Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Kimsufi Hacked? (the company)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Kimsufi Hacked? (the company)

ChatahoochChatahooch Member
edited February 2017 in General

https://breachalarm.com/all-sources

Got a notification regarding my e-mail at Kimsufi.

If so a little concerned about OVH as well.

«1

Comments

  • ewrekewrek Member
    edited February 2017

    nevermind

  • yes was hacked
    969,084 Users] | 2015 - (ovh.com) OVH & Kimsufi Database

    Yes was dumped is public, idk who data was leaked becose i not download the data but is in internet avaliable to download

  • ChatahoochChatahooch Member
    edited February 2017

    What?

  • @raikkosi

    This is not the same. Check the date.

  • Anon kimsufi.com 2017-02-15 680,194

    Interesting...

  • Weird. I got an email 2 days ago from OVH about abuse on a server which I don't own. Probably not related tho.

  • @Chatahooch said:
    https://breachalarm.com/all-sources

    Got a notification regarding my e-mail at Kimsufi.

    If so a little concerned about OVH as well.

    Kimsufi made any public release ? Database is available for download, if then it is horrible.

  • quickquick Member
    edited February 2017

    kurdish anti isis hacker at work again?

    Thanked by 2Yura doughmanes
  • I have just got my hands on a copy of the database to check my own details on there, its only forum data that has been compromised

    Compromised data: Email addresses, IP addresses, Passwords, Usernames

  • @piohost said:
    I have just got my hands on a copy of the database to check my own details on there, its only forum data that has been compromised

    Compromised data: Email addresses, IP addresses, Passwords, Usernames

    Your talking about the old 2015 hack.

    The vBulletin forum contained over half a million accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames

  • Not sure if it's a real validated leak, am going to update all my Ovh account just for precaution in case it is real.

  • It is well known that all OVH websites are insecure, so this is not a surprise.

  • netomxnetomx Moderator, Veteran

    @trvz said:
    It is well known that all OVH websites are insecure, so this is not a surprise.

    Source?

    Thanked by 1Lee
  • trvz said: It is well known that all OVH websites are insecure, so this is not a surprise.

    I am not sure if it's true. Would be great if you can give any source.

    Thanked by 1netomx
  • OVH has 2FA so just enable it to be sure. They support both SMS and third party apps.

  • They also have Restricted IPs, I just allow a couple of my static VPN IPs to logon to my accounts.

    Thanked by 1doughmanes
  • Wicked said:

    OVH has 2FA so just enable it to be sure.

    That doesn't necessarily help if the server is cracked. TOTP style 2FA depends on a secret seed kept in the server, which the attackers could have gotten along with the passwords.

  • EasedEased Member, Host Rep

    Hrmm. Hopefully OVH isn't affected.

  • Yeah I can only find sources indicating it was Kimsufi that this happened to, Kimsufi's manager, SoYouStarts manager, ca.ovh.com/manager and ovh.com/manager are all separate systems on separate databases and servers so I'm not concerned about their bigger services as of now

  • So what does this affect exactly. Have anyone confirmed this is valid?

  • MikeAMikeA Member, Patron Provider

    I don't have any Kimsufi servers, but I'd hope everyone uses 2FA and randomized passwords now in 2017.

    @Domin43 said:
    So what does this affect exactly. Have anyone confirmed this is valid?

    Almost certainly just Kimsufi panel accounts, the typical info in the account page.

    Thanked by 1GamerTech24
  • I find it hard to believe such companies would keep passwords in clear, most likely passwords are stored encrypted. However, personal details can be stolen in such unfortunate events.

  • jarjar Patron Provider, Top Host, Veteran
    edited February 2017

    This doesn't appear to list only things that were hacked directly. Take a look at this one:

    Volca780   Facebook accounts   2017-02-12  1,695

    First of all, to have hacked FB and only received information about 1,695 users would be odd. Second, to have hacked FB and it be known that you pulled user data would surely be a huge story somewhere.

    Very possible they are just scraping pastebins and such. Lists achieved through anything from cracking to social engineering campaigns, I'd bet. In which case, that is probably a reference to this event:

    Kimsufi: In mid-2015, the forum for the providers of affordable dedicated servers known as Kimsufi suffered a data breach. The vBulletin forum contained over half a million accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.
    
    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Thanked by 2GamerTech24 deadbeef
  • Interesting list, who report all these records? No Hillary email account at this time? :)

  • WickedWicked Member
    edited February 2017

    @jenkki said:
    Interesting list, who report all these records? No Hillary email account at this time? :)

    Seems like you can just tweet at them with a list and they put it up. So simply put 10 users in a pastebin, tweet them and boom, you hacked facebook.

    Did nobody notice this one?

    HackTheWorld

    fbi.gov

    2017-02-09

    55

    Thanked by 1GamerTech24
  • @Wicked said:

    @jenkki said:
    Interesting list, who report all these records? No Hillary email account at this time? :)

    Seems like you can just tweet at them with a list and they put it up. So simply put 10 users in a pastebin, tweet them and boom, you hacked facebook.

    Did nobody notice this one?

    HackTheWorld

    fbi.gov

    2017-02-09

    55

    lol fbi.gov hacked, that's new

  • jenkkijenkki Member
    edited February 2017

    Wicked said: fbi.gov

    2017-02-09

    55

    Yep I seen it, just interesting, total 55 fbi persons got compromised, or fbi.gov got hacked 55 times already :)

  • Several fbi persons who order Kimsufi on previous Black Friday and upload their ID and utility bill for account verification now got compromised even twice!

  • AnthonySmithAnthonySmith Member, Patron Provider

    tl;dr breachalarm is probably ran by bitninja.

  • AnthonySmith said: bitninja

    Email title: All your base! Attacked!

Sign In or Register to comment.