Was CrakRevenue Hacked? - GoFuckYourself.com - Adult Webmaster Forum

X

webcamnews

Registered User

Join Date: Apr 2015

Posts: 92
Share

Post
#1

Was CrakRevenue Hacked?

01-30-2016, 12:28 AM

I got this email today:
Our system has detected that your current CrakRevenue password is rather long.
.......

We contact you today, respectfully and kindly, asking you for your cooperation on this. Please kindly change your password when you have a free moment to ensure no future issues!

=========
Now, why should i change my pass since is long enough? Was CrakRevenue database compromised?

webcam.news [@] gmail . com

Follow WEBCAMNEWS On Twitter

www.webcamnews.com - Latest XXX News
Tags: change, crakrevenue, kindly, password
MFCT

Confirmed User

Join Date: Jan 2015

Posts: 1489
Share

Post
#2

01-30-2016, 01:07 AM

I don't think they've been hacked. My understanding is they're migrating to new software or a new system. And the password length limit for this new system is 16 characters. If your password is longer than that (mine was), you'll have to change it to a 16-character one in order for them to transfer your record. Nothing to worry about.

Keeping you abreast of the teens that get undressed.
Girls By Location - Couples By Location - Guys By Location - Trans By Location
Comment
EddyTheDog

Just Doing My Own Thing

Join Date: Jan 2011

Posts: 25433
Share

Post
#3

01-30-2016, 01:16 AM

We contact you today, respectfully and kindly, asking...

I hate it when people put that sort of thing in correspondence - So creepy...

In fact it's a really bad email.....
Comment
ravo

Confirmed User

Join Date: Jun 2001

Posts: 5461
Share

Post
#4

01-30-2016, 03:18 AM

Sounds like a phishing attempt, from someone in Nigeria or Indonesia.

AdultAdBroker - Buy and Sell Your Flat Rate Banners, Links, Tabs, Pops, Email Clicks and Members' Area Traffic - updated May 2026
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#5

01-30-2016, 03:58 AM

Originally posted by MFCT

I don't think they've been hacked. My understanding is they're migrating to new software or a new system. And the password length limit for this new system is 16 characters. If your password is longer than that (mine was), you'll have to change it to a 16-character one in order for them to transfer your record. Nothing to worry about.

You do realise that the system can't know how long your password is right? The hashing algorithms used dont store the lenght of the password, although they do have limitations of the maximum lenght that it can store. So, whatever the hashing algorithm they used, the length of the hash is THE SAME for a password of 1 char and 100 char.
So in essence, your assumption is stupid.
The OP assumption has more merit.

agentGFY *at* gmail.com
Comment
ottopottomouse

She is ugly, bad luck.

Join Date: Jan 2010

Posts: 13177
Share

Post
#6

01-30-2016, 04:46 AM

We contact you today, respectfully and kindly, asking...

Anything beginning like that I would be expecting to come from Mr Blessing Mkimbo off of Nigeria.

↑ see post ↑
13101
Comment
kkkkkk

svp get banned svp

Join Date: Dec 2005

Posts: 1628
Share

Post
#7

01-30-2016, 04:46 AM

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ
Comment
adultmobile

No, I am not banned

Join Date: Nov 2003

Posts: 5345
Share

Post
#8

01-30-2016, 05:52 AM

Anyone checked if the link is nigerian phishing or or crackrev legit?

TubeCamGirl.com
Comment
ITraffic

Confirmed User

Join Date: Jul 2013

Posts: 2725
Share

Post
#9

01-30-2016, 05:56 AM

Maybe they hired Mr Konta Tama MANAGER AUDIT AND ACCOUNTANCY DEPARTMENT to run their tech support?
Comment
freecartoonporn

Confirmed User

Join Date: Jan 2012

Posts: 7683
Share

Post
#10

01-30-2016, 09:42 AM

Originally posted by ladida

You do realise that the system can't know how long your password is right? The hashing algorithms used dont store the lenght of the password, although they do have limitations of the maximum lenght that it can store. So, whatever the hashing algorithm they used, the length of the hash is THE SAME for a password of 1 char and 100 char.
So in essence, your assumption is stupid.
The OP assumption has more merit.

