Hi all,
We have noticed over the past few days a number of older accounts suddenly starting to post spam after not being used for many years. While we can see no evidence that the forum database has in any way been compromised (and all passwords are hashed and encrypted with a key unique to the forums), if you are using a password on the forums that you might have already been using on another site (especially if your e-mail address or password shows up at haveibeenpwned) then it would be safest to change your password on the forums to something unique. As our member list is public, it would be fairly trivial for hackers to cross-reference usernames they've scraped from a list of phpBB boards (such as TT-Forums) with usernames or e-mail addresses they've obtained in a data breach elsewhere, and use that to log into forum accounts that may not trigger the usual anti-spam mechanisms we have for new accounts, which seems to be what they're doing. (There are various reports of this elsewhere on the Internet too.)
If you have any queries or concerns, please let me know.
Warning about compromised accounts
Re: Warning about compromised accounts
thanks for the warning Mr. Rudgeorudge wrote: ↑17 Jan 2023 09:50 Hi all,
We have noticed over the past few days a number of older accounts suddenly starting to post spam after not being used for many years. While we can see no evidence that the forum database has in any way been compromised (and all passwords are hashed and encrypted with a key unique to the forums), if you are using a password on the forums that you might have already been using on another site (especially if your e-mail address or password shows up at haveibeenpwned) then it would be safest to change your password on the forums to something unique. As our member list is public, it would be fairly trivial for hackers to cross-reference usernames they've scraped from a list of phpBB boards (such as TT-Forums) with usernames or e-mail addresses they've obtained in a data breach elsewhere, and use that to log into forum accounts that may not trigger the usual anti-spam mechanisms we have for new accounts, which seems to be what they're doing. (There are various reports of this elsewhere on the Internet too.)
If you have any queries or concerns, please let me know.
can you send us a PM if our account starts putting out spam? I mean pretty sure they changed it but still
-- .- -.-- / - .... . / ..-. --- .-. -.-. . / -... . / .-- .. - .... / -.-- --- ..- .-.-.-
--- .... / -.-- . .- .... --..-- / .- -. -.. / .--. .-. .- .. ... . / - .... . / .-.. --- .-. -.. / ..-. --- .-. / .... . / --. .- ...- . / ..- ... / -.-. .... --- --- -.-. .... --- --- ... .-.-.- / ---... .--.
Playing with my patchpack? Ask questions on usage and report bugs in the correct thread first, please.
All included patches have been modified and are no longer 100% original.
--- .... / -.-- . .- .... --..-- / .- -. -.. / .--. .-. .- .. ... . / - .... . / .-.. --- .-. -.. / ..-. --- .-. / .... . / --. .- ...- . / ..- ... / -.-. .... --- --- -.-. .... --- --- ... .-.-.- / ---... .--.
Playing with my patchpack? Ask questions on usage and report bugs in the correct thread first, please.
All included patches have been modified and are no longer 100% original.
- orudge
- Administrator
- Posts: 25168
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: Warning about compromised accounts
If any active user appears to be compromised, your password will be reset so that you need to use "forgotten password" to log in. I don't think we've seen anyone recently active with a compromised account.
- orudge
- Administrator
- Posts: 25168
- Joined: 26 Jan 2001 20:18
- Skype: orudge
- Location: Banchory, UK
- Contact:
Re: Warning about compromised accounts
Unfortunately we have seen a few more instances of this lately, sometimes with users who have not actually been active for many years. If you have ever used your TT-Forums password on another site, or if your password is very simple ("banana11" doesn't really cut it these days) then please do change your password to something more secure.
Who is online
Users browsing this forum: No registered users and 0 guests