Jump to content


Photo

Public service warning: Forum passwords hacked?


  • Please log in to reply
25 replies to this topic

#1 Springheel

Springheel

    Creative Director (retired)

  • Admin
  • 37752 posts

Posted 20 March 2019 - 07:22 AM

I got an email last night with my real name and the forum password in the subject header.  It was a blackmail email claiming to have compromising videos that would be released if I didn't pay bitcoin.  I checked where the message came from and it traveled through the thedarkmod.com domain.  I have heard from at least one other person with a forum account that they got a similar email.  That, and the fact that I don't use my forum password in very many other places leads me to believe that Wordpress or the forum may have been hacked somehow.

 

Obviously, if you receive an email like this, don't respond to it.  I suspect it's automated, but if you use the same login info here that you do on important sites, you may want to change it on those sites.  I'm not sure whether changing your password on the forums is a good idea yet or not.  I've contacted taaaki about it.

 

If you did or do get such an email, please let us know here.


TDM Missions:   A Score to Settle   *   A Reputation to Uphold   *   A New Job   *    A Matter of Hours
 
Video Series:   Springheel's Modules   *   Speedbuild Challenge   *   New Mappers Workshop  *   Building Traps

#2 grayman

grayman

    Master Builder, Coder

  • Active Developer
  • PipPipPipPipPip
  • 12922 posts

Posted 20 March 2019 - 07:24 AM

Thanks for the warning.

#3 demagogue

demagogue

    Mod hero

  • Active Developer
  • PipPipPipPipPip
  • 5500 posts

Posted 20 March 2019 - 07:28 AM

Thanks for the update.

 

Cue "This is why we can't have nice things". -_-


Posted Image

#4 Goldwell

Goldwell

    Team Member

  • Active Developer
  • PipPipPipPip
  • 2500 posts

Posted 20 March 2019 - 07:53 AM

Does wordpress support two step verification for login? I would feel more secure knowing we required a code sent to our personal email in order to be able to login. That way even if someone gained our login details they couldn't get very far unless they also had access to our email (which if you have gmail is very hard to do nowadays given the amount of security protection they use).

 

Btw if anyone wants to check if their details have been leaked online a great resource I use is: https://haveibeenpwned.com/

 

It details what leaked databases your email address is apart of and to what extent the information was leaked.


  • AluminumHaste likes this

The Accountant
Part 1: Thieves and Heirs | Part 2: New In town

 

Shadows of Northdale Campaign

ACT I | ACT II
 
Stand Alone Missions
Lord Edgar's Bathhouse | Spring Cleaning


#5 OrbWeaver

OrbWeaver

    Mod hero

  • Active Developer
  • PipPipPipPipPip
  • 7641 posts

Posted 20 March 2019 - 09:29 AM

*
POPULAR

I'd feel a lot more secure if the forum was actually using HTTPS, like almost everything else does these days. Not seeing a green padlock on a URL which is accepting login and password information is very worrying.


  • AluminumHaste, HMart, Anderson and 3 others like this

#6 taaaki

taaaki

    Forum Hoster

  • Root
  • 829 posts

Posted 20 March 2019 - 11:22 AM

I'm looking into it now. I haven't received anything on my account, so I don't have a sample mail to have a look at. This kind of blackmail message seems to be fairly common at the moment, but I've not seen one where it includes the password. The To address is usually spoofed so it's unlikely that it originated from the TDM servers - the full email headers will show where it came from. If someone is willing to share the headers of such an email with me (removing anything sensitive), I'd appreciate it.

 

I think it's a good idea to reset your password on the forums (and wordpress if you have an account there). And maybe make a more visible notice to the forum users that there may have been a breach and that passwords should be reset.

 

I'd feel a lot more secure if the forum was actually using HTTPS, like almost everything else does these days. Not seeing a green padlock on a URL which is accepting login and password information is very worrying.

I've been planning on doing this for a while for all the services [wiki | bugs | forums | www | etc.] and I already have the certs via Let's Encrypt, but I've been neglecting the TDM admin stuff due to life things. Will see if I can at least get this done soonish. This is also important single Google will start or has already started deranking results from insecure sites.


I am the bat. The night is mine.


#7 Filizitas

Filizitas

    Member

  • Member
  • PipPip
  • 61 posts

Posted 20 March 2019 - 11:36 AM

I have sent you a raw version of the email. I cant do more.


