Facebook  Twitter 

SMFHacks.com

+-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 4255
Latest: andreios
New This Month: 3
New This Week: 1
New Today: 0
Stats
Total Posts: 43261
Total Topics: 7519
Most Online Today: 297
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 2
Guests: 275
Total: 277

Author Topic: Simple Machines got compromised - passwords leaked  (Read 5180 times)

0 Members and 1 Guest are viewing this topic.

Offline Angie

  • Member
  • *
  • Posts: 5
    • View Profile
Simple Machines got compromised - passwords leaked
« on: August 14, 2013, 09:29:28 pm »
I tried to change my password on here because of a security breach on simplemachines.org but I can't because I have no posts. So I am posting this.

http://www.simplemachines.org/community/index.php?topic=508232.0

Quote
Dear valued community members,


On the 22nd of July 2013, it was discovered that unauthorized access to our website and database has been obtained on the 20th of July.
The method is similar to the hacks that were recently conducted at other websites, even though those sites used other software.
One of the admins account password was discovered, and from there further escalation wasn't too difficult considering admin privileges can do just about anything.

Unfortunately, we are 100% sure that our user database has been stolen.
As such we HIGHLY RECOMMEND, even implore you, to:
1.) Change your password on other websites you are using, if you use the same password there. This is very important to do, as it also will help prevent other websites being I love SMF through your compromised password, if it is compromised.
2.) Change your password here on our website.
3.) If you use the password you use here anywhere else, say for example to login to your webhost, it is highly urged to change it.
4.) Please note that personal messages may have also been compromised. We don't know for sure if the hacker only downloaded the user tables or not, although that's the only thing he/she is after. If they did: keep in mind that passwords you shared through PM should now be considered vulnerable. It's best not to take the risk and gamble, and just change any password you shared through PM as well.
5.) Charter members, current and past, are encouraged to change ALL passwords if they ever sent any in to us. That would include FTP.

Please keep in mind:
This is !!NOT!! a security issue with the SMF software. If you are running the latest SMF version you have nothing to fear from this hack if you use different passwords.

The method used by the hacker is that a database is downloaded from another I love SMF website, the passwords are attempted to be decrypted and if it is successful: they try to login to other websites using that username & password, or try to cross-reference by using password reset links.
Unfortunately for us, a Administrator used the same password elsewhere on another site and access to our site was obtained when the password from the other I love SMF site was successfully decrypted. As a result, the hacker was able to login here with admin rights.
Hundreds of websites have been I love SMF lately by using this method, so you are highly encouraged to change your passwords...

... And remember: don't use the same password on multiple sites!
It helps to prevent hacks like this.

Thank you for your consideration and we deeply apologize for any inconvenience this causes for you.
By changing your passwords, you will help ensure that other sites do not fall victim to this method of hacking and help put a halt to the hacking spree that has affected hundreds, if not thousands, of websites already.

-edit for clarification-
Yes, the passwords are stored with encryption.
Unfortunately, even encrypted passwords can be decrypted. Hence, the passwords used here should not be considered safe anymore.


Any questions, please do feel free to ask.
Please stay on topic.


Kind regards,
Board of Directors
Simple Machines

« Last Edit: August 14, 2013, 09:37:09 pm by angieskidney »

Offline Angie

  • Member
  • *
  • Posts: 5
    • View Profile
Re: Simple Machines got I love SMF - passwords leaked
« Reply #1 on: August 14, 2013, 09:36:04 pm »
How many posts do I need to post just to change my password to a more secure one?

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: Simple Machines got compromised - passwords leaked
« Reply #2 on: August 14, 2013, 09:42:21 pm »
I believe 5
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: Simple Machines got compromised - passwords leaked
« Reply #3 on: August 14, 2013, 09:42:49 pm »
Or another option is to do the password reset email
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline Angie

  • Member
  • *
  • Posts: 5
    • View Profile
Re: Simple Machines got compromised - passwords leaked
« Reply #4 on: August 14, 2013, 09:44:56 pm »
Or another option is to do the password reset email

Okay thank you

 

Related Topics

  Subject / Started by Replies Last post
1 Replies
4576 Views
Last post February 03, 2007, 08:14:07 am
by Nite
0 Replies
6344 Views
Last post August 10, 2008, 01:01:23 pm
by persiansmf
4 Replies
7289 Views
Last post March 31, 2010, 12:15:07 am
by lakestclair
1 Replies
3988 Views
Last post August 27, 2010, 10:50:59 am
by thefley
1 Replies
6464 Views
Last post April 24, 2014, 03:11:57 pm
by SMFHacks

+- Recent Topics

Problems SMF 2.0.19 > 2.1.4 SMF Gallery Pro - Recents Images to overall header by Michel68
Today at 08:27:36 am

No thumbnails on new uploads by Tonyvic
Today at 06:26:18 am

Display the Contact Page for guests by SMFHacks
March 27, 2024, 10:55:43 am

is it possible to add support for odysee.com by fvlog19
March 21, 2024, 08:47:51 am

Request for admin notification by davejo
March 10, 2024, 01:31:59 am

I need help with torrent upload by Ineedsmfhelp
March 09, 2024, 10:01:13 pm

an idea for new mod (( content type with different display )) by SMFHacks
February 27, 2024, 01:36:27 pm

[Mod] RSS Feed Poster by SMFHacks
February 27, 2024, 11:57:18 am

find duplicate pictures by fvlog19
February 14, 2024, 02:22:40 pm

Error uploading video. by SMFHacks
February 08, 2024, 02:04:16 pm

Powered by EzPortal