******* logging passwords? Just saw this thread over at TAZ

[Jake B.]

Just saw @Lisa posted this thread over at TAZ. Found it a bit interesting, and figured it would be relevant to quote here.

It came to our attention earlier today that one of our Moderators accounts had been hacked and used to delete threads mainly regarding discussions about *******. Upon investigation, we linked the IP used to an account which has a ****** email address attached and had logged in minutes before the Moderator's account was used.

The Moderator in question was using a similar (but not identical) password on *******'s site as he had, in the past, used addons by them and, although we have no proof, we feel that it's in everyone's best interests (if you have registered at ******* at any time) to change your TAZ passwords as soon as possible.

Original Thread

 

[Paul B]

Would it be surprising if those involved in piracy are logging passwords of member accounts on their sites?

More fool those for registering at and using those sites.

 

[Jake B.]

Would it be surprising if those involved in piracy are logging passwords of member accounts on their sites?

More fool those for registering at and using those sites.

Not at all surprising. Though, it's doubtful that person was even registered on ******

 

[Lisa]

The mod in question is checking his pc for rootkit, etc, to see if that's how the password was obtained. @MattW has been going through the server logs as well to see if he can spot anything.

 

[Paul B]

Not at all surprising. Though, it's doubtful that person was even registered on ******

I wasn't referring to that site.

The quote in your opening post mentions '*******'s site'...

 

[Jake B.]

I wasn't referring to that site.

The quote in your opening post mentions '*******'s site'...

Ah yes, makes sense. Misread your post

 

[AdamD]

The mod in question is checking his pc for rootkit, etc, to see if that's how the password was obtained. @MattW has been going through the server logs as well to see if he can spot anything.

Sounds more like a staff member guessed his password, based on passwords used at the ******* site? Would ******* or his team really go to that extreme to remove negative threads?
His business must be borderline collapsing if he or his team are engaging in hacking now.

 

[Lisa]

Sounds more like a staff member guessed his password, based on passwords used at the ******* site? Would ******* or his team really go to that extreme to remove negative threads?
His business must be borderline collapsing if he or his team are engaging in hacking now.

His PC came back clean so he thinks it was a brute force attempt.

 

[Alpha1]

More here: Do you consider ******* addons a security risk?

 

[SneakyDave]

So ******* is using a keylogger on his own site and then picking people that might be moderators at TAZ, and then trying those passwords (and slightly changing them) to gain access to TAZ to delete threads about *******?

 

[Alpha1]

That is a possible explanation for what happened. It was my account that was being hacked. I have not been logged onto *******s website for a long time. So if this is what happened then the password was logged long ago.

 

[Steve F]

Prolly should have waited til you had all the proof to bring a solid case 1st.. All the hear say and guessing makes it seem more like a scapegoat ploy, maybe even related to https://theadminzone.com/threads/traffic-down-alot-somethings-going-on.133854/

What are talking about Mike? That thread has nothing to do with TAZ.

Also there are server logs showing the offending party as logging in with @Alfa1 's account.

 

[Mike Edge]

What are talking about Mike? That thread has nothing to do with TAZ.

Also there are server logs showing the offending party as logging in with @Alfa1 's account.

ok deleted as I misread.. noon and no sleep yet

 

[Paul B]

I'm not going to name the sites, but we are aware of key loggers being used on pirate sites which has resulted in accounts here being compromised.

Anyone using a pirate site, for any reason, does so at their own risk.

 

[Jake B.]

I'm not going to name the sites, but we are aware of key loggers being used on pirate sites which has resulted in accounts here being compromised.

Anyone using a pirate site, for any reason, does so at their own risk.

TBH, if they are using these sites they probably deserve it...

 

[SneakyDave]

Passwords must have been similar enough (or the same) because wouldn't the perpetrator be locked out for a while after a few bad password guesses? Wouldn't those attempts be in the logs also?

 

[Lisa]

Password must have been similar enough (or the same) because wouldn't the perpetrator be locked out for a while after a few bad password guesses? Wouldn't those attempts be in the logs also?

From what we can see there are no failed attempts - four wrong guesses would have locked him out, you're right.

 

[Jeffin]

I think it's important to use different passwords for different sites. For ex, My google account may be really secure but if I have the same password on an unsecure website, then I'm very vulnerable to data theft from both the sites. I use lastpass to help me create and store random passwords. I highly recommend it.

 

[AdamD]

Secure passwords and if possible, two way authentication via SMS message.
LastPass is something I use all the time now, I can just click a button to generate a random password and never have to remember it again.

 

[Daniel Hood]

Good Ol' *******. Classic.