Έκλεψαν τη βάση δεδομένων του simplemachines.org!

Προβληματισμοί και ανταλλαγή ιδεών από την Επικαιρότητα και διάφορα άλλα θέματα.

Συντονιστής: Super-Moderators

Απάντηση
Άβαταρ μέλους
Sermac
Δημοσιεύσεις: 363
Εγγραφή: 26 Σεπ 2007 21:08

Έκλεψαν τη βάση δεδομένων του simplemachines.org!

Δημοσίευση από Sermac » 23 Ιούλ 2013 23:12

Dear valued community members,


On the 22nd of July 2013, it was discovered that unauthorized access to our website and database has been obtained on the 20th of July.
The method is similar to the hacks that were recently conducted at other websites, even though those sites used other software.
One of the admins account password was discovered, and from there further escalation wasn't too difficult considering admin privileges can do just about anything.

Unfortunately, we are 100% sure that our user database has been stolen.
As such we HIGHLY RECOMMEND, even implore you, to:
1.) Change your password on other websites you are using, if you use the same password there. This is very important to do, as it also will help prevent other websites being hacked through your compromised password, if it is compromised.
2.) Change your password here on our website.
3.) If you use the password you use here anywhere else, say for example to login to your webhost, it is highly urged to change it.
4.) Please note that personal messages may have also been compromised. We don't know for sure if the hacker only downloaded the user tables or not, although that's the only thing he/she is after. If they did: keep in mind that passwords you shared through PM should now be considered vulnerable. It's best not to take the risk and gamble, and just change any password you shared through PM as well.
5.) Charter members, current and past, are encouraged to change ALL passwords if they ever sent any in to us. That would include FTP.

Please keep in mind:
This is !!NOT!! a security issue with the SMF software. If you are running the latest SMF version you have nothing to fear from this hack if you use different passwords.

The method used by the hacker is that a database is downloaded from another hacked website, the passwords are attempted to be decrypted and if it is successful: they try to login to other websites using that username & password, or try to cross-reference by using password reset links.
Unfortunately for us, a Administrator used the same password elsewhere on another site and access to our site was obtained when the password from the other hacked site was successfully decrypted. As a result, the hacker was able to login here with admin rights.
Hundreds of websites have been hacked lately by using this method, so you are highly encouraged to change your passwords...

... And remember: don't use the same password on multiple sites!
It helps to prevent hacks like this.

Thank you for your consideration and we deeply apologize for any inconvenience this causes for you.
By changing your passwords, you will help ensure that other sites do not fall victim to this method of hacking and help put a halt to the hacking spree that has affected hundreds, if not thousands, of websites already.

-edit for clarification-
Yes, the passwords are stored with encryption.
Unfortunately, even encrypted passwords can be decrypted. Hence, the passwords used here should not be considered safe anymore.


Any questions, please do feel free to ask.
Please stay on topic.


Kind regards,
Board of Directors
Simple Machines

Πηγή: http://www.simplemachines.org/community ... c=508232.0


Γι' αυτό δεν βάζουμε παντού τον ίδιο κωδικό! :hammer:
Εικόνα

Άβαταρ μέλους
Cha0s
SysAdmin
Δημοσιεύσεις: 10248
Εγγραφή: 28 Ιούλ 2001 03:00

Έκλεψαν τη βάση δεδομένων του simplemachines.org!

Δημοσίευση από Cha0s » 24 Ιούλ 2013 15:28

Παρόμοιο mail έλαβα χθες για το Ubuntuforums.org

Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.

alou
Script Master
Δημοσιεύσεις: 1374
Εγγραφή: 24 Αύγ 2007 19:52
Επικοινωνία:

Έκλεψαν τη βάση δεδομένων του simplemachines.org!

Δημοσίευση από alou » 24 Ιούλ 2013 15:48

Και εγώ, επίσης χτες, από την apple, που υπήρχαν πιο ευαισθητα δεδομένα αποθηκευμένα...
Apple Developer Website Update

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
Υπήρχε και ένα σχετικό θέμα χτες εδώ
http://www.freestuff.gr/forums/viewtopic.php?t=66232

Απάντηση

Επιστροφή στο “Επικαιρότητα & Διάφορες Συζητήσεις”

Μέλη σε σύνδεση

Μέλη σε αυτήν τη Δ. Συζήτηση: Δεν υπάρχουν εγγεγραμμένα μέλη και 0 επισκέπτες