2013-02-13, 10:02 AM
hello omni's hackforums was hacked and data was stolen SO is mybb vulnerable´????
2013-02-13, 10:10 AM
And from what source are you getting this information? If you're talking about the users table being leaked from February 2011 that wasn't due to a vulnerability in MyBB.
2013-02-13, 10:28 AM
noo no no no it was last week:
http://www.hackforums.net/showthread.php?tid=3235050
it's a mybb forum which was hacked !!
http://www.hackforums.net/showthread.php?tid=3235050
Quote:I have some bad news for the community. Unfortunately I have no way to make this sound not-so-bad. It appears that our l33t/ub3r orders database was compromised through an exploit with the host of the database. It's probably one of the worst things I can tell you has happened.
The data in our orders database consists of the order first name,last name, address, email, phone, ip, order date, and user id. More or less probably everything needed to DOX thousands of members. HF accounts themselves are secure. No passwords are in the DB.
CREDIT CARD DATA was not compromised. That data is not saved to our orders DB or even viewable by me. While that's not exactly a silver lining it's at least comforting that you don't have to call your CC company. Most orders are done through PP anyways.
The data from the theft is very likely going to be used to DOX as I don't see other uses. We're going to be extra vigilant now in making sure account recovery based on orders also has other verifiable information.
You might ask how can I let this happen. I've been pondering an answer to that for hours. So far I got nothing. I guess a better question would have been how could I have stopped this from happening. And to that I still don't know. Clever hackers have penetrated parts of HF security before. I'm confident that I took more than reasonable steps to secure the data. Giant companies like Sony experience deep penetrations. We all are vulnerable to a degree and HF is no exception.
If you wonder why we have this data it's to ensure that upgrades are legitimate, not fraudulent, and that members are not ban evading. There is no other option at this time but to save this data. I am however reviewing options available to obsfucate or encrypt the data.
I found out about this on Jan 26, 2013. I immediately investigated to confirm the validity. I spent hours making adjustments to secure the data.
I expect uproar over this. I'm not looking forward to the backlash at all. However I feel it's my responsibility to alert the community about this breach. If you're wondering what steps you should now take. The answer is, I don't know. There is likely nothing you can do about this. We are at the mercy of person(s) that took the data. This person is a known blackhat who's been repeatedly banned from this community. The people who have access are not do-gooders. They will likely use this data to threaten and harass members.
I know many of you are probably feeling deep disappointment. To you I say, I'm sorry and I deeply regret that this has happened. I have no way to fix this. I have no way to undo it.
HF has recovered from some fairly damaging penetrations before including a full user table dump in Feb 2011. We will recover from this too.
I will do my best to answer questions now. I know there will be those of you upset over this. I just ask that you be respectful in tone. I take this incident extremely seriously and no one is more upset by this than I am.
it's a mybb forum which was hacked !!
2013-02-13, 10:33 AM
It was the database of a company which handled the upgrade process, nothing related to MyBB, HF's servers, or the forum itself. The attack was external to the forum. The thread mentions nothing of a vulnerability with the site.
Jesse (Omniscient) is an active member and would have alerted us immediately if he felt the need to.
Jesse (Omniscient) is an active member and would have alerted us immediately if he felt the need to.
2013-02-13, 10:38 AM
ok so my forums can't be hacked??
2013-02-13, 10:44 AM
Yes, then can, just like any other website. There most likely are undiscovered vulnerabilities within MyBB, phpBB, vBulletin, Facebook, Google, PayPal, etc..
There currently aren't any known high risk vulnerabilities within MyBB. As long as you're using the latest version of MyBB and keep it updated then there's little chance you would be hacked in that respect. Security is an on going process and there will always be reason to review your security and gain a stronger understanding of your setup, in regards to both your forum and your environment.
There currently aren't any known high risk vulnerabilities within MyBB. As long as you're using the latest version of MyBB and keep it updated then there's little chance you would be hacked in that respect. Security is an on going process and there will always be reason to review your security and gain a stronger understanding of your setup, in regards to both your forum and your environment.
2013-02-13, 10:45 AM
ok so why is google not hacked when everyone try it every day to hack it .. someone must detected it someday ?!?! or can't it be hacked??
2013-02-13, 10:53 AM
(2013-02-13, 10:45 AM)ricard Wrote: [ -> ]ok so why is google not hacked when everyone try it every day to hack it .. someone must detected it someday ?!?! or can't it be hacked??
Google is frequently hacked. They have a high level of security so high risk vulnerabilities are rare but they do still occur.
http://www.google.com/about/appsecurity/hall-of-fame/
2013-02-13, 10:57 AM
ohh ok thank you for your supports,. thx