Forum Security

[Stuart Truman]

Folks, it gives me no pleasure to write this:

There is a particularly insidious piece of blackmail spam going about that claims to have infected your device with malware, gained access to your webcam and recorded you watching porn. There is a request to pay up via bitcoin to keep quiet or else they will forward it to your friends and family. So far, so much to ignore. But here's the clever/nasty bit; they have a password that you’ve used with a website or forum and they share it back with you as some kind of “proof” that you’ve been hacked. This is where people start to panic.

What’s actually happened is that they’ve breached the security of the site that the password came from. I’ve had two of these mails in the past couple of weeks. Both with the same password, and it’s the password I use here. I use a password manager and my passwords are random strings of characters. The likelihood of the password manager I use being breached is negligible. I do not ever use the same password on multiple sites.

I can only assume that someone has breached the security of this forum. I did search the forum before posting this but I could not find anything alerting users to the possibility.

You may wish to change your passwords

[Bob]

Thanks for the heads up, hopefully the admin/mods will be along to advise more soon, but in the meanwhile ... new password time

[brett]

Hi Stuart

I have had this also and its only the password I use on this forum , also if my browser logs me out for some reason I always get a warning message that the site is unsafe

[Charles]

... hopefully the admin/mods will be along to advise more soon

Raised with Admin - way above my pay grade!

[neil]

Hi Guys

No clear picture yet but am in process of investigating - I've upgraded a few things and as you say changed passwords etc. I'm also looking at how quickly I can swap to completely use https.

If you have anything that can help me work out the source of this please forward to me - either by pm or email.

Thanks

Neil

[---pete---]

Unfortunately I can also confirm this has happened to me with a password specific only to this site.

Pete

[neil]

Hi all

The advice given re. ignoring the email is right - it is just someone exploiting a single piece of information to imply a huge issue for the person (porn etc.)

I do however strongly advise people to not use the same password everywhere - especially to secure sites or sites that can be exploited financially. Password managers are the simplest way to achieve this and are typically easy to use once you set them up.

If people use the same password here as they do elsewhere then I do suggest that you need to look to change all your passwords.

Sorry for the inconvenience and we are doing everything we can to track down the issue / secure the site further to avoid any further risks.

If anyone has any specific concerns please PM or email me.

Thanks

Neil

[nkotecha]

neil you running it on a iis server or is it hosted in the cloud

[Rav]

I received this e-mail and was terrified. I raised it with my IT literate 16 year old who informed me that it was rubbish.

I will change my Password at once. Thanks for informing us.

[jolls]

I've had the same spam. Just delete it and change your password.

[neil]

neil you running it on a iis server or is it hosted in the cloud

Hosted

[Stuart Truman]

I’ve got a background in IT security.

https is only encrypting the traffic between your browser and the server although implementating this would be a good idea.

The biggest concern I have is that the passwords are stored in plain text unencrypted. If this is the case then this is a major flaw in the design of the software the site runs on. I’d assume there’s a support community for the software you’re using and I t might be worth checking out if other people have seen the same thing. If so then the authors really need to get a patch out. I’m assuming you’re up to date with available patches.

Not knowing the software the board runs on, I can’t really comment further.

[neil]

I’ve got a background in IT security.

https is only encrypting the traffic between your browser and the server although implementating this would be a good idea.

The biggest concern I have is that the passwords are stored in plain text unencrypted. If this is the case then this is a major flaw in the design of the software the site runs on. I’d assume there’s a support community for the software you’re using and I t might be worth checking out if other people have seen the same thing. If so then the authors really need to get a patch out. I’m assuming you’re up to date with available patches.

Not knowing the software the board runs on, I can’t really comment further.

Hi Stuart

The passwords are definitely only stored encrypted.

Thanks

Neil

[Broch]

I've heard of this scam a few months ago, and one work collegue told me his experience.
I believe that the password that the scammer has for anyone are old passwords, possible a password used years ago from an old email account etc.
As we normally are asked to change passwords or change accounts throughout the years I guess most don't apply any longer.
Thinking of this site, I have the same password for this site as I started with.
Is it worth changing your password for this site.......
I'm not fussed as I know the scammer won't have video footage of me whilst I'm on this site..... or at least I hope not

Onzie

[Hector's Dad]

I'm not convinced the breach was this forum. I started receiving these emails (up to 15 per day at the height!) in (I think) November last year. If it was this site, we'd all have had them and this would have been raised by someone before now.