1. Download our Official Android App: Forums for Android!

This Site Has Been Hacked

Discussion in 'Suggestion Box & Feedback' started by JD_Racer_Dad, Sep 25, 2016.

  1. cirtbrethren

    cirtbrethren Lurker
    Rank:
    None
    Points:
    6
    Posts:
    3
    Joined:
    Dec 2, 2009

    Dec 2, 2009
    3
    1
    6
    I use CompleteID (from Costco) and was notified yesterday that my email, username, and password were hacked from android forums, so everyone should change their password, and change that password if you use it on other sites.
     

    Advertisement

    JD_Racer_Dad likes this.
  2. Bwayno

    Bwayno Lurker
    Rank:
    None
    Points:
    6
    Posts:
    2
    Joined:
    Oct 15, 2010

    Oct 15, 2010
    2
    1
    6
    My ID protection emailed me the same thing.... This site has been hacked. Change password asap!
     
    JD_Racer_Dad likes this.
  3. Hadron

    Hadron Smoke me a kipper...
    VIP Member
    Rank:
     #8
    Points:
    2,468
    Posts:
    24,671
    Joined:
    Aug 9, 2010

    Aug 9, 2010
    24,671
    19,051
    2,468
    Spacecorp Test Pilot
    Dimension Jumping
    One thing I've noticed is that none of the people posting to this thread so far are members who have joined since that attack: the OP, who joined in October 2011, is the "newest" member to post here so far. So this could still be residual damage from that hack, with someone posting details several years after the event.
     
    #28 Hadron, Sep 25, 2016
    Last edited: Sep 25, 2016
    Mikestony, Slug and scary alien like this.
  4. Phases

    Phases NO LONGER ADMIN
    Rank:
    None
    Points:
    1,503
    Posts:
    9,075
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,075
    20,640
    1,503
    Male
    IT
    Nashville, TN
    I currently believe it is details from the original hack.. but can't be sure yet. Give us some time, tech staff are being asked to come online and help look into this.

    Also want to note with regards to that hack in 2012, please know we of course were under huge pressure to figure it out and decide the best course of action quickly. We all weighed in and what was ultimately done, was done. What we did or did not do was not and will not be agreeable to everyone.

    The whole mess was not easy on anyone involved.

    Thanks,
     
  5. CowardlyLion

    CowardlyLion Guest
    Rank:
    None
    Posts:
    0
    Joined:

    Same here. Just changed my password.
     
  6. Kelita

    Kelita Android Enthusiast
    Rank:
    None
    Points:
    53
    Posts:
    331
    Joined:
    Jun 12, 2010

    Jun 12, 2010
    331
    55
    53
    Female
    Arizona
    Add me to the list of members who also got the notification via myIDCare this morning. Looks like they got my email addy, password, and user name.
     
    JD_Racer_Dad likes this.
  7. amoksoft

    amoksoft Lurker
    Rank:
    None
    Points:
    6
    Posts:
    1
    Joined:
    Jan 10, 2011

    Jan 10, 2011
    1
    1
    6
    Just adding another data point here, not trying to stir anything up. I was notified this morning about this as well from idnotify.
     
    JD_Racer_Dad likes this.
  8. Slug

    Slug Check six!
    VIP Member
    Rank:
    None
    Points:
    2,043
    Posts:
    20,541
    Joined:
    Aug 1, 2009

    Aug 1, 2009
    20,541
    17,001
    2,043
    Male
    Mobile phone retail
    Inverness, UK
    Exactly. So where does AF draw the line? A month of no activity? A year? Five years (like many of those posting here)? Admin could easily expire accounts after x months inactivity, but here's no way to (afaik) nullify accounts that simply view the site. We don't want to force members to post... some people merely want info without dialogue.

    Well it's not a new hack as I've been here almost daily since the original breach in 2012 and I've yet to see an alert. It is possible that these "ID protection" sites are sending out-dated warnings.
     
    JD_Racer_Dad and scary alien like this.
  9. KSmithInNY

    KSmithInNY Newbie
    Rank:
    None
    Points:
    16
    Posts:
    10
    Joined:
    Jun 6, 2010

    Jun 6, 2010
    10
    7
    16
    So this caught my eye;
    The password in my kroll dashboard is masked but when I copy and paste it into a character counter the result is 30 characters long. I'm 99% sure my previous (prior to me changing it today) password for this website was 30 characters long. I can't be 100% sure because I changed the password in lastpass this morning and lastpass doesn't have historical data as far as I can tell.
    I use lastpass to generate random unique passwords. I have been using lastpass for 51 weeks. I'm just 1 week shy of using lastpass for 12 months and i know that because i need to renew my lastpass membership by the end of this week.

