Warning about compromised accounts

The latest news about the forums and the Transport Tycoon world is posted here.
Please also read the rules here before posting elsewhere in the forum.
Post Reply
User avatar
orudge
Administrator
Administrator
Posts: 25047
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Warning about compromised accounts

Post by orudge »

Hi all,

We have noticed over the past few days a number of older accounts suddenly starting to post spam after not being used for many years. While we can see no evidence that the forum database has in any way been compromised (and all passwords are hashed and encrypted with a key unique to the forums), if you are using a password on the forums that you might have already been using on another site (especially if your e-mail address or password shows up at haveibeenpwned) then it would be safest to change your password on the forums to something unique. As our member list is public, it would be fairly trivial for hackers to cross-reference usernames they've scraped from a list of phpBB boards (such as TT-Forums) with usernames or e-mail addresses they've obtained in a data breach elsewhere, and use that to log into forum accounts that may not trigger the usual anti-spam mechanisms we have for new accounts, which seems to be what they're doing. (There are various reports of this elsewhere on the Internet too.)

If you have any queries or concerns, please let me know.
User avatar
ChillCore
Tycoon
Tycoon
Posts: 2750
Joined: 04 Oct 2008 23:05
Location: Lost in spaces

Re: Warning about compromised accounts

Post by ChillCore »

orudge wrote: 17 Jan 2023 09:50 Hi all,

We have noticed over the past few days a number of older accounts suddenly starting to post spam after not being used for many years. While we can see no evidence that the forum database has in any way been compromised (and all passwords are hashed and encrypted with a key unique to the forums), if you are using a password on the forums that you might have already been using on another site (especially if your e-mail address or password shows up at haveibeenpwned) then it would be safest to change your password on the forums to something unique. As our member list is public, it would be fairly trivial for hackers to cross-reference usernames they've scraped from a list of phpBB boards (such as TT-Forums) with usernames or e-mail addresses they've obtained in a data breach elsewhere, and use that to log into forum accounts that may not trigger the usual anti-spam mechanisms we have for new accounts, which seems to be what they're doing. (There are various reports of this elsewhere on the Internet too.)

If you have any queries or concerns, please let me know.
thanks for the warning Mr. Rudge

can you send us a PM if our account starts putting out spam? I mean pretty sure they changed it but still
-- .- -.-- / - .... . / ..-. --- .-. -.-. . / -... . / .-- .. - .... / -.-- --- ..- .-.-.-
--- .... / -.-- . .- .... --..-- / .- -. -.. / .--. .-. .- .. ... . / - .... . / .-.. --- .-. -.. / ..-. --- .-. / .... . / --. .- ...- . / ..- ... / -.-. .... --- --- -.-. .... --- --- ... .-.-.- / ---... .--.

Playing with my patchpack? Ask questions on usage and report bugs in the correct thread first, please.
All included patches have been modified and are no longer 100% original.
User avatar
orudge
Administrator
Administrator
Posts: 25047
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: Warning about compromised accounts

Post by orudge »

If any active user appears to be compromised, your password will be reset so that you need to use "forgotten password" to log in. I don't think we've seen anyone recently active with a compromised account.
Post Reply

Return to “News”

Who is online

Users browsing this forum: No registered users and 0 guests