Jump to content
The Dark Mod Forums

Public service warning: Forum passwords hacked?


Springheel

Recommended Posts

I got an email last night with my real name and the forum password in the subject header. It was a blackmail email claiming to have compromising videos that would be released if I didn't pay bitcoin. I checked where the message came from and it traveled through the thedarkmod.com domain. I have heard from at least one other person with a forum account that they got a similar email. That, and the fact that I don't use my forum password in very many other places leads me to believe that Wordpress or the forum may have been hacked somehow.

 

Obviously, if you receive an email like this, don't respond to it. I suspect it's automated, but if you use the same login info here that you do on important sites, you may want to change it on those sites. I'm not sure whether changing your password on the forums is a good idea yet or not. I've contacted taaaki about it.

 

If you did or do get such an email, please let us know here.

Link to comment
Share on other sites

Does wordpress support two step verification for login? I would feel more secure knowing we required a code sent to our personal email in order to be able to login. That way even if someone gained our login details they couldn't get very far unless they also had access to our email (which if you have gmail is very hard to do nowadays given the amount of security protection they use).

 

Btw if anyone wants to check if their details have been leaked online a great resource I use is: https://haveibeenpwned.com/

 

It details what leaked databases your email address is apart of and to what extent the information was leaked.

  • Like 1
Link to comment
Share on other sites

I'm looking into it now. I haven't received anything on my account, so I don't have a sample mail to have a look at. This kind of blackmail message seems to be fairly common at the moment, but I've not seen one where it includes the password. The To address is usually spoofed so it's unlikely that it originated from the TDM servers - the full email headers will show where it came from. If someone is willing to share the headers of such an email with me (removing anything sensitive), I'd appreciate it.

 

I think it's a good idea to reset your password on the forums (and wordpress if you have an account there). And maybe make a more visible notice to the forum users that there may have been a breach and that passwords should be reset.

 

I'd feel a lot more secure if the forum was actually using HTTPS, like almost everything else does these days. Not seeing a green padlock on a URL which is accepting login and password information is very worrying.

I've been planning on doing this for a while for all the services [wiki | bugs | forums | www | etc.] and I already have the certs via Let's Encrypt, but I've been neglecting the TDM admin stuff due to life things. Will see if I can at least get this done soonish. This is also important single Google will start or has already started deranking results from insecure sites.

I am the bat. The night is mine.

Link to comment
Share on other sites

I don't see any email like that on my inbox so should I be worried?

 

Btw my password is unique to this forum and I assume that if they get it, they can't do anything, unless i sign out? I never do. Also going to https://haveibeenpwned.com/ it seems my email is already out there but I always thought so, in this day and age there's no way someone can protect their email 100%.

  • Like 1
Link to comment
Share on other sites

Given that this scam has been around for a while and there aren't lots of people from the forum reporting this, it probably isn't coming from here.

Link to comment
Share on other sites

I too seem to have been spared from this scam, and checking my email on that site yields no results (thankfully!). So I guess we're okay for now? Still, it'll be nice to see the forums moving to HTTPS, if that is indeed in the works.

Link to comment
Share on other sites

i get these emails, but I don't have a webcam, so they are obviously not recording anything, the way they know you read the email is usually a white dot hosted on a hacked website that is in the email the software on the hacked website knows when the image has been accessed, but not by who, if you've got your email set to block images, then the dot in the email doesn't work.

  • Like 1
Link to comment
Share on other sites

No such mail arrived for the moment.

"I really perceive that vanity about which most men merely prate — the vanity of the human or temporal life. I live continually in a reverie of the future. I have no faith in human perfectibility. I think that human exertion will have no appreciable effect upon humanity. Man is now only more active — not more happy — nor more wise, than he was 6000 years ago. The result will never vary — and to suppose that it will, is to suppose that the foregone man has lived in vain — that the foregone time is but the rudiment of the future — that the myriads who have perished have not been upon equal footing with ourselves — nor are we with our posterity. I cannot agree to lose sight of man the individual, in man the mass."...

