Jump to content
The Dark Mod Forums
Sign in to follow this  
Springheel

Public service warning: Forum passwords hacked?

Recommended Posts

I got an email last night with my real name and the forum password in the subject header. It was a blackmail email claiming to have compromising videos that would be released if I didn't pay bitcoin. I checked where the message came from and it traveled through the thedarkmod.com domain. I have heard from at least one other person with a forum account that they got a similar email. That, and the fact that I don't use my forum password in very many other places leads me to believe that Wordpress or the forum may have been hacked somehow.

 

Obviously, if you receive an email like this, don't respond to it. I suspect it's automated, but if you use the same login info here that you do on important sites, you may want to change it on those sites. I'm not sure whether changing your password on the forums is a good idea yet or not. I've contacted taaaki about it.

 

If you did or do get such an email, please let us know here.

Share this post


Link to post
Share on other sites

Thanks for the update.

 

Cue "This is why we can't have nice things". -_-

Share this post


Link to post
Share on other sites

Does wordpress support two step verification for login? I would feel more secure knowing we required a code sent to our personal email in order to be able to login. That way even if someone gained our login details they couldn't get very far unless they also had access to our email (which if you have gmail is very hard to do nowadays given the amount of security protection they use).

 

Btw if anyone wants to check if their details have been leaked online a great resource I use is: https://haveibeenpwned.com/

 

It details what leaked databases your email address is apart of and to what extent the information was leaked.

  • Like 1

Share this post


Link to post
Share on other sites

I'm looking into it now. I haven't received anything on my account, so I don't have a sample mail to have a look at. This kind of blackmail message seems to be fairly common at the moment, but I've not seen one where it includes the password. The To address is usually spoofed so it's unlikely that it originated from the TDM servers - the full email headers will show where it came from. If someone is willing to share the headers of such an email with me (removing anything sensitive), I'd appreciate it.

 

I think it's a good idea to reset your password on the forums (and wordpress if you have an account there). And maybe make a more visible notice to the forum users that there may have been a breach and that passwords should be reset.

 

I'd feel a lot more secure if the forum was actually using HTTPS, like almost everything else does these days. Not seeing a green padlock on a URL which is accepting login and password information is very worrying.

I've been planning on doing this for a while for all the services [wiki | bugs | forums | www | etc.] and I already have the certs via Let's Encrypt, but I've been neglecting the TDM admin stuff due to life things. Will see if I can at least get this done soonish. This is also important single Google will start or has already started deranking results from insecure sites.

Share this post


Link to post
Share on other sites

I even saw one of those boilerplate extortion spams appear on the Linux Kernel Mailing List archive. It was under "Hottest messages" for a while, although I can't find it now.

Share this post


Link to post
Share on other sites

I don't see any email like that on my inbox so should I be worried?

 

Btw my password is unique to this forum and I assume that if they get it, they can't do anything, unless i sign out? I never do. Also going to https://haveibeenpwned.com/ it seems my email is already out there but I always thought so, in this day and age there's no way someone can protect their email 100%.

  • Like 1

Share this post


Link to post
Share on other sites

Given that this scam has been around for a while and there aren't lots of people from the forum reporting this, it probably isn't coming from here.

Share this post


Link to post
Share on other sites

I too seem to have been spared from this scam, and checking my email on that site yields no results (thankfully!). So I guess we're okay for now? Still, it'll be nice to see the forums moving to HTTPS, if that is indeed in the works.

Share this post


Link to post
Share on other sites

i get these emails, but I don't have a webcam, so they are obviously not recording anything, the way they know you read the email is usually a white dot hosted on a hacked website that is in the email the software on the hacked website knows when the image has been accessed, but not by who, if you've got your email set to block images, then the dot in the email doesn't work.

Share this post


Link to post
Share on other sites

I have not received any threats to the e-mail associated with this site.

Share this post


Link to post
Share on other sites

I have an account on Wordpress as well, but also have not received any e-mails of this kind (or maybe they landed in my spam folder; cannot completely exclude that).

Share this post


Link to post
Share on other sites

No such mail arrived for the moment.

Share this post


Link to post
Share on other sites

i haven't as yet recieved an email containing my password for this site.

although I have recieved those blackmail emails due to having an account on linkedin when it was hacked, and carphonewarehouse when they were hacked, and the makers of the witcher games when they were hacked, and some other websites when they were hacked. when those site stored the passwords as plaintext, instead of encrypted.

  • Like 1

Share this post


Link to post
Share on other sites

I didn't receive anything from this forum, but I did get this scam from other sites before. Needless to say, although the email is a scam the information leak seems real. It's password changing time.

Share this post


Link to post
Share on other sites

I got an email last night with my real name and the forum password in the subject header. It was a blackmail email claiming to have compromising videos that would be released if I didn't pay bitcoin. I checked where the message came from and it traveled through the thedarkmod.com domain. I have heard from at least one other person with a forum account that they got a similar email. That, and the fact that I don't use my forum password in very many other places leads me to believe that Wordpress or the forum may have been hacked somehow.

 

Obviously, if you receive an email like this, don't respond to it. I suspect it's automated, but if you use the same login info here that you do on important sites, you may want to change it on those sites. I'm not sure whether changing your password on the forums is a good idea yet or not. I've contacted taaaki about it.

 

If you did or do get such an email, please let us know here.

 

https://haveibeenpwned.com/

Share this post


Link to post
Share on other sites

I wouldn't presume that anyone seeing this is compromised.

 

I actually work in email defense and this trend is paired with Spammers who are finding loopholes in anti-spoof policies in the Spam Filter servers.

Any company that accidentally white-lists hostnames or IP addresses (without pairing them together and\or using other attributes) to validate authenticity will get these messages.

 

Too many companies are too worried about losing email messages from legitimate senders so they weaken their email filtering security settings

to ludicrously low and obsolete standards. (Allow no SSL or allow SSLv3 etc, no SPF, no DMARC, continue messages from known bad IP addresses, etc).

 

Now this silly stance is bearing it's fruit.

  • Like 1

Share this post


Link to post
Share on other sites

On the flip side, I'm tired of getting yelled at because some corporate douche can't get his legit emails so we set their reject level to 10 instead of 5 and they get their stuff, and all the spam too.

It's not simple problem, can't just block all of it.

  • Like 1

Share this post


Link to post
Share on other sites

I just use GMail (as does my employer). I don't remember the last time I even saw a genuine spam. The only "spam" I get is from idiots who can't correctly type their own email address when signing up for things.

 

Oh, and once or twice I've received entire email threads intended for the famous Australian cricketer who shares my name.

Share this post


Link to post
Share on other sites

I just use GMail (as does my employer). I don't remember the last time I even saw a genuine spam. The only "spam" I get is from idiots who can't correctly type their own email address when signing up for things.

 

Oh, and once or twice I've received entire email threads intended for the famous Australian cricketer who shares my name.

 

There's an Australian named OrdWeaver? I can't find anything in Google..... :blink:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...