Can we have more scary Zombie Horror maps?


#8 taaaki

taaaki

    Forum Hoster

  • Root
  • 829 posts

Posted 20 March 2019 - 11:47 AM

Some background on this scam: http://www.thedailys...rtion-by-email/


I am the bat. The night is mine.


#9 OrbWeaver

OrbWeaver

    Mod hero

  • Active Developer
  • PipPipPipPipPip
  • 7641 posts

Posted 20 March 2019 - 12:12 PM

I even saw one of those boilerplate extortion spams appear on the Linux Kernel Mailing List archive. It was under "Hottest messages" for a while, although I can't find it now.



#10 HMart

HMart

    Advanced Member

  • Member
  • PipPipPip
  • 821 posts

Posted 20 March 2019 - 03:16 PM

I don't see any email like that on my inbox so should I be worried?

 

Btw my password is unique to this forum and I assume that if they get it, they can't do anything, unless i sign out? I never do. Also going to https://haveibeenpwned.com/  it seems my email is already out there but I always thought so, in this day and age there's no way someone can protect their email 100%.


  • stgatilov likes this

#11 Springheel

Springheel

    Creative Director (retired)

  • Admin
  • 37752 posts

Posted 20 March 2019 - 03:44 PM

Given that this scam has been around for a while and there aren't lots of people from the forum reporting this, it probably isn't coming from here.


TDM Missions:   A Score to Settle   *   A Reputation to Uphold   *   A New Job   *    A Matter of Hours
 
Video Series:   Springheel's Modules   *   Speedbuild Challenge   *   New Mappers Workshop  *   Building Traps

#12 Aosys

Aosys

    Member

  • Member
  • PipPip
  • 248 posts

Posted 20 March 2019 - 06:17 PM

I too seem to have been spared from this scam, and checking my email on that site yields no results (thankfully!). So I guess we're okay for now? Still, it'll be nice to see the forums moving to HTTPS, if that is indeed in the works.



#13 lowenz

lowenz

    Uber member

  • Member
  • PipPipPipPip
  • 2050 posts

Posted 20 March 2019 - 07:21 PM

No emails here.


Task is not so much to see what no one has yet seen but to think what nobody has yet thought about that which everybody see. - E.S.


#14 stumpy

stumpy

    Advanced Member

  • Member
  • PipPipPip
  • 1933 posts

Posted 20 March 2019 - 07:42 PM

i get these emails, but I don't have a webcam, so they are obviously not recording anything, the way they know you read the email is usually a white dot hosted on a hacked website that is in the email the software on the hacked website knows when the image has been accessed, but not by who, if you've got your email set to block images, then the dot in the email doesn't work.



#15 Sotha

Sotha

    Vertical Contest Winner

  • Active Developer
  • PipPipPipPipPip
  • 5664 posts

Posted 21 March 2019 - 12:52 AM

I have not received any threats to the e-mail associated with this site.
Clipper
-The mapper's best friend.

#16 Destined

Destined

    Advanced Member

  • Member
  • PipPipPip
  • 1692 posts

Posted 21 March 2019 - 01:35 AM

I have an account on Wordpress as well, but also have not received any e-mails of this kind (or maybe they landed in my spam folder; cannot completely exclude that).



#17 Epifire

Epifire

    Advanced Member

  • Active Developer
  • PipPipPip
  • 575 posts

Posted 21 March 2019 - 03:46 AM

I actually haven't seen any of these e-mails either. 


You need a model? Epi does you a model.

 

Toss me a PM I promise I don't bite.

 

 


#18 Anderson

Anderson

    Advanced Member

  • Member
  • PipPipPip
  • 1187 posts

Posted 21 March 2019 - 04:02 AM

No such mail arrived for the moment.


 "I really perceive that vanity about which most men merely prate — the vanity of the human or temporal life. I live continually in a reverie of the future. I have no faith in human perfectibility. I think that human exertion will have no appreciable effect upon humanity. Man is now only more active — not more happy — nor more wise, than he was 6000 years ago. The result will never vary — and to suppose that it will, is to suppose that the foregone man has lived in vain — that the foregone time is but the rudiment of the future — that the myriads who have perished have not been upon equal footing with ourselves — nor are we with our posterity. I cannot agree to lose sight of man the individual, in man the mass."...

 

 

- 2 July 1844 letter to James Russell Lowell from Edgar Allan Poe.