    It could be a coincidence that the password in my kroll dashboard is 30 characters long or it also could be an indicator that the data is minimally less than 51 weeks old. In 2012, when the original data breach occurred my password would have been 8-ish characters, not 30. I cringe thinking about it but i can recall the password because I used it for everything. When I got lastpass I changed every password for every service available.

    Anyway, my password is changed so good luck in the investigation! I'm moving onward!!
     
    JD_Racer_Dad likes this.
  10. eastrader

    eastrader Lurker
    Rank:
    None
    Points:
    5
    Posts:
    6
    Joined:
    Oct 19, 2010

    I received two notices that is has been the one Kroll is the same that provides security checks for any govt official.
     
  11. BMGRAHAM

    BMGRAHAM Newbie
    Rank:
    None
    Points:
    15
    Posts:
    10
    Joined:
    Jul 11, 2010

    Jul 11, 2010
    10
    0
    15
    I got the same message from the credit monitoring service provided by the US government after one of their sites was hacked. That having been said, I am not convinced they are sending out up to date alerts.
     
  12. cputrdoc

    cputrdoc Newbie
    Rank:
    None
    Points:
    16
    Posts:
    10
    Joined:
    Aug 23, 2010

    Aug 23, 2010
    10
    1
    16
    Lifelock notified me this morning that it was published as a lbsg.net username/password. I called them a few minutes ago and they said it actually as Android Forums, but there's some sort of an affiliation between Android Forums and lbsg.net.

    The password published was a hash, but Lifelock said it was a weak hash, easily decrypted.
     
    #37 cputrdoc, Sep 25, 2016
    Last edited: Sep 25, 2016
    JD_Racer_Dad likes this.
  13. Phases

    Phases NO LONGER ADMIN
    Rank:
    None
    Points:
    1,503
    Posts:
    9,075
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,075
    20,640
    1,503
    Male
    IT
    Nashville, TN
    Hashes don't decrypt.. only collide or become predictable. It's a one way function. In fact to qualify as a hash it must be non reversable as one of the requirements.

    That said md5 has long been considered weak. Course vb did take it a step or two further and md5 with salt then md5 again so... while the output length implied straight weak ol md5.. it was a slightly improved upon version.

    Lbsg.net? I've never heard of that. Unless Rob has kept me in the dark on a project! I'm curious about this.

    So far we see nothing fishy and are very inclined to believe these services are only now becoming aware of or have finally imported the relevant data, so are sending the alerts. It's been out there a while now, and so far no newer users have received such a notice, as far as we yet know.

    Still digging in..
     
    #38 Phases, Sep 25, 2016
    Last edited: Sep 25, 2016
    scary alien likes this.
  14. riddle

    riddle Lurker
    Rank:
    None
    Points:
    6
    Posts:
    1
    Joined:
    Apr 27, 2011

    Apr 27, 2011
    1
    1
    6
    I got the alert from my credit monitoring service yesterday as well. I'm inclined to believe it's the old data due to the lack of newer users posting here.
     
    scary alien likes this.
  15. gnocchi_ny

    gnocchi_ny Lurker
    Rank:
    None
    Points:
    5
    Posts:
    2
    Joined:
    Jan 30, 2011

    Jan 30, 2011
    2
    0
    5
    I was alerted by myidcare as well
     
  16. noiddroid

    noiddroid Lurker
    Rank:
    None
    Points:
    6
    Posts:
    5
    Joined:
    Dec 26, 2009

    Dec 26, 2009
    5
    1
    6
    I also got notified by opm MyIDCare that my email and password for this site were hacked and available online for sale. I have not logged in to this site for years, but logged in under my old password and changed it.
    Just adding my name to the list of folks that can vouch for being hacked.
     
    JD_Racer_Dad likes this.
  17. LizMac

    LizMac Android Enthusiast
    Rank:
    None
    Points:
    88
    Posts:
    340
    Joined:
    Nov 14, 2013

    Nov 14, 2013
    340
    203
    88
    Female
    So, yeah, I logged in with a phony password and yet here I am logged in. Weird.
     
  18. Phases

    Phases NO LONGER ADMIN
    Rank:
    None
    Points:
    1,503
    Posts:
    9,075
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,075
    20,640
    1,503
    Male
    IT
    Nashville, TN
    PM'd you LizMac
     
  19. AZgl1500

    AZgl1500 Extreme Android User
    Rank:
    None
    Points:
    618
    Posts:
    6,396
    Joined:
    Feb 3, 2011

    Feb 3, 2011
    6,396
    3,141
    618
    Male
    Retired and loving it.
    Oklahoma grasslands
    I just changed my password here, so it is a mute point now. :) and my username here is unique also.
     
