Change your password if it's the same Boards.ie

They are stored in a hash , so while it won't be plainly readable it would allow them to get it with enough effort.
 
Should this not only be an issue though if you have the same user name too on other sites?
 
I use different usernames on different sites, sometimes the same passwords (or versions of) - but I would always register the same email address, so would this mean that Mr Hacker would know that UserA has PasswordA and EmailaddressA on boards, then using the email address find its registered to UserB on AAM and then try out UserAs password to see if it works with UserBs account on AAM?
 
truthseeker said:
I use different usernames on different sites, sometimes the same passwords (or versions of) - but I would always register the same email address, so would this mean that Mr Hacker would know that UserA has PasswordA and EmailaddressA on boards, then using the email address find its registered to UserB on AAM and then try out UserAs password to see if it works with UserBs account on AAM?
Click to expand...

No , it's not possible for them to make that link.
 
Brendan said:
This is precautionary advice. I don't think that vBulletin makes the passwords of users accessible.
Click to expand...
I would imagine that whoever broke into boards.ie's database now has all the passwords reversed. All they have to do is pump the hashes and the salts into Hashcat or similar.
 
truthseeker said:
Whats the advantage for a hacker to get someones username and password for a messaging board?
Click to expand...

Probably just mischief, although it's possible that people might use the same username/password combinations on sites where financial information is stored.
 
I can't see how they can access the passwords, but they are obviously smart enough to hack into the site, so perhaps they can.

If they get the passwords, they could only use them where someone has the same user name and password on askaboutmoney.

A bigger issue for boards members is that the registration email address of the users will be available to the hackers. This might be embarrassing for some posters, but that is all.

It's a good precaution to change the password anyway, in case my analysis is wrong.



Brendan
 
eh...how do I change the password? (so long since I registered I can't remember how..)

I'm an eegjit.

User CP -> Change your password.

Couldn't be easier. :eek:
 
Heard someone on the radio mention the possibility of access to PayPal if the hacked username, email & password from boards were also used to log onto eBay & PayPal.

It was said to be remote, but there may be some people who have the same "cyberidentity" throughout the internet.
 
gipimann said:
Heard someone on the radio mention the possibility of access to PayPal if the hacked username, email & password from boards were also used to log onto eBay & PayPal.

It was said to be remote, but there may be some people who have the same "cyberidentity" throughout the internet.
Click to expand...

Thanks for the tip for paypal. Same goes for amazon if anyone uses the same email and password - or any other site you use credit card information on.
 
They have comfirmed that PayPal or CC information is not stored in the DB.
 
Brendan said:
I can't see how they can access the passwords, but they are obviously smart enough to hack into the site, so perhaps they can.

If they get the passwords, they could only use them where someone has the same user name and password on askaboutmoney.

A bigger issue for boards members is that the registration email address of the users will be available to the hackers. This might be embarrassing for some posters, but that is all.

It's a good precaution to change the password anyway, in case my analysis is wrong.



Brendan
Click to expand...

The passwords are stored in the database as a hash (http://en.wikipedia.org/wiki/Cryptographic_hash_function).

You can take the hash file and brute force (http://en.wikipedia.org/wiki/Password_cracking#Brute_force_attack) it on their pc's to find the original password.


Not easy and will take time , but it is effective.
 
Brendan said:
I can't see how they can access the passwords, but they are obviously smart enough to hack into the site, so perhaps they can.

If they get the passwords, they could only use them where someone has the same user name and password on askaboutmoney.

A bigger issue for boards members is that the registration email address of the users will be available to the hackers. This might be embarrassing for some posters, but that is all.

It's a good precaution to change the password anyway, in case my analysis is wrong.



Brendan
Click to expand...


Brendan et al.

The reason hackers tend to target message boards is because most (all) of them require an email address and password to register.

They don't care about the content of the site or what people are posting - they may post up usernames/email address on some hackers site to show off but the main reason is to harvest email addresses and passwords.

There are stats available on the web which show that a huge percentage of users will use the same password for their email as their message boards.

Crack one email/password combo and theres a huge percentage that you've cracked them all.
They will be primarily targetting accounts like gmail/yahoo/hotmail etc.

People store things like paypal account details, etc in their email and lots of info which will allow some form of identity theft.

If I was a user on boards with common passwords I would be very worried and would be changing password across every service I use.

I am a user on boards but have a seperate email address for registering to messages boards and for mail lists etc. as opposed to paypal and other sensitive sites.
 
Thanks for that info - its not very encouraging though and not what we want to hear at times like this.

So you have different email addresses for business and pleasure , however at least 90 % of forum users will have only one email address for everything .
 
You must log in or register to reply here.
Back
Top