Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26
Like Tree23Likes

Thread: Database Breach

  1. #11
    AVF Newbie | Be nice to me
    Join Date
    Jul 2014
    Location
    Newcastle
    Posts
    46
    Quote Originally Posted by Fatman View Post
    Interesting .. however going by that site my user name has been hacked at 5 different forums I am not a member of and my sign up email was hacked only @ Adobe in 2013 along with 143 million other email addies ... the site DOES NOT show me as having my info harvested from AVF whatsoever ?
    haveibeenpwned.com won't list any email directly for the vBulletin breaches because a number of the forums that were breached were of a sensitive nature.
    Quote Originally Posted by Fatman View Post
    It might just be the cynic in me , but I wonder how many of these actual sites are set up just so you provide your email to them lol
    You're only paranoid till they catch you or #### your server(s)
    Quote Originally Posted by Fatman View Post
    Of course only Jato would know if we had ever been compromised in that way , but as a result of recent attempts which crashed the forum etc , they didnt get thru the security past the main page instead as you saw their repeated attempts just filled the log file until there was no space left to actually host the site hence the DB error message popping up
    Hmm if the site's main page was showing DB errors what else was it exposing? e.g. database connection strings etc.

    Quote Originally Posted by saph View Post
    7: Reading file "aussievapers.com-vb-2017.txt" at 2,813kb
    Found 28,907 distinct emails

    thats not forums.aussievapers
    Do you mean you've tracked down that leaked file, examined it and determined that it's not the aussievapers forum user database? Because that is the filename the miscreant used to store the data and AFAIK ww w.aussievapers.com aussievapers.com and forums.aussievapers.com all redirect to the same URL
    Quote Originally Posted by gtadmin View Post
    Interestingly, my email address used for aussievapers returns "Good news {some other text that I can't remember}"
    haveibeenpwned.com won't list any email directly for the vBulletin breaches because a number of the forums that were breached were of a sensitive nature.
    Quote Originally Posted by disley View Post
    I don't recall ever visiting the five sites it says I my email address has been leaked.
    What can I do about?
    The sites may have rebranded, you may have signed to the site and forgotten. In very very rare circumstances you may have claimed an email address that was discontinued (previous user decided to kill the email account).

    What to do - If you are concerned that you may have signed up at those sites and you are in the habit of using your email password to sign up to other sites then changing your email password would be a very good idea.
    Don't reuse passwords on websites; If you do reuse passwords at a minimum make the banking / email account passwords different to everything else.
    Quote Originally Posted by Snidely_Whiplash View Post
    Simple rule:
    Emails are little more than electric post cards !
    Don't put anything in an email, you wouldn't put on a post card !!!
    The main issue is not the email account per se it's password reuse. How many other places has bob@example.com registered using the same password.
    Some websites use poor methods to store the users password and a cracker can retrieve the password with little effort.
    Quote Originally Posted by saph View Post
    well the breach hasnt been leaked yet since ive typed my email and username in and only the email flagged but knew about those

    the forum side aint part just the main site
    haveibeenpwned.com won't list any email directly for the vBulletin breaches because a number of the forums that were breached were of a sensitive nature.
    Fatman likes this.

  2. #12
    Super Moderator
    Join Date
    Jan 2012
    Location
    Ghost Town (Whyalla), SA
    Posts
    14,229
    haveibeenpwned.com won't list any email directly for the vBulletin breaches because a number of the forums that were breached were of a sensitive nature.
    If that's the case, what is the point of being able to check an email address belonging to a user of one of the forums, especially a forum that isn't of a sensitive nature?
    Started vaping 28th October 2011

    The bitterness of poor quality remains long after the sweetness of low price is forgotten. - Benjamin Franklin
    Just because you are offended doesn't mean you are right ...




    Please read these rules

    Read about signatures too

  3. #13
    AVF Newbie | Be nice to me
    Join Date
    Jul 2014
    Location
    Newcastle
    Posts
    46
    Quote Originally Posted by gtadmin View Post
    If that's the case, what is the point of being able to check an email address belonging to a user of one of the forums, especially a forum that isn't of a sensitive nature?
    the breach dataset is from a single group/individual who went after several vBulletin sites. That group/individual released the ex-filtrated data as a single dump. haveibeenpwned.com is treating all the different sites that were breached as a set as there are 140+ sites.

