SimplePortal

SimplePortal => News and Announcements => Topic started by: [SiNaN] on June 20, 2016, 05:14:22 PM

Title: Security Breach on Community Forums
Post by: [SiNaN] on June 20, 2016, 05:14:22 PM
Dear SimplePortal community members,

On 17 June 2016, we discovered that unauthorized access to our website and database had been obtained on 16 June 2016. We determined that the unauthorized access has been obtained using stolen credentials of a high-level user.

We would like to make it clear that your personal SimplePortal installations were not affected in any way by this. We would like to assure you that your installations running the latest versions of SimplePortal and SMF should be safe. The unauthorized access was restricted to just our website.

The hacker attempted to download our database, but as of yet we are not certain that it was successful. Regardless, it's possible that your usernames, emails and hashed passwords have been retrieved by the attacker.

For this reason, we would like you to change your passwords for this website and we strongly advise you to change your passwords on any other website where you may have been using the same passwords.  Using unique passwords on all websites is very important to prevent such attacks. Note that, if you had shared passwords using personal messaging system, they can no longer be considered safe and needs to be changed as well.

To ensure the safety of our website, we have updated all the relevant credentials and rebuilt our installation from the ground up. We will implement stricter security policies in the coming days to make sure that such an unfortunate event does not happen again.

We are truly sorry for what happened and we deeply apologize for the inconvenience this has caused. We hope that you will continue to support us to make SimplePortal a better portal solution for your forums.

-The SimplePortal Team
Title: Re: Security Breach on Community Forums
Post by: Jade Elizabeth on June 24, 2016, 12:56:44 AM
At 6:35 am [Melb, Aus] on the 16th June my Twitter and email were hacked into and my identity and Twitter handle stolen (which I have used online since 2005).

I was lucky to have my identity returned to me on the 21st after 5 days of stressing and feeling sick. I have an IP and more information if you want to compare records to see if it was the same criminal.
Title: Re: Security Breach on Community Forums
Post by: emanuele on June 24, 2016, 04:41:35 AM
Say the truth: it was you that stolen your own identity and hacked SP!!! :P
Title: Re: Security Breach on Community Forums
Post by: Eliana Tamerin on June 24, 2016, 06:11:38 PM
See, if I'd stolen your identity, all I would do is order a pizza on your tab. :P
Title: Re: Security Breach on Community Forums
Post by: emanuele on June 24, 2016, 06:18:01 PM
(http://cdn.memegenerator.net/instances/400x/22534142.jpg)
Title: Re: Security Breach on Community Forums
Post by: JBlaze on June 24, 2016, 07:25:47 PM
This just highlights the importance of not reusing the same password across applications :)
Title: Re: Security Breach on Community Forums
Post by: Jade Elizabeth on June 25, 2016, 10:01:50 PM
This just highlights the importance of not reusing the same password across applications :)

I DIDN'T though. The password on my Twitter was half of the password here plus some extra characters at the start and end.

Like if I used ChUrumuStUhu6ut SP was using that and Twitter was using jblazeStUhu6ut2001 for example. Both different but still slightly similar.

Say the truth: it was you that stolen your own identity and hacked SP!!! :P

Ha ha if you want this jerks IP I can send it on but I think it was spoofed.
Title: Re: Security Breach on Community Forums
Post by: Kaede Akamatsu on June 26, 2016, 06:14:55 PM
This is pretty serious news, thanks for the heads up. I already went and changed a lot of my passwords just in case.

Though, why was Jade Elizabeth a High-Level user in the first place?
Title: Re: Security Breach on Community Forums
Post by: ♦ Ninja ZX-10RR ♦ on June 26, 2016, 06:23:29 PM
She wasn't, that is another hack happened on another site that compromised *exclusively* her account. This side hack (merely a coincidence) has nothing to deal with SimplePortal accounts other than hers ;)

As a reference, the site that was hacked and caused Jade's account to be compromised (although nobody other than her actually managed to log in), was this: http://www.twitt3d.com/ (and it's still hacked as of now).
Title: Re: Security Breach on Community Forums
Post by: Kaede Akamatsu on June 26, 2016, 11:57:49 PM
She wasn't, that is another hack happened on another site that compromised *exclusively* her account. This side hack (merely a coincidence) has nothing to deal with SimplePortal accounts other than hers ;)

... that would mean her account here is a high level user?
Title: Re: Security Breach on Community Forums
Post by: emanuele on June 27, 2016, 02:21:53 AM
I wonder where you are reading that Jade's account was the entrance point for SP hacking, mind explaining?
Title: Re: Security Breach on Community Forums
Post by: Jade Elizabeth on June 27, 2016, 02:36:44 AM
This is pretty serious news, thanks for the heads up. I already went and changed a lot of my passwords just in case.

Though, why was Jade Elizabeth a High-Level user in the first place?

My account here is not a high level user, you'd have to be an ADMIN to get the kind of access from the first post. I was hacked on twitter at the same time and suspected similar people may have done it because I have an account here and its password is similar to my twitter, my twitter was half of the password here which is letters and numbers FYI.

At 6:35 am [Melb, Aus] on the 16th June my Twitter and email were hacked into and my identity and Twitter handle stolen (which I have used online since 2005).

I was lucky to have my identity returned to me on the 21st after 5 days of stressing and feeling sick. I have an IP and more information if you want to compare records to see if it was the same criminal.

My post, with highlights because you misunderstood.
Title: Re: Security Breach on Community Forums
Post by: Eliana Tamerin on June 27, 2016, 05:23:51 AM
Jade's talking about something separate, but topically related.
Title: Re: Security Breach on Community Forums
Post by: Kaede Akamatsu on June 27, 2016, 01:50:32 PM
Ah, I see now. For some reason I thought Jade was this person Sinan was speaking about since she was talking about getting hacked on a different site lol. I thought maybe she since got hacked on another site they reused information on this site.

Title: Re: Security Breach on Community Forums
Post by: Jade Elizabeth on July 01, 2016, 09:05:06 AM
Nah my account was so secure here I couldn't get into it XD.
Title: Re: Security Breach on Community Forums
Post by: [SiNaN] on July 03, 2016, 06:50:33 AM
Nah my account was so secure here I couldn't get into it XD.

This gave me a good laugh. Thank you for that!
Title: Re: Security Breach on Community Forums
Post by: megpol on July 01, 2017, 05:11:03 AM
This just highlights the importance of not reusing the same password across applications :)
Kitchenlola (https://kitchenlola.com/) to get reviews.

For me having different passwords is not enough. I change them every year on all accounts just for safety measure because every year I keep hearing about some zero day exploits or accounts stolen. And Sinan's announcement just proves my point.