Click Here
home features news forums classifieds faqs links search
6092 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
Home
Features
News
Forums
Classifieds
Links
Downloads
Extras
OS4 Zone
IRC Network
AmigaWorld Radio
Newsfeed
Top Members
Amiga Dealers
Information
About Us
FAQs
Advertise
Polls
Terms of Service
Search

IRC Channel
Server: irc.amigaworld.net
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
73 crawler(s) on-line.
 11 guest(s) on-line.
 0 member(s) on-line.



You are an anonymous user.
Register Now!
 DiscreetFX:  1 hr 58 mins ago
 agami:  2 hrs 11 mins ago
 ed:  2 hrs 38 mins ago
 amigang:  3 hrs 27 mins ago
 freak:  3 hrs 59 mins ago
 Trekiej:  4 hrs 46 mins ago
 _ThEcRoW:  5 hrs 47 mins ago
 Rob:  6 hrs 13 mins ago
 kolla:  7 hrs 12 mins ago
 matthey:  8 hrs 3 mins ago

/  Forum Index
   /  Website feedback and suggestions
      /  amigaworld.net logins in the "Collection #1" leak
Register To Post

Goto page ( 1 | 2 Next Page )
PosterThread
BaldGuy 
amigaworld.net logins in the "Collection #1" leak
Posted on 19-Jan-2019 10:13:38
#1 ]
Member
Joined: 11-Aug-2009
Posts: 28
From: Belgium


I found my amigaworld.net login information in the huge "Collection #1" leak. It's a combination of email and password I use exclusively here on this site, so it looks like amigaworld.net is compromised or was compromised at some point.

I recommend everyone to update their passwords immediately. The site administrators need to make sure the issue which lead to the leak of user data is resolved and all their users are informed accordingly.

_________________
AMIGA 500/EXT.FLOPPY
AMIGA 1200/030/50MHz/FPU/SCSI
AMIGA 4000/060/50MHz/SCSI/CYBERVISION
AMIGA CD32
AMIGA CDTV
AMIGA T-Shirt
AMIGA Mousepad
Commodore Underwear

 Status: Offline
Profile     Report this post  
pavlor 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 19-Jan-2019 10:38:28
#2 ]
Elite Member
Joined: 10-Jul-2005
Posts: 9247
From: Unknown

@BaldGuy

https://amigaworld.net/modules/news/article.php?storyid=8297

 Status: Offline
Profile     Report this post  
BaldGuy 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 19-Jan-2019 11:11:56
#3 ]
Member
Joined: 11-Aug-2009
Posts: 28
From: Belgium

@pavlor

This doesn't sound like they fixed the source of the leak or found the actual problem. So any new password set is in the same danger of getting exposed again and again. Updated hashing can be just a part of the solution.

That's probably where I would start: https://www.cvedetails.com/vulnerability-list/vendor_id-1081/product_id-1876/Xoops-Xoops.html

Also informing the users should be done by e-mail in this case. I didn't visit this site here since months, so I never would see this kind of random news item.

The situation could be handled better by the site administrators, IMHO.

Last edited by BaldGuy on 19-Jan-2019 at 11:16 AM.

_________________
AMIGA 500/EXT.FLOPPY
AMIGA 1200/030/50MHz/FPU/SCSI
AMIGA 4000/060/50MHz/SCSI/CYBERVISION
AMIGA CD32
AMIGA CDTV
AMIGA T-Shirt
AMIGA Mousepad
Commodore Underwear

 Status: Offline
Profile     Report this post  
BigD 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 19-Jan-2019 17:27:54
#4 ]
Elite Member
Joined: 11-Aug-2005
Posts: 5893
From: UK

@BaldGuy

I get at least 10 times the amount of spam emails that I used to get thanks to the AmigaWorld hack

_________________
"Art challenges technology. Technology inspires the art."
John Lasseter, Co-Founder of Pixar Animation Studios

 Status: Offline
Profile     Report this post  
_Steve_ 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 19-Jan-2019 23:30:31
#5 ]
Team Member
Joined: 18-Oct-2002
Posts: 6783
From: UK

@BigD

You keep stating that the problem is from a hack here, yet I have checked my own credentials against https://haveibeenpwned.com/ and they are not part of the Collection #1 data leak.

There are so many reasons that an e-mail address could have ended up on a spamlist which are not specific to a site or site database hack. Given the prevalence of these spam lists, it is hardly surprising that there has been an increase in spam over the years.

_________________
Test sig

 Status: Offline
Profile     Report this post  
BaldGuy 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 20-Jan-2019 8:01:21
#6 ]
Member
Joined: 11-Aug-2009
Posts: 28
From: Belgium

@_Steve_

here is the list with the compromised accounts with the Collection #5, nicely sorted in a single file:


Hashed obviously in this case. I don't want it to make too easy. But most of the logins are available in dehashed form in other files of the dump too. I found them in Collection 1 and Collection 5. Still working on the other dumps.

