Not being exspecialy prolific poster here I should say that I have also had these messages and like others use a junk email address, what is interesting is they all have virtually the same text except the bitcoin account number, so they are basically just a bunch of annoying chancers.

Wm.

@broadblues

Quote:

I've recived a gazilion of these scam emails. When they quote a password it's always a password I used on this site (and others of a similar type) before the 2012 data breach, and has never been any of my recent passwords nor one of my batch of 'secure passwords' (ones I used on critical sites like banks etc so never reused on other sites).

I have got this email too but their password was slightly wrong. Like, they were stating my password is "foobar512" when real password is "foobar216". Actual password was more complex than that but you get the idea.

Clearly they have got email+hash and made up cleartext password using brute force method.

_________________
Amiga Developer
Amiga 500, Efika, Mac Mini and PowerBook

@amigakit Quote:

amigakit wrote: @spud101 AmigaWorld has nearly 6000 accounts on the database (probably only a percentage these days is active). In this thread I have read through and counted 8 users who are reporting problems. There have been no reports to privacy@a-eon.co.uk so far which is the official channel to relay any privacy questions or alerts/reports.

Not writing in this thread does NOT mean that people are uninterested on it (in fact, there already 3367 views), or unaffected by this breach.

@Bagins Quote:

Bagins wrote: Not being exspecialy prolific poster here I should say that I have also had these messages and like others use a junk email address, what is interesting is they all have virtually the same text except the bitcoin account number, so they are basically just a bunch of annoying chancers. Wm.

@itix Quote:

itix wrote: @broadblues Quote: I've recived a gazilion of these scam emails. When they quote a password it's always a password I used on this site (and others of a similar type) before the 2012 data breach, and has never been any of my recent passwords nor one of my batch of 'secure passwords' (ones I used on critical sites like banks etc so never reused on other sites). I have got this email too but their password was slightly wrong. Like, they were stating my password is "foobar512" when real password is "foobar216". Actual password was more complex than that but you get the idea. Clearly they have got email+hash and made up cleartext password using brute force method.

Same here: received a nice e-mail stating that the password for my e-mail was blahblahblah (actually not exactly the same, but a much simplified one) and to pay in bitcoins.

It's clearly a brute force attack, and I think that ALL users here were affected.

Yea, I also got the mail and the password few days ago, but as someone else said, it was in the spam folder and could have gone unnoticed. I guess many don't notice it because of that or they just want to be silent and look how thing progresses/escalates (like I was going to).

_________________
- The wiki based MorphOS Library - Your starting point for MorphOS
- Software made by jPV^RNO

ALL USERS PLEASE READ IN FULL - IMPORTANT SITE INFORMATION

It has recently been reported by a dozen users here that they have received spam emails citing their actual password and names and trying to exhort bitcoin payment from them.

Some of these passwords in the spam email are the same as used here for their AmigaWorld user account login.

Our System Administrator has checked the AmigaWorld.net server and so far found no evidence of a data breach. However, despite the high standards of security for the AmigaWorld.net server, we are continuing to take these reports very seriously and have already put in process some measures to enhance security.

The password database encryption has been updated. When any user logs in next, you will receive a brief message confirming that your password has been updated to the higher level of encryption.

Additionally we will be introducing a new mandatory standard for passwords shortly:

- minimum of one upper case character
- minimum of one number
- minimum of eight characters

It is come to our attention that some users here have not upgraded their password in many years.


We would ask all users to do the following with immediate effect:

* change your password immediately to the new standard above
* select a secure password that is truly unique to AmigaWorld.net - do not reuse password previously/currently used on other websites.


Any questions or reports should be made privacy@a-eon.co.uk as per this websites privacy policy.

Last edited by Amigaworld.net on 10-Nov-2018 at 12:04 PM.

If you've ever used hashcat on a GPU, you'll be aware that breaking passwords by brute force is becoming trivial for anything with less than 8 characters. Dictionary attacks are also back in force after several large password sets were leaked. These run in permutation mode where all the obvious substitutions are brute forced for each word and sets of words are tried together.

The answer is, use a password manager and totally random passwords. Failing that, the longest passphrase you can remember, include punctuation and include some non obvious symbols in the middle of words to break them up in ways that permutation attacks won't think of (as it increases the search space too much).

If your password is less than 12 characters mixed case and/or based on dictionary words, you should be embarrassed; it's probably cracked somewhere already. And never, ever use the same password in two places. For all you know, it has been saved as plaintext.

Last edited by Karlos on 10-Nov-2018 at 01:04 PM.

_________________
Doing stupid things for fun...

I got one of these extortion emails just yesterday, and given the email & password used, this is the 1st place I came to check on a hacking issue, so email & password have both been changed..... will have to see if the scumbag can still get the new info......

Hi Sibbi

Here it consistently gives me the blank refresh header and link when I login from the home page (using https://amigaworld.net) with IBrowse 2.4 (haven't tried other browsers).

When I logout however, the redirection works as intended.