- 2 July 1844 letter to James Russell Lowell from Edgar Allan Poe.

badge?user=andarson

Link to comment
Share on other sites

i haven't as yet recieved an email containing my password for this site.

although I have recieved those blackmail emails due to having an account on linkedin when it was hacked, and carphonewarehouse when they were hacked, and the makers of the witcher games when they were hacked, and some other websites when they were hacked. when those site stored the passwords as plaintext, instead of encrypted.

  • Like 1
Link to comment
Share on other sites

I got an email last night with my real name and the forum password in the subject header. It was a blackmail email claiming to have compromising videos that would be released if I didn't pay bitcoin. I checked where the message came from and it traveled through the thedarkmod.com domain. I have heard from at least one other person with a forum account that they got a similar email. That, and the fact that I don't use my forum password in very many other places leads me to believe that Wordpress or the forum may have been hacked somehow.

 

Obviously, if you receive an email like this, don't respond to it. I suspect it's automated, but if you use the same login info here that you do on important sites, you may want to change it on those sites. I'm not sure whether changing your password on the forums is a good idea yet or not. I've contacted taaaki about it.

 

If you did or do get such an email, please let us know here.

 

https://haveibeenpwned.com/

I always assumed I'd taste like boot leather.

 

Link to comment
Share on other sites

I wouldn't presume that anyone seeing this is compromised.

 

I actually work in email defense and this trend is paired with Spammers who are finding loopholes in anti-spoof policies in the Spam Filter servers.

Any company that accidentally white-lists hostnames or IP addresses (without pairing them together and\or using other attributes) to validate authenticity will get these messages.

 

Too many companies are too worried about losing email messages from legitimate senders so they weaken their email filtering security settings

to ludicrously low and obsolete standards. (Allow no SSL or allow SSLv3 etc, no SPF, no DMARC, continue messages from known bad IP addresses, etc).

 

Now this silly stance is bearing it's fruit.

  • Like 1

Please visit TDM's IndieDB site and help promote the mod:

 

http://www.indiedb.com/mods/the-dark-mod

 

(Yeah, shameless promotion... but traffic is traffic folks...)

Link to comment
Share on other sites

On the flip side, I'm tired of getting yelled at because some corporate douche can't get his legit emails so we set their reject level to 10 instead of 5 and they get their stuff, and all the spam too.

It's not simple problem, can't just block all of it.

  • Like 1

I always assumed I'd taste like boot leather.

 

Link to comment
Share on other sites

I just use GMail (as does my employer). I don't remember the last time I even saw a genuine spam. The only "spam" I get is from idiots who can't correctly type their own email address when signing up for things.

 

Oh, and once or twice I've received entire email threads intended for the famous Australian cricketer who shares my name.

Link to comment
Share on other sites

I just use GMail (as does my employer). I don't remember the last time I even saw a genuine spam. The only "spam" I get is from idiots who can't correctly type their own email address when signing up for things.

 

Oh, and once or twice I've received entire email threads intended for the famous Australian cricketer who shares my name.

 

There's an Australian named OrdWeaver? I can't find anything in Google..... :blink:

I always assumed I'd taste like boot leather.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recent Status Updates

    • Petike the Taffer

      I've finally managed to log in to The Dark Mod Wiki. I'm back in the saddle and before the holidays start in full, I'll be adding a few new FM articles and doing other updates. Written in Stone is already done.
      · 4 replies
    • nbohr1more

      TDM 15th Anniversary Contest is now active! Please declare your participation: https://forums.thedarkmod.com/index.php?/topic/22413-the-dark-mod-15th-anniversary-contest-entry-thread/
       
      · 0 replies
    • JackFarmer

      @TheUnbeholden
      You cannot receive PMs. Could you please be so kind and check your mailbox if it is full (or maybe you switched off the function)?
      · 1 reply
    • OrbWeaver

      I like the new frob highlight but it would nice if it was less "flickery" while moving over objects (especially barred metal doors).
      · 4 replies
    • nbohr1more

      Please vote in the 15th Anniversary Contest Theme Poll
       
      · 0 replies
×
×
  • Create New...