geekhack
geekhack Community => Off Topic => Topic started by: dgneo on Tue, 20 December 2016, 08:11:08
-
A rash of accounts have been compromised over at r/mk, with some flowing over to here. LSB, jchan, mklovin/chucklingcumquat, rpeterclark. mklovin's paypal was also compromised.
This site was SSL'less for a little while, it's possible someone sniffed the traffic during logins at that time.
(https://i.imgur.com/6ZNXgy1.png)
https://www.reddit.com/r/MechanicalKeyboards/comments/5jd62r/hue_hue_hue_hue_d/
Probable list of compromised accounts.
(https://i.imgur.com/3X3bnhV.png)
https://geekhack.org/index.php?action=profile;u=52917
MkLovin's compromised profile (scanning the QR code provides the script kiddie's public key).
Change your passwords to something unique from other sites, and strong.
-
(http://i.imgur.com/yAK7Xx2.png)
+1 rep
-
+1 rep
-
Changed my password to **************.
-
Can't fool me.
I tell people my password so it doesn't get compromised by these attacks.
-
12345horse
-
changing pass now
-
Yikes, I'm on that list! Fortunately, I use a password manager, so I'm pretty sure that was a single use password. Changing it...
/edit ****, looks like my account over there was deleted or disabled or something. I can't sign in and trying to reset the password tells me that my username no longer exists. :(
-
Yikes, I'm on that list! Fortunately, I use a password manager, so I'm pretty sure that was a single use password. Changing it...
/edit ****, looks like my account over there was deleted or disabled or something. I can't sign in and trying to reset the password tells me that my username no longer exists. :(
Get in touch with Reddit Admins as soon as you can. They should be able to assist with this, provide the links I did above as further proof.
-
Dgneo the protector
-
Dgneo the protector
His job as IT admin is leaking through to GH.
-
Dgneo the protector
His job as IT admin is leaking through to GH.
I always thought he was dancer
-
Yikes, I'm on that list! Fortunately, I use a password manager, so I'm pretty sure that was a single use password. Changing it...
/edit ****, looks like my account over there was deleted or disabled or something. I can't sign in and trying to reset the password tells me that my username no longer exists. :(
Was your password the same for both sites?
Nevermind you used a password manager.
-
Whew, laddy. Changed. :(
-
It's not likely that this was an attack based on GH's lack of SSL. Here's why:
The only account we know of that was compromised on GeekHack was MkLovin. We also know that rpeterclark uses different passwords for Reddit and GeekHack, meaning that the attack was targeted towards Reddit users. MkLovin's GH and PayPal accounts can be explained with password reuse (MkLovin = ChucklingKumquat, for those who don't know).
As of right now, what I consider to be most likely is a social engineering attack, such as phishing. We can ask the victims if they've logged into "Reddit" recently to confirm or disprove this theory.
Basically, change your passwords and don't type passwords into websites without making sure the website is what you think it is.
-
Also use different PW on different site. All my other sites seem to be intact. No PP issues. use 2FA there.
Changed all PW just to be safe though.
-
Changed my GH password just in case.
-
Oofta. :-/ Thanks for the heads up, dgneo.
-
OH NOOooooooooooooooooooooooo!!!!!!!!!!
It's Rootwyrm aagain.... (http://emoticoner.com/files/emoticons/onion-head/crying2-onion-head-emoticon.gif?1292862497)
-
wait... you mean REDDIT was compromised?
Not gh right ?
-
Update!
I contacted the address that dgneo suggested and they got back to me promptly. I was able to recover the account and set up a new password.
I really don't know how it could have been compromised. I have not re-signed into reddit in forever, it just remembers me. My GH password is unique, so it wasn't related to the recent SSL stuff here. I use a password manager and I'm pretty sure the reddit account was unique as well, but I'm doubting myself a little because I can't imagine how else it could have been accessed, except it it had been a reused password from some old leak. :-/
-
wait... you mean REDDIT was compromised?
Not gh right ?
Everything points to nothing being compromised. Just a few unlucky individuals that might've clicked a bad link.
-
Could this be related to the recent yahoo breach?? :eek:
-
It's odd how it was so targeted at well known names in the community. It doesn't seem possible that random leaks from other sites could have been used to locate the reddit credentials for this specific group of people at r/mk. It's all very weird.
-
wait... you mean REDDIT was compromised?
Not gh right ?
Everything points to nothing being compromised. Just a few unlucky individuals that might've clicked a bad link.
This is exactly what the h4(k3rz want us to think.. (http://emoticoner.com/files/emoticons/onion-head/big-eye-onion-head-emoticon.gif?1292862491)
-
It's odd how it was so targeted at well known names in the community. It doesn't seem possible that random leaks from other sites could have been used to locate the reddit credentials for this specific group of people at r/mk. It's all very weird.
