Attention! Forum has been hacked

o0ragman0oo0ragman0o Member, Moderator Posts: 1,290 mod
Please see the following Ethereum Foundation Blog post for full details.

In brief
---
Accounts created before May 2016 have been compromised by access of a forum backup....

The information that was recently accessed is a database backup from April 2016 and contained information about 16.5k forum users.
The leaked information includes
Messages, both public and private
IP-addresses
Username and email addresses
Profile information
Hashed passwords
~13k bcrypt hashes (salted)
~1.5k WordPress-hashes (salted)
~2k accounts without passwords (used federated login)
The attacker self-disclosed that they are the same person/persons who recently hacked Bo Shen.
The attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum.
---
Post edited by o0ragman0o on

Comments

  • BikuyBikuy Member Posts: 32
    Dang, no further hacking incidents have taken place since then?

  • CodeGroup4CodeGroup4 Member Posts: 8
    Very nice information you have shared here. Still, I did not hear such kind of incidents before.
  • coinkircoinkir PakistanMember Posts: 18
    Is True to Forum has been hacked. It's impossible to hack this forum.
  • ICODAICODA MoscowMember Posts: 73
    Is this real information?
  • o0ragman0oo0ragman0o Member, Moderator Posts: 1,290 mod
    Yes. A backup database was breached and it appears by the recent behaviour of numerous old accounts posting links to hacked miner clients, that some passwords have been cracked. These accounts are getting banned as they show themselves.
  • cryptogiftcardcryptogiftcard Member Posts: 1
    Always consider any “financial” website you visit to be comprimised. Stay safe, lads.
  • BikuyBikuy Member Posts: 32
    edited September 18
    [quote]Accounts created before May 2016 have been compromised by access of a forum backup....

    The information that was recently accessed is a database backup from April 2016 and contained information about 16.5k forum users.
    The leaked information includes
    Messages, both public and private
    IP-addresses
    Username and email addresses
    Profile information
    Hashed passwords
    ~13k bcrypt hashes (salted)
    ~1.5k WordPress-hashes (salted)
    ~2k accounts without passwords (used federated login)
    The attacker self-disclosed that they are the same person/persons who recently hacked Bo Shen.
    imageThe attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum.[/quote]

    Wow , this sucks, what was the exploit? Was it SIM card related?
  • o0ragman0oo0ragman0o Member, Moderator Posts: 1,290 mod
    The attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum.
Sign In or Register to comment.