SimplePortal
SimplePortal => News and Announcements => Topic started by: [SiNaN] on June 20, 2016, 05:14:22 PM
-
Dear SimplePortal community members,
On 17 June 2016, we discovered that unauthorized access to our website and database had been obtained on 16 June 2016. We determined that the unauthorized access has been obtained using stolen credentials of a high-level user.
We would like to make it clear that your personal SimplePortal installations were not affected in any way by this. We would like to assure you that your installations running the latest versions of SimplePortal and SMF should be safe. The unauthorized access was restricted to just our website.
The hacker attempted to download our database, but as of yet we are not certain that it was successful. Regardless, it's possible that your usernames, emails and hashed passwords have been retrieved by the attacker.
For this reason, we would like you to change your passwords for this website and we strongly advise you to change your passwords on any other website where you may have been using the same passwords. Using unique passwords on all websites is very important to prevent such attacks. Note that, if you had shared passwords using personal messaging system, they can no longer be considered safe and needs to be changed as well.
To ensure the safety of our website, we have updated all the relevant credentials and rebuilt our installation from the ground up. We will implement stricter security policies in the coming days to make sure that such an unfortunate event does not happen again.
We are truly sorry for what happened and we deeply apologize for the inconvenience this has caused. We hope that you will continue to support us to make SimplePortal a better portal solution for your forums.
-The SimplePortal Team
-
At 6:35 am [Melb, Aus] on the 16th June my Twitter and email were hacked into and my identity and Twitter handle stolen (which I have used online since 2005).
I was lucky to have my identity returned to me on the 21st after 5 days of stressing and feeling sick. I have an IP and more information if you want to compare records to see if it was the same criminal.
-
Say the truth: it was you that stolen your own identity and hacked SP!!! :P
-
See, if I'd stolen your identity, all I would do is order a pizza on your tab. :P
-
(http://cdn.memegenerator.net/instances/400x/22534142.jpg)
-
This just highlights the importance of not reusing the same password across applications :)
-
This just highlights the importance of not reusing the same password across applications :)
I DIDN'T though. The password on my Twitter was half of the password here plus some extra characters at the start and end.
Like if I used ChUrumuStUhu6ut SP was using that and Twitter was using jblazeStUhu6ut2001 for example. Both different but still slightly similar.
Say the truth: it was you that stolen your own identity and hacked SP!!! :P
Ha ha if you want this jerks IP I can send it on but I think it was spoofed.
-
This is pretty serious news, thanks for the heads up. I already went and changed a lot of my passwords just in case.
Though, why was Jade Elizabeth a High-Level user in the first place?
-
She wasn't, that is another hack happened on another site that compromised *exclusively* her account. This side hack (merely a coincidence) has nothing to deal with SimplePortal accounts other than hers ;)
As a reference, the site that was hacked and caused Jade's account to be compromised (although nobody other than her actually managed to log in), was this: http://www.twitt3d.com/ (and it's still hacked as of now).
-
She wasn't, that is another hack happened on another site that compromised *exclusively* her account. This side hack (merely a coincidence) has nothing to deal with SimplePortal accounts other than hers ;)
... that would mean her account here is a high level user?
-
I wonder where you are reading that Jade's account was the entrance point for SP hacking, mind explaining?
-
This is pretty serious news, thanks for the heads up. I already went and changed a lot of my passwords just in case.
Though, why was Jade Elizabeth a High-Level user in the first place?
My account here is not a high level user, you'd have to be an ADMIN to get the kind of access from the first post. I was hacked on twitter at the same time and suspected similar people may have done it because I have an account here and its password is similar to my twitter, my twitter was half of the password here which is letters and numbers FYI.
At 6:35 am [Melb, Aus] on the 16th June my Twitter and email were hacked into and my identity and Twitter handle stolen (which I have used online since 2005).
I was lucky to have my identity returned to me on the 21st after 5 days of stressing and feeling sick. I have an IP and more information if you want to compare records to see if it was the same criminal.
My post, with highlights because you misunderstood.
-
Jade's talking about something separate, but topically related.
-
Ah, I see now. For some reason I thought Jade was this person Sinan was speaking about since she was talking about getting hacked on a different site lol. I thought maybe she since got hacked on another site they reused information on this site.
-
Nah my account was so secure here I couldn't get into it XD.
-
Nah my account was so secure here I couldn't get into it XD.
This gave me a good laugh. Thank you for that!
-
This just highlights the importance of not reusing the same password across applications :)
Kitchenlola (https://kitchenlola.com/) to get reviews.
For me having different passwords is not enough. I change them every year on all accounts just for safety measure because every year I keep hearing about some zero day exploits or accounts stolen. And Sinan's announcement just proves my point.