Hahhahahaa.. it's a good thing Tp4 = Destitute.. (http://emoticoner.com/files/emoticons/onion-head/crying1-onion-head-emoticon.gif?1292862497)
-
Got my reddit account back. :thumb:
-
Got my reddit account back. :thumb:
did they stealz the $4 from ur paypal ?
-
I use a real good pw for anything involves my damn money : P
Sent from my iPhone using Tapatalk
-
Could this be related to the recent yahoo breach?? :eek:
Are you on reddit?
-
Could this be related to the recent yahoo breach?? :eek:
Are you on reddit?
Yes.
-
Got my reddit account back. :thumb:
did they stealz the $4 from ur paypal ?
The fact that I had $4 in my PP at the time makes this creepy.
And yeah, the yahoo breach did come to mind, but again, who knows.
-
Got my reddit account back. :thumb:
did they stealz the $4 from ur paypal ?
The fact that I had $4 in my PP at the time makes this creepy.
And yeah, the yahoo breach did come to mind, but again, who knows.
(http://s4.postimage.org/1gjjd6nhg/th_190.gif)
-
Is it even possible to remotely sniff non-SSL traffic on a network that isn't compromised? I know it can be done locally via packet sniffers like Wireshark.
Seems like there are other ways their accounts may have been stolen. At first I thought it was GH that was affected so I changed my pw here :p
-
Is it even possible to remotely sniff non-SSL traffic on a network that isn't compromised? I know it can be done locally via packet sniffers like Wireshark.
Seems like there are other ways their accounts may have been stolen. At first I thought it was GH that was affected so I changed my pw here :p
what if the remote sniffer was injected into that aquakeytest that we host here..
They know the keyboard people can't resist aquakeytest.. (http://emoticoner.com/files/emoticons/onion-head/what-onion-head-emoticon.gif?1292862525)
-
Could this be related to the recent yahoo breach?? :eek:
If they reused their passwords it could be. Keep in mind though, the Yahoo breach was not recent. It happened in 2013, and was only recently disclosed to the public.
-
I don't know about anyone else but I set my Papal a while ago to require a text message code to log on with. If you have money in there its probably a good idea to do this.
Das where I keep all my Mercian dollars.
-
I don't know about anyone else but I set my Papal a while ago to require a text message code to log on with. If you have money in there its probably a good idea to do this.
Das where I keep all my Mercian dollars.
This is brilliant! I wasn't aware Paypal offered this service. Just added this to my account for sure
-
Ohh so was this why my reddit account was locked yeterday, wonders why I got email saying they locked it due to suspicious activity
-
Ohh so was this why my reddit account was locked yeterday, wonders why I got email saying they locked it due to suspicious activity
Nah, you're just a suspicious dude.
-
Ohh so was this why my reddit account was locked yeterday, wonders why I got email saying they locked it due to suspicious activity
Nah, you're just a suspicious dude.
Maybe but apparently I'm from China and Azerbaijan now
-
Blerg.
-
Huh, I completely forgot that I have a Reddit account. Apparently, my last login was ten months ago :-\
-
Huh, I completely forgot that I have a Reddit account. Apparently, my last login was ten months ago :-\
Tp4 has a reddit account.. but i forgot the password..
-
Reddit .... the source of all evil ....
Tp4 has a reddit account.. but i forgot the password..
You're not missing much :rolleyes:
-
I don't know about anyone else but I set my Papal a while ago to require a text message code to log on with. If you have money in there its probably a good idea to do this.
Das where I keep all my Mercian dollars.
Yeah, I use 2FA anytime I possibly have the option. :thumb:
-
I don't know about anyone else but I set my Papal a while ago to require a text message code to log on with. If you have money in there its probably a good idea to do this.
Das where I keep all my Mercian dollars.
Yeah, I use 2FA anytime I possibly have the option. :thumb:
Tp4 haz p00r people cellphone service..
Cricket doesn't allow paypal shortcode sms.. (http://onion-head.atspace.biz/big_onion/003.gif)
-
Could this be related to the recent yahoo breach?? :eek:
Are you on reddit?
Yes.
Hope you got it in time.
I'm not on Reddit, and use a different password for each site anyway.
-
Also should this be in Site Announcements (https://geekhack.org/index.php?board=63.0) in case people miss it in off topic?
-
Jagex blocks your password! Look: **********
-
people who steal accounts are gross
-
people who steal accounts are gross
Don't be so harsh..
Hackers gotta eat too...
-
people who steal accounts are gross
Reported for stolen account.
-
people who steal accounts are gross
Don't be so harsh..
Hackers gotta eat too...
tp4 nearly 10000.