This forum has been hacked

Comments, suggestions, questions about this forum? Post it here! Also for test purposes or Off-Topic discussions.
Gearnostalgia
Posts: 6
Joined: 20 Feb 2022, 23:28
2
Your Nord Gear #1: Nord Lead 3
Sweden

This forum has been hacked

Post by Gearnostalgia »

I just got information that my account on this forum have been picked up on a list of hacked account. Not a big deal on this forum, but if anybody use the same password on this forum as on other accounts - now is the time to change your passwords.
User avatar
FZiegler
Donator
Posts: 2635
Joined: 15 Dec 2019, 02:41
4
Your Nord Gear #1: Nord Stage 3
Location: Germany south-west
Has thanked: 722 times
Been thanked: 896 times
Contact:
Germany

Re: This forum has been hacked

Post by FZiegler »

Thank you for letting that notification!

Do you have any hints if this is a problem that should come from stolen data from the website (which might affect all of us) or from your computer (which might be a problem for any other account you are using, but not others)? EDIT: Or to ask in another way: Is that list you were talking about an evidence that the forum system itself was hacked?
Last edited by FZiegler on 07 Jul 2022, 19:37, edited 1 time in total.
Stage 3 Compact (Rev.B 2.1 - OS 2.60) - Kawai VPC1 / Yamaha CP33 - Hall of Fame & NeoVent2 - Behringer Flow-8 - K&M stands 18820+18811 / 18953+18952 - Samsung tablet with MobileSheetsPro & AirTurn Duo200 - QSC K8.2s / Fischer InEars
User avatar
analogika
Posts: 3344
Joined: 21 Nov 2013, 10:02
10
Your Nord Gear #1: Nord Electro 2
Your Nord Gear #2: Nord Stage 3
Has thanked: 1178 times
Been thanked: 1448 times
Germany

Re: This forum has been hacked

Post by analogika »

My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.
The Nord giveth; the Nord taketh away…
"The Angels of Libra are in the European vanguard of the [retro soul] movement“ (Bill Buckley, Soul and Jazz and Funk)
The Drawbars — off jazz organ trio
Gearnostalgia
Posts: 6
Joined: 20 Feb 2022, 23:28
2
Your Nord Gear #1: Nord Lead 3
Sweden

Re: This forum has been hacked

Post by Gearnostalgia »

FZiegler wrote:Thank you for letting that notification!

Do you have any hints if this is a problem that should come from stolen data from the website (which might affect all of us) or from your computer (which might be a problem for any other account you are using, but not others)? EDIT: Or to ask in another way: Is that list you were talking about an evidence that the forum system itself was hacked?
Got the info from Apples security check that credentials used on this forum have been leaked. No big deal for me since I have unique pass on different sites and this is a non vital site with no economical info. So I just reset this password.
Gearnostalgia
Posts: 6
Joined: 20 Feb 2022, 23:28
2
Your Nord Gear #1: Nord Lead 3
Sweden

Re: This forum has been hacked

Post by Gearnostalgia »

analogika wrote:My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.
Yes, I trust Apples security check pretty much so I am confident it was only from this site.
User avatar
analogika
Posts: 3344
Joined: 21 Nov 2013, 10:02
10
Your Nord Gear #1: Nord Electro 2
Your Nord Gear #2: Nord Stage 3
Has thanked: 1178 times
Been thanked: 1448 times
Germany

Re: This forum has been hacked

Post by analogika »

Gearnostalgia wrote:
analogika wrote:My login data from this site have *not* been leaked.

Are you certain that this is the only place you use those particular login credentials?

Also, note that iOS will warn you if a particular password has been scraped and shows up in a dump, even if the login name or e-mail address has not been associated with it. So, if anybody else has used the same password as you do here, on any site whose login data has been hacked anywhere on the internet, you will get a warning about this site.

This is because the first thing that hackers do when trying to compromise accounts is to check a list of things people have previously used as passwords.
Yes, I trust Apples security check pretty much so I am confident it was only from this site.
Does Apple's warning specifically state that your username and password from this website have been leaked?

Apple's security check (iOS 15.5) tells me that my password for this website has been seen elsewhere, which elevates the risk that this account might be easily compromised.

As I understand it, this means that it has NOT been scraped from this particular site, as that would lead to a warning that my login data (login name AND password) has been compromised. It just appeared in login dumps from somewhere, probably used by somebody else — or another of my accounts on a compromised website, where I was dumb enough to use the same password as here.
Last edited by analogika on 08 Jul 2022, 13:04, edited 1 time in total.
The Nord giveth; the Nord taketh away…
"The Angels of Libra are in the European vanguard of the [retro soul] movement“ (Bill Buckley, Soul and Jazz and Funk)
The Drawbars — off jazz organ trio
Gearnostalgia
Posts: 6
Joined: 20 Feb 2022, 23:28
2
Your Nord Gear #1: Nord Lead 3
Sweden

Re: This forum has been hacked

Post by Gearnostalgia »

Can not remember exactly what the dialogue said, but I think it was "password used on nordlead forum has been picked up on list with stolen passwords". Or something like that. Is it possible to find those messages in some system log again?
User avatar
maxpiano
Patch Creator
Posts: 6622
Joined: 27 Jun 2011, 13:29
13
Your Nord Gear #1: Nord Stage 3
Location: Italy
Has thanked: 484 times
Been thanked: 2319 times
Italy

Re: This forum has been hacked

Post by maxpiano »

That message only means that the password you use on this forum has also been found in some list of "stolen" passwords, not that it was stolen from this site, neither that it was yours (maybe someone else using the same pwd).

Maybe the password you use is too generic (or "easy") and/or you are using the same password on other websites and one of those has been hacked, instead.
Last edited by maxpiano on 08 Jul 2022, 14:24, edited 1 time in total.
User avatar
FZiegler
Donator
Posts: 2635
Joined: 15 Dec 2019, 02:41
4
Your Nord Gear #1: Nord Stage 3
Location: Germany south-west
Has thanked: 722 times
Been thanked: 896 times
Contact:
Germany

Re: This forum has been hacked

Post by FZiegler »

Interesting fact. Never heard about that iOS security feature. I'm a total Windows guy.

So Apple would encourage you strongly to only use unique passwords? I'm not so sure that all my login data on any forum in my life would be unique. Do they provide a password manager software, too?
Stage 3 Compact (Rev.B 2.1 - OS 2.60) - Kawai VPC1 / Yamaha CP33 - Hall of Fame & NeoVent2 - Behringer Flow-8 - K&M stands 18820+18811 / 18953+18952 - Samsung tablet with MobileSheetsPro & AirTurn Duo200 - QSC K8.2s / Fischer InEars
User avatar
maxpiano
Patch Creator
Posts: 6622
Joined: 27 Jun 2011, 13:29
13
Your Nord Gear #1: Nord Stage 3
Location: Italy
Has thanked: 484 times
Been thanked: 2319 times
Italy

Re: This forum has been hacked

Post by maxpiano »

FZiegler wrote:Interesting fact. Never heard about that iOS security feature. I'm a total Windows guy.

So Apple would encourage you strongly to only use unique passwords? I'm not so sure that all my login data on any forum in my life would be unique. Do they provide a password manager software, too?
Password "Security Recommendations" is a feature which is part of iOS password management since iOS14, it analyzes various types of potential risks and highlights them, but as the name says they are suggestions, you are not forced to follow them if you evaluate the risk is low.

If you search the web for "apple password security recommendations" you can find many pages with more details about it.
Last edited by maxpiano on 08 Jul 2022, 14:46, edited 3 times in total.
Post Reply