this

SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
Comment
olivierx

Confirmed User

Join Date: Jan 2012

Posts: 122
Share

Post
#11

01-30-2016, 10:30 AM

If they know lenght of your password then their database is not crypted..... i hope your password with them is unique in case someone get their hand on database would see your password with decoding anything..
Comment
CurrentlySober

Too lazy to wipe my ass

Join Date: Aug 2002

Posts: 38940
Share

Post
#12

01-30-2016, 10:39 AM

i lik short passwords

My Dream Gal... XXX

👁️ 👍️ 💩
Comment
CPA-Rush

small trip to underworld

Join Date: Mar 2012

Posts: 4927
Share

Post
#13

01-30-2016, 11:59 AM

lol hopefully .

automatic exchange - paxum , bitcoin,pm, payza

. daizzzy signbucks caution will black-hat black-hat your traffic

ignored forever :zuzana designs

{firefox- remove some posters |skills#1|skills#2| email >[email protected] } ツ
Comment
CaptainHowdy

Too lazy to set a custom title

Join Date: Dec 2004

Posts: 94727
Share

Post
#14

01-30-2016, 12:18 PM

Originally posted by CPA-Rush

hopefully .

YOUR COMPANY HERE
Comment
Crak_Eric

Confirmed User

Join Date: Feb 2014

Posts: 716
Share

Post
#15

01-30-2016, 09:45 PM

Originally posted by webcamnews

I got this email today:
Our system has detected that your current CrakRevenue password is rather long.
.......

Now, why should i change my pass since is long enough? Was CrakRevenue database compromised?

Hi guys,

No, we weren't hacked, and we're sorry if there was any confusion relating to this e-mail.

We feared some might think 'phishing' so we did make it a point to say we didn't want you to respond with your password, that we weren't asking your password, and we even gave official instructions on how to make the change via CrakRevenue's official website rather than doing it through a link, for those exact reasons.

----------------------------------------------------------------------------------------
Here's the e-mail you received (in original, full context)
----------------------------------------------------------------------------------------

Well, this is embarrassing.

Our system has detected that your current CrakRevenue password is rather long.

We are working on modifying some technical things behind CrakRevenue, mainly on how we store data. And the thing is, your current CrakRevenue passwords exceeds the new allowed password char limit.

We contact you today, respectfully and kindly, asking you for your cooperation on this.
Please kindly change your password when you have a free moment to ensure no future issues!

New passwords must be between 4 - 16 characters max.

Please note, we are NOT asking you for your password.

Please do not respond with your password.

We ask that you head on over to your CrakRevenue Profile (crakrevenue.com/account) and change your password to something shorter. That’s all!

Thanks for your help on this!
----------------------------------------------------------------------------------------

But yep, if you have a longggg password — the "dude don't hack me bro" defcon level-1 kind — you received this e-mail. Passwords exceeding 16 chars will become problematic in a future update. Think of it this way: it's really no different than any other site dictating how long your password must be when you first sign up.

Anyway, sorry for the scare!
Comment
kkkkkk

svp get banned svp

Join Date: Dec 2005

Posts: 1628
Share

Post
#16

01-30-2016, 09:49 PM

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ
Comment
MFCT

Confirmed User

Join Date: Jan 2015

Posts: 1489
Share

Post
#17

01-30-2016, 09:50 PM

Originally posted by ladida

You do realise that the system can't know how long your password is right? The hashing algorithms used dont store the lenght of the password, although they do have limitations of the maximum lenght that it can store. So, whatever the hashing algorithm they used, the length of the hash is THE SAME for a password of 1 char and 100 char.
So in essence, your assumption is stupid.
The OP assumption has more merit.

You were saying, bro?

Keeping you abreast of the teens that get undressed.
Girls By Location - Couples By Location - Guys By Location - Trans By Location
Comment
plaster

So Fucking Banned

Join Date: Apr 2015

Posts: 2295
Share

Post
#18

01-30-2016, 10:18 PM

What a weird email.

Yo crak... you realize that in this thread you shouldn't know the length of password unless you store them insecure. . Right?
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#19

01-31-2016, 12:59 AM

Originally posted by MFCT

You were saying, bro?

