New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WebHostingTalk.com - Compromised
Have not see this posted yet but I know there are probably many people here who have accounts at WHT. The accounts have been compromised and are up for sale. Note that there are also a few other forums listed as also compromised.
Thanked by 1Microlinux
Comments
ohh dear, can this happen here? time to clean up inbox maybe all should do the same and if can admin's tell us are our accounts safe?
I can't believe they're selling those databases, my friend over at a sec company (won't drop their name here) has access to one private community which the database is listed for free for anyone to download
I just logged into WHT with one of my burner accounts. No prompt to reset my password nor any posts that I could see that mention the compromise. Wonder if the forum owners and MODS even know yet?
looks like both wht and mac-forums use the same software on forums, so i would guess either exploit there, or compromised admin account. (altho i dont know shit)
i doubt LET has been compromised, But honestly, its (this year), pretty much anything can get hacked.
Just look at how alot of famous internet ppl are getting hacked. 2FA isnt that good when there still is a weak link between.
gotta get that money
Cool. I just changed my password here to the one that I had on WHT. That will be fun...
Already happened here, the LET database is the most abused of all.
Does their forum script support salted passwords, any information?
only stupid password get salted
why isn't there a thread on WHT about this? or is there?
As far as I know WHT uses MD5 and a salt which I believe can be decrypted if they have both which are stored in the database. Doesn't surprise me since they use VB4 the worst forum software after VB5.
First thing the hackers did was ask "What's your budget?"
oh no, someone can run sql queries to circumvent the forum search now.
That's literally all that comes to mind when I think of someone having the WHT database. Anyone who reused passwords from there on anything important has probably already had their email accounts hacked from other database leaks anyway.
Ok. Then they use a double md5 hash with a salt like that md5(md5(password)salt). I think it is hard to decrypt such passwords.
MD5 is not that fast to crack. The best known attack is 2^123.4 difficulty, so the only way you're going to crack it is with existing password lists. You don't even get the benefit of same password same hash.
Lovely to know you like to reuse passwords. I'll start cracking now
>
Plaintext
The point of hashing is that you can't decrypt it... It's like you trying to guess what a tree looked like from the wood in the pencil you have in front of you.
Sure you can rainbow table md5, but its not going to be any good when they're all salted with a unique salt. Generating rainbow tables per salt is possible, but really pointless unless you really want a specific users password.
Oh good, I sense this about to degenerate into people slapping each other around with their encryption dicks.
Lasciate ogni speranza, you will be hacked.
What is online is not secure, period. This debate about encryption and stuff will never circumvent 0day exploits, bugs, social engineering, human error or lack of expert skills, not to mention deliberate backdooring and watering down of encryption standards by 3 letters "agencies".
It will happen, we just need plans for coping with the fallout, backups in the first line, encryption of all data which will be leaked, changing keys and inhouse generated certificates, let's encrypt and similar schemes, updates, etc.
Let me repeat this, nothing online is secure, soon even your house will be hackable if not already.
No official reply yet... http://www.webhostingtalk.com/showthread.php?t=1584028
When money involves dont expect fast statements
There is no money involved.. What are they going to do, buy their own hacked DB off of people when it is already distributed?
If by money you mean those who pay for special privileges on WHT, then that is all the more reason to get an official statement out as soon as possible.
im talking about their subscription such premium wow coorporate memberships, they need to make minimum impact heh
http://www.webhostingtalk.com/showthread.php?t=1584028&p=9726227#post9726227
They are using Version 4.3.1 of Wordpress the latest is 4.5.x
vBulletin: http://www.webhostingtalk.com/clientscript/vbulletin-core.js?v=422
They are using version: vBulletin 4.2.2 Patch Level 4 which is outdated: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4345175-security-update-for-vbulletin-4
Useless fucking board I feel sorry for their corporate members. But I can't log into my account with my known passwords so I'm a bit happy about that after I raged at Bear and refused to login to their rubbish.
That forum needs to die gracefully
Its dead since 2-3 years. Full of robots commentig check the offers section.
More like burned to the ground lol
I wonder when will be the official statements.
Wow, LET must be in hack me lock down. Took many seconds to login to post this.
I wonder If my password takeme has been compromised at WHT now.
This is scary knowing sinister forces are at work on stealing stuff from servers