Got the "You've been hacked!" email. This time with a password I only used here. So, time to change passwords again folks!
Password Hacked Here
- Thread starter Fingers
- Start date
Hi Jon!!! I think we would've known it wasn't you if porn started showing up under your name....
More of a warning to others Tom
I think Jon's point was maybe DD has been breached.... If he got an email saying someone had his password, a password only used in one place (the way people should do things), then there's only one place they could possibly have gotten that password,...
DD has not been breached/hacked. If it was, you guys would not be posting/reading anything right now.
Why jons was hacked, i dont know. There is a slim chance i can find out. There are alot of outside variables that could have allowed it. As simple as signing in over a wifi you have not used before can do this. (Not saying this is the case)
If you guys did not know, 2024 had a massive data breach happen across the net. This is why many many places/sites/phones/computers warned you that possibly your password has been compromised and should be changed/updated to protect your info. This does not mean they got into the back of the site to take your info but rather, were able to get key info like emails, dob, address, etc from other places and use them to start searching out looking for shit they want from you or to spam and steal from others.
DD is as locked down as we can get it. Fish has been through this before on our zoa site and a russian hacker trying to hold it for ransom. We won that lol.
Why jons was hacked, i dont know. There is a slim chance i can find out. There are alot of outside variables that could have allowed it. As simple as signing in over a wifi you have not used before can do this. (Not saying this is the case)
If you guys did not know, 2024 had a massive data breach happen across the net. This is why many many places/sites/phones/computers warned you that possibly your password has been compromised and should be changed/updated to protect your info. This does not mean they got into the back of the site to take your info but rather, were able to get key info like emails, dob, address, etc from other places and use them to start searching out looking for shit they want from you or to spam and steal from others.
DD is as locked down as we can get it. Fish has been through this before on our zoa site and a russian hacker trying to hold it for ransom. We won that lol.
Jon, any chance you can PM me that email, not forward but as an attachment?. Or at least copy the header information. It's possible it's a fishing email and not from this site. Header information should reveal that. Or at least rule out DD if it's not from us
James, you asked me to send my entire savings account to your Nigerian cousin to help him wed his 12th wife. You blessed me and you guaranteed repayment in 6 weeks via Bitcoin and I gave you my Coinbase account to make the transfer. What the FUUUUUCK!!!!!!
A guy's gotta make a livin' somehow!
I can attest he got the money because I purchased all those gift cards and gave him the numbers on them. Just waiting on the refund for the accidental overpayment
Not sure why people fearmonger 'if you're on public wifi anyone can see everything you're doing. This is simply not true. Someone on the WiFi, assuming client isolation isn't enabled (I would NEVER set up an open public SSID without client isolation enabled), could set up a packet sniffer and capture packets, but all you'd be able to capture 'of use' would be DNS queries that are using UDP/53 instead of encrypted DNS, and anything sent over HTTP. Anything sent over HTTPS is encrypted, and unless you have the private key, it'll be 'a minute', if ever before you decrypt that data.
With limited exceptions, if a password is used in one place and one place only, and it's found to be breached, there's only one place it could come from, unlike if you use the same password everywhere, like so many dolts out there. The only exceptions being if you use a crappy browser 'password manager' and that is somehow compromised, or you use a 'cloud based' password manager and that was breached. Hence why I have my own on prem Bitwarden instance. I don't store anything in 'the cloud'.
With limited exceptions, if a password is used in one place and one place only, and it's found to be breached, there's only one place it could come from, unlike if you use the same password everywhere, like so many dolts out there. The only exceptions being if you use a crappy browser 'password manager' and that is somehow compromised, or you use a 'cloud based' password manager and that was breached. Hence why I have my own on prem Bitwarden instance. I don't store anything in 'the cloud'.
Don't ask me how I know, but the people who shake you down for money are not usually the people who hack the site. They buy the data on the dark web. The price goes down as the data ages. That password was old and could be from when McRat was running this show maybe. Don't know the last time I changed it...
One guy was hacking the cloud backups of companies for kicks. Always seems to be a new hole to patch or exposure you didn't know was there. (I don't store anything on the cloud BTW) Take it from an old Computer Systems Manager, no system connected to the internet is impenetrable. None. Just get over it and keep patching the holes as they show up.
I'll send a copy of the ransom next time it comes through. They're good for 5-10 hits a day. Right now I have them all deleted and flushed.
Bottom line: CHANGE YOUR PASSWORDS!
One guy was hacking the cloud backups of companies for kicks. Always seems to be a new hole to patch or exposure you didn't know was there. (I don't store anything on the cloud BTW) Take it from an old Computer Systems Manager, no system connected to the internet is impenetrable. None. Just get over it and keep patching the holes as they show up.
I'll send a copy of the ransom next time it comes through. They're good for 5-10 hits a day. Right now I have them all deleted and flushed.
Bottom line: CHANGE YOUR PASSWORDS!
Was not sent from this site. Form letter. Auto-generated, fill in the blanks type. Most likely from a user data dump. Fishing for sure, but had email<=>password connected. I assume you are not storing the passwords as clear text anywhere nor have a way to generate the clear text now. So I am assuming this is from old data since many of the old systems did.
I've heard this fallacy for so long. I've always wondered where people come up with this.
Another helpful tip is checking the left side of the address bar for the padlock or secure connection. That would show wether the connection is encrypted or not. Most websites have end to end encryption and anyone sniffing the data packets it's going to get much out of it
I do remember back in the day with WPA WiFi encryption, someone figured out that when the computer first connects and the router quarries the password there was an unencrypted portion of the password sent over. This substantially reduced the time it took to crack the full password. Because of this WPA2 was born and made the default pretty quickly. As far as I know it has yet to be cracked.
I think the same holds true for browser end to end encryption. Hasn't been cracked. Or at least as long as your browser is up to date