I was saying what is true and still is.
There is no way for them to know the length of your password in a hashed form. The explanation also makes no sense because the hashing algorithm will just truncate the rest of the chars, if for example it has an input limit (which im not sure which one does other then the old 3DES from the htpasswd days) it just truncates the rest.

For example, if you try to hash a password "12345678901234567890" but it has a limit of 16 input chars, it will hash only first 16 and you can log in with "1234567890123456gjflsagjfksalfjdsaklfjdsaklfjdsak lfsa" if you want, because it will only check for the first 16 chars.

Regarding the email, only other thing that could prompt this is if their input form on website now has a limit of max 16 chars, but it was not like that before. So they have your password hashed with >16 chars, and if you tried to login with the >16 chars password now, the input form would truncate it and send it truncated to the database, which obviously would produce a different hash now then the one stored already in the database and you would not be able to log in.
So yea, they can't know the length of your pass when its hashed.

Ofc, this is if they are hashing them and not storing plaintext

agentGFY *at* gmail.com
Comment
LizardKing

Confirmed User

Join Date: Jul 2014

Posts: 522
Share

Post
#20

01-31-2016, 01:13 AM

Originally posted by CurrentlySober

i lik short passwords

"penis" - hope its not too short!

Get your site reviewed and listed at Porn Sites XXX
Comment
j3rkules

VIP

Join Date: Jul 2013

Posts: 22111
Share

Post
#21

01-31-2016, 01:39 AM

Thanks god it is not the Nigerian Prince.

How To Build A Porn Site And Make Money | My Best $$$ Cam Sponsor | New Webcam Script

3 Top Adult Hosting Providers
Comment
adultmobile

No, I am not banned

Join Date: Nov 2003

Posts: 5345
Share

Post
#22

01-31-2016, 06:03 AM

Originally posted by jerkules

Thanks god it is not the Nigerian Prince.

TubeCamGirl.com
Comment
webcamnews

Registered User

Join Date: Apr 2015

Posts: 92
Share

Post
#23

01-31-2016, 06:41 AM

Crak_Eric i know the original, full context email i got few days ago. I was asking something else in this thread:was database compromised? And now there is a new question: are passwords stored insecure? I mean do you really know the length of my pass? Is it true that if you know the length of my pass, the password is not encrypted in your system?
[later edit] P.S.: Nevermind....

webcam.news [@] gmail . com

Follow WEBCAMNEWS On Twitter

www.webcamnews.com - Latest XXX News
Comment
JamesDrews

Affiliate

Join Date: May 2013

Posts: 370
Share

Post
#24

01-31-2016, 07:19 AM

Originally posted by MFCT

I don't think they've been hacked. My understanding is they're migrating to new software or a new system. And the password length limit for this new system is 16 characters. If your password is longer than that (mine was), you'll have to change it to a 16-character one in order for them to transfer your record. Nothing to worry about.

Yep they will switch to a new dashboard system! I heard this from my AM.
Comment
freecartoonporn

Confirmed User

Join Date: Jan 2012

Posts: 7683
Share

Post
#25

01-31-2016, 10:57 PM

Originally posted by ladida

I was saying what is true and still is.
There is no way for them to know the length of your password in a hashed form. The explanation also makes no sense because the hashing algorithm will just truncate the rest of the chars, if for example it has an input limit (which im not sure which one does other then the old 3DES from the htpasswd days) it just truncates the rest.

For example, if you try to hash a password "12345678901234567890" but it has a limit of 16 input chars, it will hash only first 16 and you can log in with "1234567890123456gjflsagjfksalfjdsaklfjdsaklfjdsak lfsa" if you want, because it will only check for the first 16 chars.

Regarding the email, only other thing that could prompt this is if their input form on website now has a limit of max 16 chars, but it was not like that before. So they have your password hashed with >16 chars, and if you tried to login with the >16 chars password now, the input form would truncate it and send it truncated to the database, which obviously would produce a different hash now then the one stored already in the database and you would not be able to log in.
So yea, they can't know the length of your pass when its hashed.