 


#19 stumpy

stumpy

    Advanced Member

  • Member
  • PipPipPip
  • 1933 posts

Posted 21 March 2019 - 05:35 AM

i haven't as yet recieved an email containing my password for this site.

although I have recieved those blackmail emails due to having an account on linkedin when it was hacked, and carphonewarehouse when they were hacked, and the makers of the witcher games when they were hacked, and some other websites when they were hacked. when those site stored the passwords as plaintext, instead of encrypted.


  • stgatilov likes this

#20 Diego

Diego

    Modeler

  • Member
  • PipPipPip
  • 1224 posts

Posted 21 March 2019 - 03:53 PM

I didn't receive anything from this forum, but I did get this scam from other sites before. Needless to say, although the email is a scam the information leak seems real. It's password changing time.



#21 AluminumHaste

AluminumHaste

    Darkmod Contributor

  • Development Role
  • PipPipPipPipPip
  • 6306 posts

Posted 21 March 2019 - 10:39 PM

I got an email last night with my real name and the forum password in the subject header.  It was a blackmail email claiming to have compromising videos that would be released if I didn't pay bitcoin.  I checked where the message came from and it traveled through the thedarkmod.com domain.  I have heard from at least one other person with a forum account that they got a similar email.  That, and the fact that I don't use my forum password in very many other places leads me to believe that Wordpress or the forum may have been hacked somehow.

 

Obviously, if you receive an email like this, don't respond to it.  I suspect it's automated, but if you use the same login info here that you do on important sites, you may want to change it on those sites.  I'm not sure whether changing your password on the forums is a good idea yet or not.  I've contacted taaaki about it.

 

If you did or do get such an email, please let us know here.

 

https://haveibeenpwned.com/


I always assumed I'd taste like boot leather.

 

#22 nbohr1more

nbohr1more

    Darkmod PR, Wordsmith

  • Development Role
  • PipPipPipPipPip
  • 9500 posts

Posted 22 March 2019 - 12:20 AM

I wouldn't presume that anyone seeing this is compromised.

 

I actually work in email defense and this trend is paired with Spammers who are finding loopholes in anti-spoof policies in the Spam Filter servers.

Any company that accidentally white-lists hostnames or IP addresses (without pairing them together and\or using other attributes) to validate authenticity will get these messages.

 

Too many companies are too worried about losing email messages from legitimate senders so they weaken their email filtering security settings

to ludicrously low and obsolete standards. (Allow no SSL or allow SSLv3 etc, no SPF, no DMARC, continue messages from known bad IP addresses, etc).

 

Now this silly stance is bearing it's fruit.


  • Anderson likes this
Please visit TDM's IndieDB site and help promote the mod:

http://www.indiedb.c...ds/the-dark-mod

(Yeah, shameless promotion... but traffic is traffic folks...)

#23 AluminumHaste

AluminumHaste

    Darkmod Contributor

  • Development Role
  • PipPipPipPipPip
  • 6306 posts

Posted 22 March 2019 - 06:51 AM

On the flip side, I'm tired of getting yelled at because some corporate douche can't get his legit emails so we set their reject level to 10 instead of 5 and they get their stuff, and all the spam too.

It's not simple problem, can't just block all of it.


  • Anderson likes this

I always assumed I'd taste like boot leather.

 

#24 OrbWeaver

OrbWeaver

    Mod hero

  • Active Developer
  • PipPipPipPipPip
  • 7641 posts

Posted 22 March 2019 - 10:56 AM

I just use GMail (as does my employer). I don't remember the last time I even saw a genuine spam. The only "spam" I get is from idiots who can't correctly type their own email address when signing up for things.

 

Oh, and once or twice I've received entire email threads intended for the famous Australian cricketer who shares my name.



#25 AluminumHaste

AluminumHaste

    Darkmod Contributor

  • Development Role
  • PipPipPipPipPip
  • 6306 posts

Posted 25 March 2019 - 08:15 PM

I just use GMail (as does my employer). I don't remember the last time I even saw a genuine spam. The only "spam" I get is from idiots who can't correctly type their own email address when signing up for things.

 

Oh, and once or twice I've received entire email threads intended for the famous Australian cricketer who shares my name.

 

There's an Australian named OrdWeaver? I can't find anything in Google..... :blink:


I always assumed I'd taste like boot leather.

 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users