Hello,
www.referraldirectoryforum.com was recently hacked and everything was deleted. We are now in the process of adding the backup back to the site. The other admin said he stole all emails, passwords, and information. Is there anyway he could have done that, or is it possible that he doesn't have access to all the passwords. Please tell me he doesn't..
Thanks!
(2015-02-12, 01:28 AM)dfarmer2001 Wrote: [ -> ]Hello,
www.referraldirectoryforum.com was recently hacked and everything was deleted. We are now in the process of adding the backup back to the site. The other admin said he stole all emails, passwords, and information. Is there anyway he could have done that, or is it possible that he doesn't have access to all the passwords. Please tell me he doesn't..
Thanks!
He could have gotten all that but the passwords. Passwords are hidden even to admins of site. If you go to ACP and try to change a members password, it might show dots, or just ask you to change it, but won't supply you with their password.
though stealing passwords is not a simple task, it can't be ruled out if the database was also stolen ..
(2015-02-12, 02:12 AM).m. Wrote: [ -> ]though stealing passwords is not a simple task, it can't be ruled out if the database was also stolen ..
Ooooh. Didn't know that haha.
(2015-02-12, 02:12 AM).m. Wrote: [ -> ]though stealing passwords is not a simple task, it can't be ruled out if the database was also stolen ..
According to the other admin of Referral Directory, the backup was stolen and that is the database. So I am guessing the passwords were stolen.. I am only hoping he doesn't have all the passwords..
He has only the hash of passwords, not the plain text version of passwords. I still would recommend having all your members, particularly staff, change their passwords.
He has hash and salt, and the MyBB password hashing system is in the sources.
So, it's possible (with enough time) to find a matching pass for a given hash & salt.
The only good protection now is to change the admins password and force the user to change their password.
Thats why we need MyBB 1.8.4 with 2-way authentication really soon
(2015-02-12, 03:18 PM)Eldenroot Wrote: [ -> ]Thats why we need MyBB 1.8.4 with 2-way authentication really soon
That wouldn't help as all necessary information for 2FA is stored in the database as well.
Okay well the staff is being required to change their passwords now. We have also created an announcement allowing everyone to know what has happened, and that they should change their passwords. An email, and PM will be sent to all users to make sure their privacy and account information is secure.