Also be aware that Troy Hunt's database is currently out-of-date or incomplete. I didn't get a notice for the amigaworld.net email+password combo either and I can't find this leaked password with Hunt's password check API. It's still in the leak obviously. So don't feel sure about anything.

Last edited by _Steve_ on 20-Jan-2019 at 02:42 PM.
Last edited by BaldGuy on 20-Jan-2019 at 08:02 AM.

_________________
AMIGA 500/EXT.FLOPPY
AMIGA 1200/030/50MHz/FPU/SCSI
AMIGA 4000/060/50MHz/SCSI/CYBERVISION
AMIGA CD32
AMIGA CDTV
AMIGA T-Shirt
AMIGA Mousepad
Commodore Underwear

 Status: Offline
Profile     Report this post  
Rose 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 20-Jan-2019 21:38:33
#7 ]
Cult Member
Joined: 5-Nov-2009
Posts: 908
From: Unknown

@BaldGuy

GDPR compliance in amigaworld way.

 Status: Offline
Profile     Report this post  
BigD 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 21-Jan-2019 0:30:57
#8 ]
Elite Member
Joined: 11-Aug-2005
Posts: 5893
From: UK

@_Steve_

The password the hackers have obtained was only ever used for AmigaWorld, the username too. The extra email spam is definitely from the AmigaWorld breach. At this point there is no point trying to cover this up. AmigaWorld account details WERE hacked and that is a fact! Sad but true

_________________
"Art challenges technology. Technology inspires the art."
John Lasseter, Co-Founder of Pixar Animation Studios

 Status: Offline
Profile     Report this post  
kamelito 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 21-Jan-2019 11:07:17
#9 ]
Cult Member
Joined: 26-Jul-2004
Posts: 764
From: Unknown

Same here :(

How can I close and delete my account (with the datas) here?

 Status: Offline
Profile     Report this post  
Hypex 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 22-Jan-2019 12:52:32
#10 ]
Elite Member
Joined: 6-May-2007
Posts: 10256
From: Greensborough, Australia

@_Steve_

I checked that and it flagged my email address. Might explain the extra crap I'm getting. But I also from time to time get emails from friends with the common Windows virus.

Last edited by Hypex on 23-Jan-2019 at 12:48 PM.
Last edited by Hypex on 23-Jan-2019 at 12:46 PM.

 Status: Offline
Profile     Report this post  
Daedalus 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 22-Jan-2019 12:59:59
#11 ]
Super Member
Joined: 14-Jul-2003
Posts: 1680
From: Glasgow - UK, Irish born

@BigD

Quote:

BigD wrote:

I get at least 10 times the amount of spam emails that I used to get thanks to the AmigaWorld hack

While I don't think anyone is denying the hack took place, I fail to see how the hack is related to an increase in spam. Why to spammers need your password? If they wanted to spam you, they'd just spam you.

If every new spam mail you get contains your password, then fine, it's coming from the hack. If it doesn't, then you're just receiving spam. Use a good spam filter and get over it.

_________________
RobTheNerd.com | InstallerGen | SMBMounter | Atoms-X

 Status: Offline
Profile     Report this post  
BigD 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 22-Jan-2019 15:13:38
#12 ]
Elite Member
Joined: 11-Aug-2005
Posts: 5893
From: UK

@Daedalus

Quote:
While I don't think anyone is denying the hack took place, I fail to see how the hack is related to an increase in spam.


Because a lot of them used my AmigaWorld nickname to start the message and the tenfold increase happened at the same time other people here reported the email pointing out our password had been hacked giving the AmigaWorld email. I have a Spam filter but it no longer catches everything post-AmigaWorld hack and yes I keep tagging the ones that get through as Spam.

_________________
"Art challenges technology. Technology inspires the art."
John Lasseter, Co-Founder of Pixar Animation Studios

 Status: Offline
Profile     Report this post  
Daedalus 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 22-Jan-2019 16:49:14
#13 ]
Super Member
Joined: 14-Jul-2003
Posts: 1680
From: Glasgow - UK, Irish born

@BigD

Well, maybe it's just me, but I've never once made the assumption that either my email address or my username were considered private on any website I've ever set up an account on. They're the public parts of the accounts that are associated with them, with the password making up the private part that isn't public.

Spam that uses your password to convince you that the sender has your credentials is what was reported by other users, and what makes such information valuable. Usernames and email addresses are often simply scraped by scripts without anything dodgy going on. It would be very strange for a spammer to *not* use the additional leverage of your password if they had access to it.

_________________
RobTheNerd.com | InstallerGen | SMBMounter | Atoms-X

 Status: Offline
Profile     Report this post  
BigD 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 22-Jan-2019 16:51:33
#14 ]
Elite Member
Joined: 11-Aug-2005
Posts: 5893
From: UK

@Daedalus

The fact remains that AmigaWorld is the weak point in all my online dealings. I DO consider my email private and resent it being part of a list gleaned from AmigaWorld servers.

