Comments, suggestions, questions about this forum? Post it here! Also for test purposes or Off-Topic discussions.

This forum has been hacked

Postby Gearnostalgia » 07 Jul 2022, 18:48

I just got information that my account on this forum have been picked up on a list of hacked account. Not a big deal on this forum, but if anybody use the same password on this forum as on other accounts - now is the time to change your passwords.
Gearnostalgia
 
Posts: 6
Joined: 20 Feb 2022, 23:28
Country: Sweden
Has thanked: 0 time
Been thanked: 0 time
Your Nord Gear #1: Nord Lead 3

This forum has been hacked


Sponsor
 

Re: This forum has been hacked

Postby FZiegler » 07 Jul 2022, 18:56

Thank you for letting that notification!

Do you have any hints if this is a problem that should come from stolen data from the website (which might affect all of us) or from your computer (which might be a problem for any other account you are using, but not others)? EDIT: Or to ask in another way: Is that list you were talking about an evidence that the forum system itself was hacked?
Last edited by FZiegler on 07 Jul 2022, 19:37, edited 1 time in total.
Stage 3 Compact (Rev.B 2.1 - OS 2.60) - Kawai VPC1 / Yamaha CP33 - Hall of Fame & NeoVent2 - Behringer Flow-8 - K&M stands 18820+18811 / 18953+18952 - Samsung tablet with MobileSheetsPro & AirTurn Duo200 - QSC K8.2s / Fischer InEars
User avatar
FZiegler
Donator
 
Posts: 2350
Joined: 15 Dec 2019, 02:41
Location: Germany south-west
Country: Germany
Has thanked: 618 times
Been thanked: 787 times
Your Nord Gear #1: Nord Stage 3

Re: This forum has been hacked

Postby analogika » 08 Jul 2022, 12:06

My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.
The Nord giveth; the Nord taketh away…
"The Angels of Libra are in the European vanguard of the [retro soul] movement“ (Bill Buckley, Soul and Jazz and Funk)
The Drawbars — off jazz organ trio
User avatar
analogika
 
Posts: 3288
Joined: 21 Nov 2013, 10:02
Country: Germany
Has thanked: 1126 times
Been thanked: 1398 times
Your Nord Gear #1: Nord Electro 2
Your Nord Gear #2: Nord Stage 3

Re: This forum has been hacked

Postby Gearnostalgia » 08 Jul 2022, 12:27

FZiegler wrote:Thank you for letting that notification!

Do you have any hints if this is a problem that should come from stolen data from the website (which might affect all of us) or from your computer (which might be a problem for any other account you are using, but not others)? EDIT: Or to ask in another way: Is that list you were talking about an evidence that the forum system itself was hacked?


Got the info from Apples security check that credentials used on this forum have been leaked. No big deal for me since I have unique pass on different sites and this is a non vital site with no economical info. So I just reset this password.
Gearnostalgia
 
Posts: 6
Joined: 20 Feb 2022, 23:28
Country: Sweden
Has thanked: 0 time
Been thanked: 0 time
Your Nord Gear #1: Nord Lead 3

Re: This forum has been hacked

Postby Gearnostalgia » 08 Jul 2022, 12:29

analogika wrote:My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.


Yes, I trust Apples security check pretty much so I am confident it was only from this site.
Gearnostalgia
 
Posts: 6
Joined: 20 Feb 2022, 23:28
Country: Sweden
Has thanked: 0 time
Been thanked: 0 time
Your Nord Gear #1: Nord Lead 3

Re: This forum has been hacked

Postby analogika » 08 Jul 2022, 13:03

Gearnostalgia wrote:
analogika wrote:My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.


Yes, I trust Apples security check pretty much so I am confident it was only from this site.

Does Apple's warning specifically state that your username and password from this website have been leaked?

Apple's security check (iOS 15.5) tells me that my password for this website has been seen elsewhere, which elevates the risk that this account might be easily compromised.

