1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Simple Machines Community Forum (HACKED)

Discussion in 'Off Topic' started by wickedstangs, Jul 24, 2013.

  1. wickedstangs

    wickedstangs Well-Known Member

    I thought I share this with you all, I started my first forum with them.. Got this email today and have been changing all my passwords...

     
    LuckyRiver and 0xym0r0n like this.
  2. BirdOPrey5

    BirdOPrey5 Well-Known Member

    You'd think Admins would know better than to reuse passwords... Yes I have a "default" insecure password I use on a lot of forums but only on forums where I am just a regular member. Any forum I have mod or admin access has a unique password- very unique... Can't trust any sites these days.
     
    Brad L and DRE like this.
  3. Anthony Parsons

    Anthony Parsons Well-Known Member

    It still baffles me why all admins of their forums aren't using two stage or IP security for their accounts.
    I find it sad that admins lack due diligence in relation to their members and customers privacy that they have insecure administrative access to their accounts. If you've taken atleast some type of additional account security and hackers get past it, at least you can be honest that you reduced the risk of access significantly with a two stage process / IP based two stage process.

    HTTPS encrypts a text fields data from third party interception at around $30 p/a, two step authentication is FREE to use... I just don't get it.

    Someone as large as Simple Machines... I would expect decent security on those admin accounts.
     
  4. LuckyRiver

    LuckyRiver Active Member

    Got that email too! Does not really look good considering SMF has 320,324 Members as of this time of writing.

    Cracking the password to be able to login will be time consuming using brute force. But SMF should opt to stronger password hashing than the one they are using now like how XF does. XF has probably one of the tougher password encryptions implemented in version 1.2 using blowfish encryption. The other similar stronger encryption I've had hard time to get password decryption working for my poker board service is PBKDF2 which Modx uses. XF also makes it harder to read the encrypted password even you restore from a stolen database dump because XF saves encrypted password as serialized data which needs first be be deserialized to be readable.

    Yeah, I've to change passwords to all my other accounts. Even though I don't have sensitive datas, my only concern with the hack is they can get your private email from the database and use it.
     
  5. imno007

    imno007 Active Member

    Or we could all end up getting a notice like this one, which I recently received from Simple Machines (my former forum platform):

     
  6. Chris D

    Chris D XenForo Developer Staff Member

  7. imno007

    imno007 Active Member

    Damn, and I looked for a similar thread too. Well, feel free to delete. And how did you pounce on that so quickly? You sure you're not a bot? :rolleyes:
     

Share This Page