the internet exclusively from home, with this machine (running both Windows and Linux) and an AmigaOne cabled to the router (well, actually the AmigaOne is not connected anymore since a month or so) - and, no, I don't have a mobile/tablet.
Regarding point 3: I guess that a malicious keylogger would have been detected by the antivirus scans I made; but, even if it had escaped, it should have been running at the time when I set the email address, which would be quite a long time ago (one or more years, probably) - it would be weird if the hackers remembered about it only now.
@all
Please don't miss the fact that wakido (earlier post) and Birbo (post below) reported that the same happened to them.Last edited by saimo on 03-Oct-2018 at 11:06 AM. Last edited by saimo on 03-Oct-2018 at 11:05 AM. Last edited by saimo on 03-Oct-2018 at 09:46 AM.
_________________ RETREAM - retro dreams for Amiga, Commodore 64 and PC |
|
Status: Offline |
|
|
Birbo
| |
Re: Amigaworld.net hacked? Posted on 3-Oct-2018 10:19:03
| | [ #27 ] |
|
|
|
Cult Member |
Joined: 5-Apr-2007 Posts: 594
From: Zurich, Switzerland | | |
|
| @saimo
Same happened to me (e-Mail was in SPAM-Folder).
My Password must have been taken from Amigaworld.net. I'm not using it anywhere else.
_________________ Sometimes we give people a lot of credit just because they’re writing nice sentences even if it isn’t adding up to much. |
|
Status: Offline |
|
|
saimo
| |
Re: Amigaworld.net hacked? Posted on 3-Oct-2018 11:05:02
| | [ #28 ] |
|
|
|
Elite Member |
Joined: 11-Mar-2003 Posts: 2453
From: Unknown | | |
|
| @Birbo
Quote:
Same happened to me (e-Mail was in SPAM-Folder).
My Password must have been taken from Amigaworld.net. I'm not using it anywhere else.
|
Thanks for the additional feedback!_________________ RETREAM - retro dreams for Amiga, Commodore 64 and PC |
|
Status: Offline |
|
|
wakido
| |
Re: Amigaworld.net hacked? Posted on 3-Oct-2018 13:36:14
| | [ #29 ] |
|
|
|
New Member |
Joined: 20-Nov-2009 Posts: 4
From: Unknown | | |
|
| @_Steve_
Hmm interesting. My old password was an easy decode probably. But interesting that it’s never been stored as plain text. Them knowing a password and email I used here exclusively surely looks at a data breach from aw.
It may have been a long time back. It must be years since I changed my aw password |
|
Status: Offline |
|
|
Hypex
| |
Re: Amigaworld.net hacked? Posted on 3-Oct-2018 15:46:11
| | [ #30 ] |
|
|
|
Elite Member |
Joined: 6-May-2007 Posts: 11209
From: Greensborough, Australia | | |
|
| @saimo
Yes, I know what they "offer" but I don't trust the use of the word "data". They pretty much state they will erase all your data. I draw a double meaning from this. I bet, just for laughs, they would take someones money and erase all their files if they could. That's how they like to work. Steal money then lock out the user from logging in. Happened to a friend of mine and they wrecked the login by disabling accounts so login was totally broken. The trend now to hack into and corrupt the data with encryption then demand a ransom. |
|
Status: Offline |
|
|
halbvier
| |
Re: Amigaworld.net hacked? Posted on 5-Nov-2018 21:47:14
| | [ #31 ] |
|
|
|
New Member |
Joined: 15-Apr-2015 Posts: 2
From: Unknown | | |
|
| Hello Folks,
today I got a nice jerking off email ... and so on. With a spam-level ''minus 9.1'' WOW
He tells me my password ... this is unique from here. The email-adress is, sorry, for a few community-sides.
I have checked my email-adress here https://sec.hpi.de/ilc/ at the moment it not compromised.
But since today I know it's the calm before the storm.
Check your system. Tapatalk ? Other services pass thru ? Facebook ?
Mmmh, no, it's got to be a theft in one piece. Because I haven't been online for many months.
Hope it helps |
|
Status: Offline |
|
|
NutsAboutAmiga
| |
Re: Amigaworld.net hacked? Posted on 5-Nov-2018 22:01:00
| | [ #32 ] |
|
|
|
Elite Member |
Joined: 9-Jun-2004 Posts: 12817
From: Norway | | |
|
| @_Steve_
First of all md5 sum is cracked, hackers have collected md5 hash'es for years, stored this database, so you can do reverse look up, at least for common passwords, it won't be hard find out what some password are in database.
https://md5.gromweb.com/
More information about this: https://www.forbes.com/sites/leemathews/2017/12/11/billion-hacked-passwords-dark-web/#52081d3421f2
1) Who can have access to web page like this, well the hosting provider might have access to web pages, who works for hosting provider, can you trust the employs of hosting provider?
2) is possible to embed javascripts in forum post on Amigaworld? if so then some might stolen your cookies, not actually accessed the database, web browser and some pages offers to save your password in cookies.
https://null-byte.wonderhowto.com/how-to/write-xss-cookie-stealer-javascript-steal-passwords-0180833/
3) The web browser, password manager, if you have installed program on your PC, the program might have accesses the password manager database.
4) Password manager programs written by someone you do not know who is. Way do every one think that it is good idea download program form mister anonymous, and store you passwords in mister anonymous password manager.
5) SQL injection, lots of web pages are badly coded, maybe using badly coded engine from someone who does not have clue.
Last edited by NutsAboutAmiga on 05-Nov-2018 at 10:22 PM. Last edited by NutsAboutAmiga on 05-Nov-2018 at 10:18 PM. Last edited by NutsAboutAmiga on 05-Nov-2018 at 10:16 PM. Last edited by NutsAboutAmiga on 05-Nov-2018 at 10:09 PM.