As I understand it, this means that it has NOT been scraped from this particular site, as that would lead to a warning that my login data (login name AND password) has been compromised. It just appeared in login dumps from somewhere, probably used by somebody else — or another of my accounts on a compromised website, where I was dumb enough to use the same password as here.
Last edited by analogika on 08 Jul 2022, 13:04, edited 1 time in total.
The Nord giveth; the Nord taketh away…
"The Angels of Libra are in the European vanguard of the [retro soul] movement“ (Bill Buckley, Soul and Jazz and Funk)
The Drawbars — off jazz organ trio
User avatar
analogika
 
Posts: 3288
Joined: 21 Nov 2013, 10:02
Country: Germany
Has thanked: 1126 times
Been thanked: 1398 times
Your Nord Gear #1: Nord Electro 2
Your Nord Gear #2: Nord Stage 3

Re: This forum has been hacked

Postby Gearnostalgia » 08 Jul 2022, 13:51

Can not remember exactly what the dialogue said, but I think it was "password used on nordlead forum has been picked up on list with stolen passwords". Or something like that. Is it possible to find those messages in some system log again?
Gearnostalgia
 
Posts: 6
Joined: 20 Feb 2022, 23:28
Country: Sweden
Has thanked: 0 time
Been thanked: 0 time
Your Nord Gear #1: Nord Lead 3

Re: This forum has been hacked

Postby maxpiano » 08 Jul 2022, 14:23

That message only means that the password you use on this forum has also been found in some list of "stolen" passwords, not that it was stolen from this site, neither that it was yours (maybe someone else using the same pwd).

Maybe the password you use is too generic (or "easy") and/or you are using the same password on other websites and one of those has been hacked, instead.
Last edited by maxpiano on 08 Jul 2022, 14:24, edited 1 time in total.
User avatar
maxpiano
Patch Creator
 
Posts: 6187
Joined: 27 Jun 2011, 13:29
Location: Italy
Country: Italy
Has thanked: 441 times
Been thanked: 2177 times
Your Nord Gear #1: Nord Stage 3

Re: This forum has been hacked

Postby FZiegler » 08 Jul 2022, 14:25

Interesting fact. Never heard about that iOS security feature. I'm a total Windows guy.

So Apple would encourage you strongly to only use unique passwords? I'm not so sure that all my login data on any forum in my life would be unique. Do they provide a password manager software, too?
Stage 3 Compact (Rev.B 2.1 - OS 2.60) - Kawai VPC1 / Yamaha CP33 - Hall of Fame & NeoVent2 - Behringer Flow-8 - K&M stands 18820+18811 / 18953+18952 - Samsung tablet with MobileSheetsPro & AirTurn Duo200 - QSC K8.2s / Fischer InEars
User avatar
FZiegler
Donator
 
Posts: 2350
Joined: 15 Dec 2019, 02:41
Location: Germany south-west
Country: Germany
Has thanked: 618 times
Been thanked: 787 times
Your Nord Gear #1: Nord Stage 3

Re: This forum has been hacked

Postby maxpiano » 08 Jul 2022, 14:43

FZiegler wrote:Interesting fact. Never heard about that iOS security feature. I'm a total Windows guy.

So Apple would encourage you strongly to only use unique passwords? I'm not so sure that all my login data on any forum in my life would be unique. Do they provide a password manager software, too?


Password "Security Recommendations" is a feature which is part of iOS password management since iOS14, it analyzes various types of potential risks and highlights them, but as the name says they are suggestions, you are not forced to follow them if you evaluate the risk is low.

If you search the web for "apple password security recommendations" you can find many pages with more details about it.
Last edited by maxpiano on 08 Jul 2022, 14:46, edited 3 times in total.
User avatar
maxpiano
Patch Creator
 
Posts: 6187
Joined: 27 Jun 2011, 13:29
Location: Italy
Country: Italy
Has thanked: 441 times
Been thanked: 2177 times
Your Nord Gear #1: Nord Stage 3

Next

Return to Off Topic / About this Forum



Who is online

Users browsing this forum: No registered users and 9 guests