New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Kimsufi Hacked? (the company)
Chatahooch
Member
https://breachalarm.com/all-sources
Got a notification regarding my e-mail at Kimsufi.
If so a little concerned about OVH as well.
Comments
nevermind
yes was hacked
969,084 Users] | 2015 - (ovh.com) OVH & Kimsufi Database
Yes was dumped is public, idk who data was leaked becose i not download the data but is in internet avaliable to download
What?@raikkosi
This is not the same. Check the date.
Anon kimsufi.com 2017-02-15 680,194
Interesting...
Weird. I got an email 2 days ago from OVH about abuse on a server which I don't own. Probably not related tho.
Kimsufi made any public release ? Database is available for download, if then it is horrible.
kurdish anti isis hacker at work again?
I have just got my hands on a copy of the database to check my own details on there, its only forum data that has been compromised
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Your talking about the old 2015 hack.
The vBulletin forum contained over half a million accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Not sure if it's a real validated leak, am going to update all my Ovh account just for precaution in case it is real.
It is well known that all OVH websites are insecure, so this is not a surprise.
Source?
I am not sure if it's true. Would be great if you can give any source.
OVH has 2FA so just enable it to be sure. They support both SMS and third party apps.
They also have Restricted IPs, I just allow a couple of my static VPN IPs to logon to my accounts.
That doesn't necessarily help if the server is cracked. TOTP style 2FA depends on a secret seed kept in the server, which the attackers could have gotten along with the passwords.
Hrmm. Hopefully OVH isn't affected.
Yeah I can only find sources indicating it was Kimsufi that this happened to, Kimsufi's manager, SoYouStarts manager, ca.ovh.com/manager and ovh.com/manager are all separate systems on separate databases and servers so I'm not concerned about their bigger services as of now
So what does this affect exactly. Have anyone confirmed this is valid?
I don't have any Kimsufi servers, but I'd hope everyone uses 2FA and randomized passwords now in 2017.
Almost certainly just Kimsufi panel accounts, the typical info in the account page.
I find it hard to believe such companies would keep passwords in clear, most likely passwords are stored encrypted. However, personal details can be stolen in such unfortunate events.
This doesn't appear to list only things that were hacked directly. Take a look at this one:
First of all, to have hacked FB and only received information about 1,695 users would be odd. Second, to have hacked FB and it be known that you pulled user data would surely be a huge story somewhere.
Very possible they are just scraping pastebins and such. Lists achieved through anything from cracking to social engineering campaigns, I'd bet. In which case, that is probably a reference to this event:
Interesting list, who report all these records? No Hillary email account at this time?
Seems like you can just tweet at them with a list and they put it up. So simply put 10 users in a pastebin, tweet them and boom, you hacked facebook.
Did nobody notice this one?
HackTheWorld
fbi.gov
2017-02-09
55
lol fbi.gov hacked, that's new
2017-02-09
55
Yep I seen it, just interesting, total 55 fbi persons got compromised, or fbi.gov got hacked 55 times already
Several fbi persons who order Kimsufi on previous Black Friday and upload their ID and utility bill for account verification now got compromised even twice!
tl;dr breachalarm is probably ran by bitninja.
Email title: All your base! Attacked!