_________________
"Art challenges technology. Technology inspires the art."
John Lasseter, Co-Founder of Pixar Animation Studios

 Status: Offline
Profile     Report this post  
_Steve_ 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 22-Jan-2019 23:07:37
#15 ]
Team Member
Joined: 18-Oct-2002
Posts: 6783
From: UK

@Rose

It is always amusing how people jump to their own conclusions or put words into someones mouth.

Any issues we have faced here have been handled fully in compliance with GDPR rules.

_________________
Test sig

 Status: Offline
Profile     Report this post  
Daedalus 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 23-Jan-2019 10:06:44
#16 ]
Super Member
Joined: 14-Jul-2003
Posts: 1680
From: Glasgow - UK, Irish born

@BigD

Quote:

BigD wrote:
@Daedalus

I DO consider my email private

Well then don't use it for public accounts on random websites. Simple.

I've set up email addresses before which have received spam before ever having been used for *anything*. Such spam can therefore only occur because spammers are generating email addresses on the fly and testing them to see which ones exist, or because the email server itself had some sort of leak. Getting access to a full list of usernames and passwords isn't the easiest way of obtaining a list of addresses.

_________________
RobTheNerd.com | InstallerGen | SMBMounter | Atoms-X

 Status: Offline
Profile     Report this post  
BigD 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 23-Jan-2019 10:27:24
#17 ]
Elite Member
Joined: 11-Aug-2005
Posts: 5893
From: UK

@Daedalus

Quote:
Getting access to a full list of usernames and passwords isn't the easiest way of obtaining a list of addresses.


And yet that's what they decided to do with the AmigaWorld hack. Look I don't disagree with you that SPAM comes from all manor of sources it's just that in this case I received a big jump in junk email when AmigaWorld was hacked. There has been a slight upgrade in the hashing procedure used to protect our information going forwards but beyond that we are left wondering what ancient vulnerabilities are left hidden under the hood of this site. Maybe AmigaKit got it right be completely upgrading their site and leaving the Classic web users behind?

Last edited by BigD on 23-Jan-2019 at 10:28 AM.

_________________
"Art challenges technology. Technology inspires the art."
John Lasseter, Co-Founder of Pixar Animation Studios

 Status: Offline
Profile     Report this post  
Daedalus 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 23-Jan-2019 11:30:35
#18 ]
Super Member
Joined: 14-Jul-2003
Posts: 1680
From: Glasgow - UK, Irish born

@BigD

But why would they go to such lengths just to get a list of spam addresses when they don't need to? You do realise that the email addresses most likely aren't encrypted at all, right? Because they're not considered a security issue, being public knowledge and all that.

Totally unsure what the relevance is of an aesthetic upgrade of a different website - security of user accounts has nothing to do with how flashy a page looks, but how well the back-end is developed and maintained. Two mostly separate disciplines which would typically be handled by different people with different skill sets.

_________________
RobTheNerd.com | InstallerGen | SMBMounter | Atoms-X

 Status: Offline
Profile     Report this post  
BigD 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 23-Jan-2019 11:56:43
#19 ]
Elite Member
Joined: 11-Aug-2005
Posts: 5893
From: UK

@Daedalus

Quote:
Totally unsure what the relevance is of an aesthetic upgrade of a different website -


Using newer technologies is inherently 'safer' than technologies that are limited to allow Classic Amiga browsing, are a few iterations of encription standards behind and therefore more easy to forcibly hack with modern computer power. I'd say that is very relevant and I'd expect emails to be encripted on ALL forums / customer databases.

For interest, do you list your email and mobile number on a public Facebook / LinkedIn page or regularly fly around with those details on a banner streaming out behind your private plane? That would be dumb although I guess self promotion and 'getting your name out there' is very important in the 21st century

Last edited by BigD on 23-Jan-2019 at 11:58 AM.

_________________
"Art challenges technology. Technology inspires the art."
John Lasseter, Co-Founder of Pixar Animation Studios

 Status: Offline
Profile     Report this post  
broadblues 
Re: amigaworld.net logins in the "Collection #1" leak
Posted on 23-Jan-2019 14:55:21
#20 ]
Amiga Developer Team
Joined: 20-Jul-2004
Posts: 4427
From: Portsmouth England

@BigD

Quote:


Using newer technologies is inherently 'safer' than technologies that are limited to allow Classic Amiga browsing, are a few iterations of encription standards behind and therefore more easy to forcibly hack with modern computer power.



With AmmiSSL 4 available that is not really the reason. The primary issue is that older CMS like the XOOOPS version in use potentially have vulnerabilties that script hackers can take advantage of but the newer CMS where these might be fixed do not support non CSS based layouts, so would require a lot of work to be viewable in AWeb or iBrowse.

_________________
BroadBlues On Blues BroadBlues On Amiga Walker Broad

 Status: Offline
Profile     Report this post  
Goto page ( 1 | 2 Next Page )

[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 Amigaworld.net.
Amigaworld.net was originally founded by David Doyle