Hello,
I was just notified from my password manager that my CoTH username and password were found in plaintext on the dark web on November 5, 2020. I know the site was hacked a while back, but I never saw a data breach disclosure and haven’t been advised by COTH to reset my password, although that’s clearly needed. Is there a plan to notify end users of the breach? Thanks!
Jen
Thank you for the information. I will forward it on immediately and get back to you and others ASAP.
Thank you, much appreciated!
Someone is desperate if they are selling CoTH log ins on the dark web 
Lol, I agree it’s funny, but crooks do use it! They steal the email address and the password and then they try the same combo all over the web, assuming people re-use passwords on multiple sites. This is why you don’t re-use passwords!!
I believe that the report about the dark web may itself be the scam. You are doubtless meant to buy some kind of virus protection or etc.
Good instincts, but in this case it isn’t. I’m an IT pro that has paid for this service for years, they have nothing to sell me.
Ok, then that’s scary.
COTH did get held up for cyber ransom or something last year, remember?
Here’s the response from the developers:
Passwords on vBulletin and SGL are stored encrypted using a strong hash which are not reversible. Meaning that the original password cannot be recalculated from the stored hash value. Last COTH hack in June we had no evidence of data breach although it could be possible since the hackers didn’t leave much traces. But as I mentioned earlier even if they got hold of the users table they can’t access the actual passwords.
@CobJockey Is this username/password combination unique to COTH? Can you provide us with any further information from the service that provided this alert so that I can forward it for additional investigation?
Thanks!
Yes it was unique to COTH, I use randomly generated auto-fill passwords for everything. The service that reported it to me is Dashlane. Thanks!
By submitting your email, you agree to our Terms of Service and Privacy Policy. You may also receive promotional emails from The Chronicle of the Horse. You can opt out at any time.
For Customers
Company
Terms of Use