_________________ http://lifeofliveforit.blogspot.no/ Facebook::LiveForIt Software for AmigaOS |
|
Status: Offline |
|
|
NutsAboutAmiga
| |
Re: Amigaworld.net hacked? Posted on 5-Nov-2018 22:20:41
| | [ #33 ] |
|
|
|
Elite Member |
Joined: 9-Jun-2004 Posts: 12817
From: Norway | | |
|
| |
Status: Offline |
|
|
halbvier
| |
Re: Amigaworld.net hacked? Posted on 5-Nov-2018 22:37:54
| | [ #34 ] |
|
|
|
New Member |
Joined: 15-Apr-2015 Posts: 2
From: Unknown | | |
|
| @NutsAboutAmiga all your links have lot of clicks until you can read anything. WOW ... security ? ... or get I tomorrow a washmachine? My little english helps me not really.
---
However ... fact : - since many, many month (two three years?) no login here. (no man in the middle, no injection...) - really unique password (not 12345 not password...)
And again: here is a problem. It has to check ! Last edited by halbvier on 05-Nov-2018 at 10:39 PM.
|
|
Status: Offline |
|
|
Cyborg
| |
Re: Amigaworld.net hacked? Posted on 6-Nov-2018 8:29:39
| | [ #35 ] |
|
|
|
Regular Member |
Joined: 26-Nov-2003 Posts: 424
From: Germany | | |
|
| @saimo
I can add at least two more compromised aw.net accounts, which use exclusive email addresses and passwords. I wager to say it is clear that the aw.net database was compromised/breached and that passwords were not as strongly encrypted as assumed.
As long as the breach or rather the underlying vulnerability is not fixed, there is no sense in changing any passwords here on aw.net, because it can leak again at any point in time.
Those of you not using site exclusive passwords should rather change the passwords on all _other_ sites (preferably to something exclusive) and live with the "burned" aw.net password until the site is secure again.
_________________ Regards, Cyborg. AmigaOS4 development team member
"In the beginning was CAOS.." -- Andy Finkel, 1988 (ViewPort article, Oct. 1993) |
|
Status: Offline |
|
|
broadblues
| |
Re: Amigaworld.net hacked? Posted on 6-Nov-2018 10:57:48
| | [ #36 ] |
|
|
|
Amiga Developer Team |
Joined: 20-Jul-2004 Posts: 4446
From: Portsmouth England | | |
|
| @saimo
I've recived a gazilion of these scam emails. When they quote a password it's always a password I used on this site (and others of a similar type) before the 2012 data breach, and has never been any of my recent passwords nor one of my batch of 'secure passwords' (ones I used on critical sites like banks etc so never reused on other sites).
So I think this data was stolen and in the original and known 2012 data breach and not since.
Don't over panick, do use diferent passwords on non critical social media than on more important sites.
_________________ BroadBlues On Blues BroadBlues On Amiga Walker Broad |
|
Status: Offline |
|
|
broadblues
| |
Re: Amigaworld.net hacked? Posted on 6-Nov-2018 11:14:48
| | [ #37 ] |
|
|
|
Amiga Developer Team |
Joined: 20-Jul-2004 Posts: 4446
From: Portsmouth England | | |
|
| @broadblues
Uh Oh! Just checked my spam folder and just today I got an email using the new password! So the site has defintely been recently rehacked and my statement above is out of date. Bah!
Last edited by broadblues on 06-Nov-2018 at 11:17 AM.
_________________ BroadBlues On Blues BroadBlues On Amiga Walker Broad |
|
Status: Offline |
|
|
saimo
| |
Re: Amigaworld.net hacked? Posted on 6-Nov-2018 11:23:02
| | [ #38 ] |
|
|
|
Elite Member |
Joined: 11-Mar-2003 Posts: 2453
From: Unknown | | |
|
| @ Cyborg broadblues
Thanks for the additional feedback.
@all
Make sure you don't use the same email/password anywhere else.
@admins
Please keep us posted. _________________ RETREAM - retro dreams for Amiga, Commodore 64 and PC |
|
Status: Offline |
|
|
Robert
| |
Re: Amigaworld.net hacked? Posted on 6-Nov-2018 12:07:23
| | [ #39 ] |
|
|
|
Cult Member |
Joined: 10-Mar-2003 Posts: 879
From: Glasgow | | |
|
| Well, this doesn't look good.
Might be an idea to put an alert on the front page telling users to take the usual steps.
I just checked my account and the email address associated with it is one that ceased to be many years ago so I'm guessing that's why I haven't had anything through but not so much luck for everyone else.
_________________ Robert -- A1XE G4, OS4.1. Peg1 G3, MOS 1.4. Abel Soul - Check out our tunes on Spotify |
|
Status: Offline |
|
|
spud101
| |
Re: Amigaworld.net hacked? Posted on 6-Nov-2018 12:20:54
| | [ #40 ] |
|
|
|
Member |
Joined: 4-Aug-2016 Posts: 83
From: Unknown | | |
|
| It is extremely disgraceful how the Amigaworld.net admins are handling this situation.
First of all if AW claims to be GDPR compliant (which they should), they also have an obligation to inform authorities about a data breach, which I'm pretty sure they didn't.
Next to that, since this is happening more often, I would expect them to temporarily put the site offline until the dataleak has been fixed to protect their users and themselves.
Even worse, if AW is indeed (partly) owned by A-EON as is stated under privacy, this is going to give A-EON a very bad reputation with such a lacking (if existing at all) security policy.
Of course I can partly understand, our beloved Amiga platform is so obscure it automatically implies Security through obscurity. However this can not be said about public websites in the real world.
|
|
Status: Offline |
|
|