Ofc, this is if they are hashing them and not storing plaintext

this

majority are using md5 encryption with/without salt these days so imho theres not much issue about password length here, as the md5 encrption can take any amounts of characters as input and throws 32 char long string.

SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
Comment
NoWhErE

Too lazy to set a custom title

Join Date: Sep 2005

Posts: 10583
Share

Post
#26

02-01-2016, 07:47 AM

Hi guys!

As some of you already know, we're currently migrating to a new a platform. The message you received was indeed from us and NOT a hack.

No security has been compromised. We are working on making our old system compatible with the new one and one of the steps is to migrate user credentials into a new setup that has a character limit on the password length.

We have a special decryption algorithm + salt that is transferring all of the information and flagging accounts that have passwords over the new limit.

At no time has your password been compromised or vulnerable.

We're sorry if this scared any of you. The emails went out quicker than expected and our comm team didn't have the time to warn you guys about the upcoming changes.

Remained assured that everything is still koscher.

Cheers!

skype: lordofthecameltoe
Comment
ruff

I have a plan B

Join Date: Aug 2004

Posts: 5507
Share

Post
#27

02-01-2016, 02:02 PM

A whole lot of drama for exactly what now? This is the kind of crap you get when you have so many surfers in a webmaster forum.

CryptoFeeds
Comment
LetterTwenty7

Porn SEO

Join Date: Feb 2015

Posts: 1825
Share

Post
#28

02-01-2016, 02:30 PM

So... Your password is?

Success stories of porn webmasters - one click away:
Discover how top porn sites grow their organic traffic!
<span style="color:White">[email protected]</span> | Telegram: https://t.me/LT7_Digital
Comment
Relic

So Fucking Banned

Join Date: Aug 2002

Posts: 10300
Share

Post
#29

02-01-2016, 02:31 PM
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#30

02-01-2016, 06:05 PM

Originally posted by NoWhErE

We have a special decryption algorithm + salt that is transferring all of the information and flagging accounts that have passwords over the new limit.

Ok, now this is total bullshit
There's no "special decryption algorithms" and the +salt thing also means nothing. You are now just digging whatever you write even more

Let me explain you one more thing
Hash = something that can't be decrypted. There is no "special algorithm" on that because it's just that, a hash. It can't be reversed. What it can be done is duplicated. Which would mean that you "duplicated" and hashed words of 16+ password lenght, which is so farfetched its insane to even think about. List of Rainbow Tables shows you the size of a rainbow table that has 1 to 10 char lengths. Im pretty sure you dont have the disk space to store rainbow table for passwords with 16+ chars.
Furthermore, if you were to try to "crack" the hash of a password for a 16+ chars, im also sure you would never ever hit it.

Your remark of "+ salt" also makes no sense. Would have been better if you didnt say anything.

agentGFY *at* gmail.com
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#31

02-01-2016, 06:18 PM

Here's md5 of a password with 21 chars
2061bf778a5cb9d7f72c55b09c46ba87

It's not even salted. Should be no problem no? You can do it fast since you probably have thousands of members when you were able to evaluate how big everyone's password is
From your answer i see you dont even understand what a salt is, or what is it's purpose.
Salt is used to make the redundancy on hashes even bigger. For example. "A" will always give a hash of 7fc56270e7a70fa81a5935b72eacbe29, so someone somewhere might have stored that same hash and saved it as "A", and someone might be able to reverse it by finding it, let's say, on google, or running it through hash breaking algorithms. Salt is invented so that each vendor/software platform could make up their own "salt" that could produce a different hash for "A", so that without knowing the salt, you can't replicate the hashing algorithm.
But still, password hashed with or without salt, you CANT KNOW ITS LENGTH.

so you were storing them plaintext?

agentGFY *at* gmail.com
Comment
plaster

So Fucking Banned

Join Date: Apr 2015

Posts: 2295
Share

Post
#32

02-01-2016, 06:26 PM

A good excuse would be to say that on initial choosing of password the system stored the number of digits chosen.

Does it really matter though? This isn't your bank... it's an affiliate program. Crak should just say "sorry"... new system won't store passwords going forward.
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#33

02-01-2016, 06:31 PM

I don't care since i did nothing with them, it's just funny how from a simple question they dug themselves with this. The more they write, the more you see something's just not right there.