  20. Puppa

    Puppa Android Enthusiast
    Rank:
    None
    Points:
    73
    Posts:
    320
    Joined:
    Apr 25, 2010

    Apr 25, 2010
    320
    93
    73
    Linux kernel development, Android & Chrome
    Raleigh, NC
    Yep--same thing from my Identity Protection...definitely hacked. PW changed now...
     
    JD_Racer_Dad likes this.
  21. Mikey J

    Mikey J Lurker
    Rank:
    None
    Points:
    6
    Posts:
    9
    Joined:
    Sep 25, 2016

    Sep 25, 2016
    9
    3
    6
    Male
    And I picked TODAY to join this forum... Just my luck. I can and will change my PW every day. :)
     
    JD_Racer_Dad likes this.
  22. CenturionB

    CenturionB Well-Known Member
    Rank:
    None
    Points:
    63
    Posts:
    234
    Joined:
    Feb 14, 2016

    Feb 14, 2016
    234
    32
    63
    Male
    it's insane
    you held the data what "they published"? how they pass from your email? rofl
     
  23. Phases

    Phases NO LONGER ADMIN
    Rank:
    None
    Points:
    1,503
    Posts:
    9,075
    Joined:
    Sep 9, 2008

    Sep 9, 2008
    9,075
    20,640
    1,503
    Male
    IT
    Nashville, TN
    All,

    We have determined, unless additional useful info is found, that this is simply a case of either:

    a) new round of monitoring agencies finding or sharing the known data and starting to notify,

    or

    b) a case of the same info being posted, but in a new spot.

    ..either case, it appears the alert being sent is referencing the same data the haveibeenpwned.com website has been sending alerts for for some time now - not a new breach. The hack this thread is referencing is the one from 2012, long published about here, and on Phandroid, as well as many other sites around the web.

    There is no indication of a new breach, or any since the 2012 incident. We have checked databases that hold this info for emails in our database both before and after said breach - and accounts from before were, of course, found - but none from after.

    Pending any new accounts coming forward saying they are getting the alert - or Rob discovering anything from the monitoring agency in side-talks - we are confident this is simply a new alarm for an old breach. Plain text passwords are not for sale - if they are they would have been rainbow'd, and that's effective mainly on simply or pattern'd passwords, like "password", "12345" and other dictionary terms and patterns.

    Accounts newer than July 2012 were not, and as far as we know now, are not otherwise, affected.

    All that said - we do still recommend you change your password here and on all sites that used shared passwords at the time if you've not yet done so - and we also recommend you enable two-step or dual/multi factor authentication anywhere you can. You can here on AF - on this page. You can do this with your gmail account (which is highly recommended), here.

    If unfamiliar with what that is - basically you are authenticated not just by password (what you know), but something else as well, like (like "what you have" (code sent to your phone, for example)). It adds a new layer, so if someone knows your password, they still need your phone with them to successfully log in. This is especially important for email, because getting access to most people's main email account gives them access to so, so many other things.

    (Hey, side note - put a password/pin/pattern lock on your phone. The importance of this is highly, highly underrated. Why? Because in the world of Android and iOS - if they are in your phone, they are in your email and everything else.)

    Appreciate all the alerts on this, we all hopped online to dig in - these sorts of things are not to be taken lightly. As you can see, we haven't even managed to recover fully, four years after the fact! I get emails thanks to this every week, sometimes everyday. There are some sites/companies that downright crumble following a breach, it is not easy to deal with and definitely not something we want to see a repeat of - for us OR our members.

    If you have any questions or concerns feel free to send me a Conversation/PM - or shoot me an email @ phases at neverstill dot com - I'll be happy to help.
     
    #48 Phases, Sep 26, 2016
    Last edited: Sep 26, 2016
    Hadron, mikedt, Xyro and 10 others like this.
  24. Revenant Ghost

    Revenant Ghost Android Expert
    Rank:
    None
    Points:
    333
    Posts:
    2,121
    Joined:
    Jun 30, 2012

    Jun 30, 2012
    2,121
    1,173
    333
    Hell
    I joined AF just a few days before that timeframe. Changed my password, just in case.
     
  25. dontpanicbobby

    VIP Member
    Rank:
     #15
    Points:
    1,563
    Posts:
    14,646
    Joined:
    Dec 31, 2011

    Dec 31, 2011
    14,646
    9,227
    1,563
    Male
    Boston MA USA
    Why didn't I get notifications, I'm using 3 different android operating systems and not one sent me a warning? Got to be the new ID Protection apps. The only one I have is KNOX on my Note 3 and not a peep. Samsung still makes you use KNOX right?
     

Share This Page

Loading...