    If you are subscribed as an individual or as a domain haveibeenpwned will notify you that your email address (or an unspecified address under your domain) was in the vBulletin breach
    You signed up for notifications when emails on "domain name" were pwned in a data breach and unfortunately, it's happened. This time, the incident in question is the CrimeAgency vBulletin Hacks breach from Jan 2017 which you can read about here: https://haveibeenpwned.com/PwnedWebs...gencyVBulletin.

    The data disclosed in the breach includes: Email addresses, Passwords, Usernames

    Fortunately there was only 1 compromised email on the domain which you can see by running another domain search:

  4. #14
    Super Moderator
    Join Date
    Jan 2012
    Location
    Ghost Town (Whyalla), SA
    Posts
    14,229
    If you are subscribed as an individual or as a domain haveibeenpwned will notify you that your email address (or an unspecified address under your domain) was in the vBulletin breach
    So you are saying that they have extracted everyone's email address from the data submitted ... is that correct?
    Started vaping 28th October 2011

    The bitterness of poor quality remains long after the sweetness of low price is forgotten. - Benjamin Franklin
    Just because you are offended doesn't mean you are right ...




    Please read these rules

    Read about signatures too

  5. #15
    AVF Newbie | Be nice to me
    Join Date
    Jul 2014
    Location
    Newcastle
    Posts
    46
    Quote Originally Posted by gtadmin View Post
    So you are saying that they have extracted everyone's email address from the data submitted ... is that correct?
    Yes haveibeenpwned has run automated scripts over the breach data set to add all the email addresses (and only the email addresses) to a database. But haveibeenpwned did not perform the breach they retrieved the breach set from elsewhere on the internet.

    I run my own mail domain and I've signed up with haveibeenpwned and hence get notices for email accounts that were used on breached sites
    Cat likes this.

  6. #16
    Super Moderator
    Join Date
    Jan 2012
    Location
    Ghost Town (Whyalla), SA
    Posts
    14,229
    No problem, so they will only check your email address if you subscribe. I am only trying to assess the risk BTW
    Lily likes this.
    Started vaping 28th October 2011

    The bitterness of poor quality remains long after the sweetness of low price is forgotten. - Benjamin Franklin
    Just because you are offended doesn't mean you are right ...




    Please read these rules

    Read about signatures too

  7. #17
    AVF Newbie | Be nice to me
    Join Date
    Jul 2014
    Location
    Newcastle
    Posts
    46
    Quote Originally Posted by gtadmin View Post
    No problem, so they will only check your email address if you subscribe. I am only trying to assess the risk BTW
    They will only confirm if your address was on at least one of the 140 sites (but not which one or which ones).

    The site contains email addresses from many different breaches, all those addresses are/were circulating in the murky parts of the web.
    The site operator is not a security researcher. He created the site as a hobby project and now the site is a well known name in security research circles.

  8. #18
    Super Moderator
    Join Date
    Jan 2012
    Location
    Ghost Town (Whyalla), SA
    Posts
    14,229
    It's okay mate, given that it came back "Good news — no pwnage found! ... No breached accounts and no pastes (subscribe to search sensitive breaches)" with the email address I typed in in the search textbox (with which I signed up here), I'm in the clear
    DogMan likes this.
    Started vaping 28th October 2011

    The bitterness of poor quality remains long after the sweetness of low price is forgotten. - Benjamin Franklin
    Just because you are offended doesn't mean you are right ...




    Please read these rules

    Read about signatures too

  9. #19
    AVF Regular
    Join Date
    Dec 2013
    Location
    melbourne
    Posts
    347
    Quote Originally Posted by Saucy View Post
    Hi guy's,
    Just thought I'd drop a quick note to inform everyone that sometime in January 2017 the AussieVapers database was breached, as a result our email addresses, hashed passwords etc have been leaked.
    i started getting spammed by this mob sometime in january, coincidence?!

    Greeting from Vapesourcing , special discount code " AVF5OFF " & Giveaways

  10. #20
    AVF Regular
    Join Date
    Jul 2015
    Location
    South West (WA)
    Posts
    1,009
    I've had 3 breaches including the Vbull CrimeAgency dump.

    I mentioned this site not long after i signed up here but got hit with the "they just after your email address" but Troy Hunt seems to have proven himself.
    Last edited by Dhufish; 21-03-17 at 10:31 PM.

 

 
Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin® Version 4.2.4
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO 3.6.0
All times are GMT +11. The time now is 08:59 AM.