Should we Make New Passwords Since COTH Was Hacked?

If you don’t use that username/password combination anywhere, then yes, you are at very low risk.

However, one of the CLASSIC social engineering scams is illustrative. A group made a free porn site. All you had to do was make an account. Free porn!

So millions of people signed up… and a remarkable number signed up with work email addresses. And since the scam was to collect those emails and passwords, the passwords weren’t encrypted as they are on modern, reputable sites. (The encryption is done in such a way that even site administrators can’t read your password.) So the site owners, fresh with their catch of corporate email addresses and a possible password, tried them. Lots of them worked and allowed the hackers to log in to corporate networks and emails.

So, don’t be that person.

Yes, I am not that person. No one in their right mind would have entered the web page that showed up here instead of the expected forum and no one in their right mind uses the same password for different websites. I’ve changed my password for this website.

All I wanted to know was if the personal info that the chronicle has from my account has been compromised. That’s all. Still no response from the Chronicle.

What irks me, is that had I not attempted to read the forums in that time frame, when instead of the forums a sleazy webpage came up on my screen, I would have no idea that the information contained in my COTH account is possibly in possession of hackers, who seem to be very dubious people indeed.

What website showed up for you? I was redirected to raidforum, which is a gamers forum. I am assuming it uses the same host site as COTH

Raidforum also has a boatload of porn. That’s what I saw, too. I think we’re all talking about the same thing.

Good point about the host. Maybe not a hack at all but an error in host address routing.

Btw, not sure it’s a “gaming forum”…

https://krebsonsecurity.com/tag/raidforums/

I’m surprised and disappointed that COTH hasn’t said peep about it here on the Forum. I wasn’t aware they had a Facebook page (I don’t do much with Facebook). I do believe it is their responsibility to suggest that users change passwords as a precaution regardless of what or how the issue happened. And if more information was compromised then we should be made aware of it. If they are sharing a server with the likes of raid then maybe they should investigate a better server to host this forum.

Change your passwords as a precaution, probably a good idea to change them occasionally anyway.

Techie here, I did check and see if the domain had been stolen but everything seemed to point to the correct places still. Without knowing more, either they got in through the forums or other password area or from the server itself.

As for the monkey example, they use programs that try everything to brute force their way in with combos of usernames and passwords.

LetItBe

I don’t know why you’re directing anger at me or throwing the insults around; the answers on the thread are not just for you.

The truth is a LOT of people have used the same password for different websites over the years and still do. Even today, sites or networks are hacked because of password reuse, sometimes alas by computer professionals. But potentially, people have passwords that are 20 years old on this forum, and many are not computer savvy. And they may have never thought about the fact that they used the same password then.

I’m glad you know better and do better but other people need to hear the advice.

This appears to be the explanation behind what we saw:

https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/

I am not savvy enough to know if this sort of exploit compromises passwords…

Hi everyone ~

You’re understandably concerned about security, and we’re waiting to hear back from the developers for the laymen’s version of what happened and what, if anything, to be concerned about in regards to passwords, etc.

I do know from past discussions with them, that our passwords are stored encrypted, so I do not believe evil doers would have access to that information.

I know they’re at work ensuring the battlements are appropriately fortified and are investigating the issue, but we’ve asked for a report to share with everyone here.

I’m sorry that information has not yet been provided to you.

That your @Moderator 1 for checking in and giving us what little information you have.

My bad. I apparently didn’t check it out well enough.

Feel lucky that it was not obvious to you from what popped up on your screen.

Thanks Mod1. It will be good to know if our email addresses have been obtained by the hackers.

I’m sorry poltroon, I wasn’t angry with you, just annoyed with the hackers (why don’t they put their hacking skills to good use instead of causing difficulties for other people?) and the silence from COTH.

I thought everyone knew not to use the same passwords for everything, but of course I’m assuming.
I’m one of those people that is less than “up” on technology, not computer savvy, but the “never use the same password” warning sunk in for me a long time ago.

Again, I’m sorry if my words were harsh and unpleasant.

Yes. Incantation, it was quite obvious to me.:yes:

Different strokes and all but I’d rather not go, or be sent, there. :eek:

Be sure to check your cookies. When I checked mine, Raidforum had put a cookie on my computer.

Good idea. I wonder how many members are still unaware of this issue… many people don’t come to this area of the forums.

I deleted cookies directly after the page came up. Twice, because I went back once thinking perhaps I’d made some sort of mistake. A check now shows nothing by them directly but I cleared all just to be sure.

That passwords were encrypted is very good news, but if you are using that password to secure anything of importance any time you hear of a data breach, I would still recommend changing it. This article has a good description of why:

https://arstechnica.com/information-technology/2019/09/doordash-hack-spills-loads-of-data-for-4-9-million-people/

OK, so after continued investigation, the development team has said that while the breach was serious, they have found no indication that any user data was compromised. The hackers, probably using an automated bot, found a recently identified security vulnerability in which they posted a picture as the means of inserting code and executing it.

The developers took immediate precautions and then have been looking into further hardening the server and upgrading our forum software.

I can’t imagine it’s ever a bad idea to change your passwords if an issue like this occurs, and clean out your cookies. Raidforum was the website to which we were redirected, so you can check for that.

The developers also wanted to stress that these types of issues are almost never specifically targeted personal attacks on the site – bots go out in search of vulnerabilities.

If you have other specific questions, I will do my best to get answers.

Our sincere apologies for the inconvenience and concern this has caused everyone.

Thanks @Moderator 1 . Appreciate the info.

But I agree with others that this issue deserved a banner on the forums or a Tweet or FB post or something to let forum users know what happened. Just my 2 cents.