Results 1 to 14 of 14

Thread: I've Been pwned

  1. #1
    I've Been pwned
    Rod's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    5,951
    Your Mac's Specs
    2015 MacBook Pro Retina 13" macOSX 10.15.1
    Rep Power
    15
    I've Been pwned
    Received today, along with explanation from https://www.troyhunt.com/

    You've been pwned!

    You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened. Here's what's known about the breach:

    Email found: DELETED@gmail.com
    Breach: Mac Forums
    Date of breach: 3 Jul 2016
    Number of accounts: 326,714
    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
    Description: In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes. The data was later discovered being traded on a popular hacking forum. Mac Forums did not respond when contacted about the incident via their contact us form.

    Not the first time. Just FYI for everybody.
    Don't be an April Fool: WORLD BACKUP DAY MARCH 31st

  2. #2
    I've Been pwned
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    60,524
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Catalina
    Rep Power
    56
    We already know about that Rod. The so called data breach occured when Penton were the owners of the forums. The information at the time was not known but later on we found out about it. The web site that's spewing out those notices does not have all the particulars and they're causing hysteria among our members and members of other forums, not just ours.

  3. #3
    I've Been pwned
    Rod's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    5,951
    Your Mac's Specs
    2015 MacBook Pro Retina 13" macOSX 10.15.1
    Rep Power
    15
    No hysteria here. I'm a subscriber to Troy Hunt's page and that gmail address had been hacked ages ago. He further adds :
    Please note that it is not possible to retrieve the passwords themselves from HIBP. If you don't want to receive any future breach notifications, just click here to unsubscribe.
    If people are interested they can just check on his page as I have for myself and my wife ages ago.
    I only posted this as a community announcement because it was via Mac Forums.

    He also includes advice;
    2 Steps to Better Password Security

    Monitoring Have I Been Pwned for data breaches is a great start, now try these next 2 steps to protect all your accounts:

    1Password
    Step 1: Protect yourself with strong, unique passwords for each website with the 1Password password manager

    1Password
    Step 2: Enable 2 factor authentication and store the codes inside your 1Password account

    Despite this being blatant advertising for 1Password (I don't use it myself but I do use another password manager) it is sound general advice.

    I wont do it again
    Don't be an April Fool: WORLD BACKUP DAY MARCH 31st

  4. #4
    I've Been pwned
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    60,524
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Catalina
    Rep Power
    56
    No problem Rod, and thanks for the additional info regarding the Troy Hunt page. We are already working to make the site more secure and should have more info on that in the near future.

    Regards, Charlie

  5. #5
    I've Been pwned
    Rod's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    5,951
    Your Mac's Specs
    2015 MacBook Pro Retina 13" macOSX 10.15.1
    Rep Power
    15
    No worries. I’m afraid it’s the world we live in. I received a Facebook notification last week to say an attempted login from another state in Australia had been logged, suggesting I change my password and Microsoft locked me out of an email account a month ago due to “suspicious activity”. This is the way of it. It’s worth remembering having an account name is only half of the info needed to hack any account. The worst that can happen is probably an increase in Spam email. SpamSeive does a pretty good job of handling that.
    Don't be an April Fool: WORLD BACKUP DAY MARCH 31st

  6. #6
    I've Been pwned
    macgig's Avatar
    Member Since
    Mar 15, 2006
    Posts
    1,097
    Your Mac's Specs
    2015 Retina 4k iMac. Catalina. 8GB RAM
    Rep Power
    15
    mac forums hacked in 2016? I never got any emails telling me about it. not that I'm aware of. something like this, it would have been nice if someone sent out an email to all users? just a thought. guess whoever owned the forums then didn't think it was important to let users know? these days people try to keep hacked/compromised sites quiet so I'm not too surprised.

  7. #7
    I've Been pwned

    Member Since
    Mar 30, 2008
    Posts
    3
    Rep Power
    0
    " The information at the time was not known but later on we found out about it. "

    When was that that "we" found out about it? I found out about it yesterday.

  8. #8
    I've Been pwned
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    60,524
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Catalina
    Rep Power
    56
    The previous owners of the forums did not send out a notice or at least post a message to the forums for all to see. Since the forum software requires a password change be made to your account every 120 days, that insures your password is safe.

  9. #9
    I've Been pwned
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    8,042
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    31
    Since the forum software requires a password change be made to your account every 120 days, that insures your password is safe.
    The forum has never prompted me to change a password. I do change it about once a year, but have never heard from the site to do so. You might want to check that, Charlie, to see that it's working.
    Jake

  10. #10
    I've Been pwned
    ferrarr's Avatar
    Member Since
    May 21, 2012
    Location
    Pawtucket, RI, U.S.A.
    Posts
    7,847
    Your Mac's Specs
    L2014 Mac mini macOS 15, iPhone 11 iOS 13, 1st Gen 12.9" iPad Pro iPadOS 13
    Rep Power
    16
    Quote Originally Posted by MacInWin View Post
    The forum has never prompted me to change a password. I do change it about once a year, but have never heard from the site to do so. You might want to check that, Charlie, to see that it's working.
    I also haven't been asked to change my password in a very long time. Is there any way for me to find out when a password was created for websites?
    Please backup. Everything has a life cycle, unexpected and warning free. Nothing will last as long as you want it to.
    PS: When there is an accident or error, is the tool to blame or is the fool to blame?

  11. #11
    I've Been pwned
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    60,524
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Catalina
    Rep Power
    56
    Quote Originally Posted by MacInWin View Post
    The forum has never prompted me to change a password. I do change it about once a year, but have never heard from the site to do so. You might want to check that, Charlie, to see that it's working.
    I believe it's also set to ask for a password change based on how many posts you make. I had to change my password yesterday. The notice I received stated that I had not changed passwords in the past 120 days. I probably also exceeded the amount of posts. It will flag you whichever comes first.

  12. #12
    I've Been pwned
    Rod's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    5,951
    Your Mac's Specs
    2015 MacBook Pro Retina 13" macOSX 10.15.1
    Rep Power
    15
    I always thought it was because I beat them to it but I haven't received a notification for a few years so maybe........?
    Don't be an April Fool: WORLD BACKUP DAY MARCH 31st

  13. #13
    I've Been pwned
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    6,574
    Your Mac's Specs
    iMac 5K Retina 27", August 2019, 3.6GHz Intel Core i9, Memory 32GB, 2TB SSD, macOS Mojave 10.14.6
    Rep Power
    22
    I too have never been asked to change my PW by our Forums. Although I may not be a prolific poster, I do post once or twice every day. Whether it counts for or against, I don't log out. I keep the site open as I use it a great deal during the day and evening.

    Anyway, life goes on and we do our best in a difficult world.

    Ian
    Ian

  14. #14
    I've Been pwned
    harryb2448's Avatar
    Member Since
    Nov 28, 2007
    Location
    Nambucca Heads Australia
    Posts
    25,297
    Your Mac's Specs
    iMac, i7 4GHz, 32GB memory, 1TB blade drive, OS X.15.5.
    Rep Power
    32
    Likewise.
    Using OS X.7 or later make a bootable USB thumb drive before running Installer!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. What does PWNED mean?
    By jrichard012 in forum Schweb's Lounge
    Replies: 12
    Last Post: 04-06-2008, 12:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •