• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

******* logging passwords? Just saw this thread over at TAZ

Status
Not open for further replies.

Jake B.

Well-known member
#1
Just saw @Lisa posted this thread over at TAZ. Found it a bit interesting, and figured it would be relevant to quote here.

Morganna said:
It came to our attention earlier today that one of our Moderators accounts had been hacked and used to delete threads mainly regarding discussions about *******. Upon investigation, we linked the IP used to an account which has a ****** email address attached and had logged in minutes before the Moderator's account was used.

The Moderator in question was using a similar (but not identical) password on *******'s site as he had, in the past, used addons by them and, although we have no proof, we feel that it's in everyone's best interests (if you have registered at ******* at any time) to change your TAZ passwords as soon as possible.
Original Thread
 

Brogan

XenForo moderator
Staff member
#2
Would it be surprising if those involved in piracy are logging passwords of member accounts on their sites?

More fool those for registering at and using those sites.
 

Jake B.

Well-known member
#3
Would it be surprising if those involved in piracy are logging passwords of member accounts on their sites?

More fool those for registering at and using those sites.
Not at all surprising. Though, it's doubtful that person was even registered on ******
 

Lisa

Well-known member
#4
The mod in question is checking his pc for rootkit, etc, to see if that's how the password was obtained. @MattW has been going through the server logs as well to see if he can spot anything.
 

AdamD

Well-known member
#7
The mod in question is checking his pc for rootkit, etc, to see if that's how the password was obtained. @MattW has been going through the server logs as well to see if he can spot anything.
Sounds more like a staff member guessed his password, based on passwords used at the ******* site? Would ******* or his team really go to that extreme to remove negative threads?
His business must be borderline collapsing if he or his team are engaging in hacking now.
 

Lisa

Well-known member
#8
Sounds more like a staff member guessed his password, based on passwords used at the ******* site? Would ******* or his team really go to that extreme to remove negative threads?
His business must be borderline collapsing if he or his team are engaging in hacking now.
His PC came back clean so he thinks it was a brute force attempt.
 

SneakyDave

Well-known member
#10
So ******* is using a keylogger on his own site and then picking people that might be moderators at TAZ, and then trying those passwords (and slightly changing them) to gain access to TAZ to delete threads about *******?
 

Alfa1

Well-known member
#11
That is a possible explanation for what happened. It was my account that was being hacked. I have not been logged onto *******s website for a long time. So if this is what happened then the password was logged long ago.
 

Steve F

Well-known member
#12

Jake B.

Well-known member
#15
I'm not going to name the sites, but we are aware of key loggers being used on pirate sites which has resulted in accounts here being compromised.

Anyone using a pirate site, for any reason, does so at their own risk.
TBH, if they are using these sites they probably deserve it...
 

SneakyDave

Well-known member
#16
Passwords must have been similar enough (or the same) because wouldn't the perpetrator be locked out for a while after a few bad password guesses? Wouldn't those attempts be in the logs also?
 
Last edited:

Lisa

Well-known member
#17
Password must have been similar enough (or the same) because wouldn't the perpetrator be locked out for a while after a few bad password guesses? Wouldn't those attempts be in the logs also?
From what we can see there are no failed attempts - four wrong guesses would have locked him out, you're right.
 

Jeffin

Well-known member
#18
I think it's important to use different passwords for different sites. For ex, My google account may be really secure but if I have the same password on an unsecure website, then I'm very vulnerable to data theft from both the sites. I use lastpass to help me create and store random passwords. I highly recommend it.
 

AdamD

Well-known member
#19
Secure passwords and if possible, two way authentication via SMS message.
LastPass is something I use all the time now, I can just click a button to generate a random password and never have to remember it again.
 
Status
Not open for further replies.