danlevine Posted November 13, 2015 Share Posted November 13, 2015 To : All c4Forums.com Members We were notified this morning from our Community software and hosting provider of a security incident that took place on the c4Forums.com. Here is an excerpt from the notification. ----- Our security infrastructure team has been made aware of a select few clients that have had their communities compromised. As part of our proactive response protocol, we are reaching out to let you know the details of the situation. Earlier this morning, the attacker compromised your community and was able to obtain user information including: e-mail addresses, usernames and password hashes. We feel this was a “brute force” attack against each community, however, we are diligently investigating this matter and the review may take several days. In the interim, we felt it prudent to inform you of the attack. What we are doing:As part of your Community in the Cloud service, we will clean your software and account of any malicious activity leftover from the attack. We will change core account passwords such as FTP (this will be available in the client area.) Although nobody is immune to cyber attacks, we understand these types of situations can be frustrating and scary. Rest assured, we will do everything we can to ease your concerns and keep your community safe, secure and operational. Please do not hesitate to reach out with any questions or concerns you may have. ----- What c4Forums is doing The administration team has changed all passwords for admin and backend purposes for the site. Additionally as mentioned above we have authorized our vendor to clean any remanents of the attack. We recommend changing your password to the site, and if you use this password on any other sites please change those as well. We are truly sorry for any inconvenience this may have has caused. Thank you so much for being a c4Forums.com member. Link to comment Share on other sites More sharing options...
Cyknight Posted November 13, 2015 Share Posted November 13, 2015 So - is this ANOTHER report or does it coincide with the earlier reported one. Link to comment Share on other sites More sharing options...
danlevine Posted November 13, 2015 Author Share Posted November 13, 2015 So - is this ANOTHER report or does it coincide with the earlier reported one. This is a separate report directly from our vendor. Link to comment Share on other sites More sharing options...
scuzzie2k Posted November 13, 2015 Share Posted November 13, 2015 This will be why I have had a security alert from Credit Experian saying my email address and password may have been possilble sold on the black market Link to comment Share on other sites More sharing options...
SMHarman Posted November 14, 2015 Share Posted November 14, 2015 This will be why I have had a security alert from Credit Experian saying my email address and password may have been possilble sold on the black marketYes but the password is hashed. Link to comment Share on other sites More sharing options...
SMHarman Posted November 14, 2015 Share Posted November 14, 2015 To : All c4Forums.com MembersWe were notified this morning from our Community software and hosting provider of a security incident that took place on the c4Forums.com. Here is an excerpt from the notification.-----Our security infrastructure team has been made aware of a select few clients that have had their communities compromised. As part of our proactive response protocol, we are reaching out to let you know the details of the situation.Earlier this morning, the attacker compromised your community and was able to obtain user information including: e-mail addresses, usernames and password hashes.We feel this was a “brute force” attack against each community, however, we are diligently investigating this matter and the review may take several days. In the interim, we felt it prudent to inform you of the attack.What we are doing:As part of your Community in the Cloud service, we will clean your software and account of any malicious activity leftover from the attack. We will change core account passwords such as FTP (this will be available in the client area.)Although nobody is immune to cyber attacks, we understand these types of situations can be frustrating and scary. Rest assured, we will do everything we can to ease your concerns and keep your community safe, secure and operational. Please do not hesitate to reach out with any questions or concerns you may have.-----What c4Forums is doingThe administration team has changed all passwords for admin and backend purposes for the site. Additionally as mentioned above we have authorized our vendor to clean any remanents of the attack. We recommend changing your password to the site, and if you use this password on any other sites please change those as well.We are truly sorry for any inconvenience this may have has caused. Thank you so much for being a c4Forums.com member.Dan. How well hashed and salted was the password DB? How long was the key? Link to comment Share on other sites More sharing options...
scuzzie2k Posted November 14, 2015 Share Posted November 14, 2015 Yes but the password is hashed.I'm afraid this doesn't mean much as you can't get decrypt tools online that can work out many passwords Link to comment Share on other sites More sharing options...
SMHarman Posted November 14, 2015 Share Posted November 14, 2015 Dan. How well hashed and salted was the password DB? How long was the key?I'm afraid this doesn't mean much as you can't get decrypt tools online that can work out many passwordsHence my second question to Dan above. Link to comment Share on other sites More sharing options...
jparker36 Posted November 18, 2015 Share Posted November 18, 2015 Does/did this impact those of us using google credentials? Would also be nice to have an answer about the methods of salting/hashing used in the DBs. It is literally the difference between 'huge issue' and 'zero issue'. Link to comment Share on other sites More sharing options...
cdepaola Posted November 18, 2015 Share Posted November 18, 2015 I've had several issues so far where it appears someone has changed email and passwords on accounts. While the incidents happened after the issue here I can't prove it was because of this security breach. However one was a changed email/password on a my.control4.com account which I've finally got cleared up. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Cyknight Posted November 18, 2015 Share Posted November 18, 2015 Glad I never use duplicate passwords Link to comment Share on other sites More sharing options...
cdepaola Posted November 18, 2015 Share Posted November 18, 2015 Yeah, Life lesson I already knew but didn't practice. Thankfully all sensitive passwords are unique so just a little frustration and time nothing more.Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Cyknight Posted November 18, 2015 Share Posted November 18, 2015 You can see if you were hacked by looking at the data that was hacked: Sure let's go to a known malicious website to check that.DO NOT GO THERE Admin please delete that post Link to comment Share on other sites More sharing options...
Cyknight Posted November 18, 2015 Share Posted November 18, 2015 Alright, delete it if you want. Many browsers report it as malicious because, well, it has many password dumps. Indeed - it has many password reads on it too. Link to comment Share on other sites More sharing options...
prabeau Posted January 19, 2016 Share Posted January 19, 2016 I'm there .... Link to comment Share on other sites More sharing options...
Cyknight Posted January 19, 2016 Share Posted January 19, 2016 That number means basically that EVERY user is in there. Link to comment Share on other sites More sharing options...
meyerder Posted February 13, 2016 Share Posted February 13, 2016 I can tell you based on the IP Address's that the dump is quite old Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.