News:

Thou shalt confirm thine airspeed on final, lest the earth rise up and smite thee. (pre-landing checklist, v1)

Main Menu

Beware of Possible Security Breach! My login on this site was dumped on the NET!

Started by cemil, August 25, 2018, 12:50:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

cemil

August 25, 2018, 12:50:24 AM Last Edit: August 25, 2018, 12:55:04 AM by cemil
Last week I had a situation in which my password was leaked somewhere and I have been  checking stuff since. Well, today I visited the Have I Been Pwned site and it indicated my credentials were breached in at least 8 sites (actually less but nevertheless).

In searching through that I followed a link to a security Twitter account in which notifications are made when a DUMP of usernames/passwords have been done somewhere on the net, usually PasteBin sites.

Well, I checked mine and it listed two dumps, one did not exist anymore (they are usually deleted rather quickly) but in the other there was a whole database table dump with information as to whom to contact (I presume it is the person that breached the data and from where source information might be obtained). My email address was listed in that database dump!!! when I searched my vault I noticed that the username that was dumped there I had used on THIS SITE (Plan-G).

The database table dump is quite large (http://siph0n.in/exploits.php?id=4367) so if you see your email and/or username there then PLEASE CHANGE YOUR PASSWORD RIGHT AWAY!!! I was lead to that "dump" by the security site I mentioned above (https://haveibeenpwned.com/) where you can enter your email address and they check if you have been breached. I do not recall having used this username in any other site so I am ALMOST certain the database dump belongs to the membership database of this site, I might be mistaken BUT you lose nothing by taking preventive measures.

Now, I am changing my passwords, I hope you do too and I hope the owner of this forum checks his hosting for data breach. As I said, I have been checking my logins since I was alerted that my password (from another site) was leaked and ran into this one just by digging deeper into the extent of the leak.


mutley

#1
August 25, 2018, 08:47:27 PM
Tim is the only person who can check the sql members table, but looking at that list it is just a sql query on made on https://www.000webhost.com/ and not this site. It's an unfortunate fact nowadays that nothing is secure so always use unique passwords on financial site where more than your login details are at stake.  :)
Windows 10/64 Pro | i9 7900K | GTX1080ti
Print
Go Up Pages1
User actions