|
Title: My account got hacked by an amateur. Post by: gogodr on April 22, 2014, 09:38:54 PM Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server. Title: Re: My account got hacked by an amateur. Post by: roslinpl on April 22, 2014, 09:55:47 PM Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back) I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server. well maybe this is why : https://www.dropbox.com/s/7nso75hquwh4p9v/bug.png They did warned us about this possibility :) You should change your password =) Title: Re: My account got hacked by an amateur. Post by: escrow.ms on April 22, 2014, 10:12:12 PM Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back) I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server. Did you used same password on other sites? Title: Re: My account got hacked by an amateur. Post by: gogodr on April 22, 2014, 10:16:11 PM xD
I see. In fact I did not see the warning. Well I hope they patched it already. (they have to recompile apache or nginx with the openSSL update) otherwise, someone can just start sniffing again and get all the accounts again. I don't use the same password for everything, I use a composite password made up of 3 words and both alphanumeric and special characters (not afraid of saying how my password is made, bruteforcing it will take more than a couple of years anyways. ) Title: Re: My account got hacked by an amateur. Post by: jbrnt on April 22, 2014, 10:18:26 PM It is best to use a different password for different sites. I use a completely different style of passwords for newly created and doggy sites, especially forums and gambling ones.
I am paranoid about people setting up sites just to get user email and password pairs to hack other related sites. Title: Re: My account got hacked by an amateur. Post by: Justin00 on April 23, 2014, 10:45:15 AM I wouldn't call ya paranoid..... what your suggesting is definitely happening :(
Even sites which only want your email addy, generally to send you a weekly report or secret beeteecee insider trading info you must read nowz!! have been proven to use your email addy to target you in malware/virus emails. Its obvious something not quite legit is going on when you never get said weekly report etc etc, but its to late at that stage. I am paranoid about people setting up sites just to get user email and password pairs to hack other related sites. Title: Re: My account got hacked by an amateur. Post by: Justin00 on April 23, 2014, 10:49:40 AM Did you login at all the day the exploit was released to the public ? I think it was 8th of April..
Does that ring a bell hehe ? Anyways assuming no one else knew about this until it was released to the public, Theymos said he fixed it within hours... so they could of only gotten your user/pass if you logged in during the window where the exploit was in the wild but before theymos patched it.... if that makes sense. Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back) I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server. |