Quote:

Yeah I noticed this once, but when I tried to reproduce it, it did not do it again

_________________
AlexC's free OS4 software collection

AmigaOne XE/X1000/X5000/UAE-PPC OS4 laptop/X-10 Home Automation

@AlexC

Tried this numerous times today, managed to reproduce it a couple of times

This is one of those Xoops oddities where it's relying on a global variable that is sometimes not set, I've (hopefully) fixed it, can you try again?

_________________
---
Sibbi

Disclaimer:
The opinions stated do not neccesarily represent those of my employer.

@jPV

Yeah, the Xoops code uses a global variable called $redir which is supposed to get populated on initial page load, it seems to break in that instance, and in some others as well probably, the code isn't pretty, I rewrote that particular piece of code and I've tested this particular case and it seems to work now.

_________________
---
Sibbi

Disclaimer:
The opinions stated do not neccesarily represent those of my employer.

Im personally, not convinced by any of this.

I had one of those emails, yet the password was one character wrong (to my amigaworld.net and microsoft account). They were using a password I had long since stopped using. So obviously they are using a leaked / hacked DataBase from an old site I had forgotten I ever registered at or used.

I think this is all just coincidence and blown out of all preportion. I had been using the same password since I joined Microsoft gaming zone back in 1998. I have not seen any proof that Amigaworld has ever been hacked.

Another point, why only some people. Why not every member. Seems really strange to me.

Last edited by F0L on 12-Nov-2018 at 01:41 PM.

_________________
FOL - PSPUAE Admin / Dev

@sibbi

Would you have the possibility to migrate AW.net to a more modern version of xoops?
Or switch to something else completely, like phpBB?

@Raziel

It's been discussed a bit through the years

First of all, we have some custom modules that would need to be re-hacked into later versions (or we would lose the functionality)

Second we'd need to port the forums over to a newer version, and we'd probably lose the ability to support non CSS capable browsers.

Third I simply don't have the time for the task, I'm sure if a capable developer stepped forward this could be done in a matter of weeks, potentially with some things we'd give up while doing so

Kind regards,
Sibbi

_________________
---
Sibbi

Disclaimer:
The opinions stated do not neccesarily represent those of my employer.

@sibbi

Ah, ok...sorry, i keep forgetting the classic users :-/

and time==money like we all know

Thank you for getting back to me

People in the wider New Zealand and Australian computer community (i.e. anyone who uses the internet or has an email address) began getting these blackmail emails in September this year. A variation of the age old Sextortion scam.

I started getting emails of this type sent to an email address I rarely use these days. The password was one I used about 8 years ago and was not used for my AmigaWorld.net account. As a precaution, I've been changing all my online passwords but what I really want to know is how did the scammers know I was watching amiga p0rn!

TrevorD

_________________
No, I don't need no reason, I'm just breezin'

@TrevorDick

Considering I only used the password fed back to me in the hacker's email for the two main Amiga sites; it's either the AmigaWorld password hash sheet that's been hacked or Amiga.org has been compromised.

Since Amiga.org has been overhauled recently I would say the finger of blame points squarely at the antiquated MD5 encryption technology in use until recently on AmigaWorld. In addition, I bet it's also been caused by the inability for moderators to see any other website vulnerabilities due to out of date code being used which is cluttered / unreferenced with custom hacked together modules that are complicated to unpick / rebuild and a general apathy to progress in order to appease Classic Amiga Web Browser users

_________________
"Art challenges technology. Technology inspires the art."
John Lasseter, Co-Founder of Pixar Animation Studios

@BigD

My 5 year old GPU can execute md5 sums of strings of 16 characters faster than my 040 can execute instructions.

_________________
Doing stupid things for fun...

Quote:

Karlos wrote: My 5 year old GPU can execute md5 sums of strings of 16 characters faster than my 040 can execute instructions.

Not surprising. The 68040 uses about 1,170,000 transistors while modern GPUs and smartphone SoCs are around 10,000,000,000 transistors. To be a fairer comparison, about 8747 68040 cores would be needed or 4000 68060 cores (modern die sizes provide shorter wire distances and faster switching transistors but this provides some perspective). It is amazing that those old 68k CPUs are able to do most of the work of the newer CPUs and GPUs and that AmigaOS is being developed (and fought over) to support them. Technology which is not updated falls behind no matter how good and ahead of its time it was.

@matthey

It wasn't intended as a slight at the 68040, more a point about just how weak md5 is. Moreover, we are talking throughputs of the order of billions of md5 hashes per second here. That puts all possible 7 character passwords (mixed case, alpha numeric with punctuation) within a couple of hours for brute force alone. If you use dictionary attacks with common cipher permutations and one of the various leaked password lists, you can crack many longer examples in a dew days.

TLDR, Use random long passwords via a good password manager and have one strong password for that. And never the same password twice.

_________________
Doing stupid things for fun...

@Karlos

Well, I finally got one of these - dated the 15th of Nov, which is after I changed my aw.net password. They got the old password right, and my email address, but didn't mention aw.net as the source, just a lot of crap about hacking my system and even my camera !

So it looks like the result of an old exploit at aw.net.

_________________
cheers
tony

Hyperion Support Forum: http://forum.hyperion-entertainment.biz/index.php