However, if you think there's no problem with someone knowing your affiliate password, you'd be dead wrong. Maybe not if you're 0 hit affiliate. But someone doing xxx$ weekly would definitely care. From knowing your traffic sources, from possible email intrusion, to switching payment methods.

agentGFY *at* gmail.com
Comment
Relic

So Fucking Banned

Join Date: Aug 2002

Posts: 10300
Share

Post
#34

02-01-2016, 06:32 PM

run the sky is falling
Comment
Google Expert

Webmaster

Join Date: Jun 2004

Posts: 14294
Share

Post
#35

02-01-2016, 10:44 PM

Originally posted by Crak_Eric

Hi guys,

No, we weren't hacked, and we're sorry if there was any confusion relating to this e-mail.

We feared some might think 'phishing' so we did make it a point to say we didn't want you to respond with your password, that we weren't asking your password, and we even gave official instructions on how to make the change via CrakRevenue's official website rather than doing it through a link, for those exact reasons.

----------------------------------------------------------------------------------------
Here's the e-mail you received (in original, full context)
----------------------------------------------------------------------------------------

Well, this is embarrassing.

Our system has detected that your current CrakRevenue password is rather long.

We are working on modifying some technical things behind CrakRevenue, mainly on how we store data. And the thing is, your current CrakRevenue passwords exceeds the new allowed password char limit.

We contact you today, respectfully and kindly, asking you for your cooperation on this.
Please kindly change your password when you have a free moment to ensure no future issues!

New passwords must be between 4 - 16 characters max.

Please note, we are NOT asking you for your password.

Please do not respond with your password.

We ask that you head on over to your CrakRevenue Profile (crakrevenue.com/account) and change your password to something shorter. Thatâ??s all!

Thanks for your help on this!
----------------------------------------------------------------------------------------

But yep, if you have a longggg password â?? the "dude don't hack me bro" defcon level-1 kind â?? you received this e-mail. Passwords exceeding 16 chars will become problematic in a future update. Think of it this way: it's really no different than any other site dictating how long your password must be when you first sign up.

Anyway, sorry for the scare!

Damage control mode: ON
Comment
LizardKing

Confirmed User

Join Date: Jul 2014

Posts: 522
Share

Post
#36

02-01-2016, 11:11 PM

Originally posted by Muad'Dib

Our system has detected that

You just should not start harmless mails with this.

Get your site reviewed and listed at Porn Sites XXX
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#37

02-03-2016, 03:32 AM

Heh, they saw it's better to let it die.

agentGFY *at* gmail.com
Comment
olivierx

Confirmed User

Join Date: Jan 2012

Posts: 122
Share

Post
#38

02-03-2016, 05:28 AM

md5 of 64 character password: 44b0786e70c3c1ce5c8edc4ca77f9819
md5 of 255 char password :e3491d81b6b929e6e45c042cbefc212b
md5 of 16 char password: a74298e4a259759687e3a5acb2e7ae12

Is crakrevenue storing unsecure password?
Comment
potter

Confirmed User

Join Date: Dec 2004

Posts: 6559
Share

Post
#39

02-03-2016, 06:02 AM

Originally posted by ruff

A whole lot of drama for exactly what now? This is the kind of crap you get when you have so many surfers in a webmaster forum.

On the contrary actually.

Crack has stated that they know how long the passwords are (which means they either are storing passwords as plain text in their database, or they have a database schema with a huge security hole). Either way it means their form of password storage is compromised.

They've also now said they have a "de-cryption" method which is complete horse shit. If they're storing passwords with a hash method there's no way to de-crypt them. You can figure out what a password is from the hashed version - but it isn't de-cryption - it's a dedicated "guessing machine" that runs the billions of combinations through the hash function until it finds the match. That's not something they'd have the capacity for.
Comment
Google Expert

Webmaster

Join Date: Jun 2004

Posts: 14294
Share

Post
#40

02-03-2016, 07:38 AM

Originally posted by potter

Either way it means their form of password storage is compromised.

This, tbh.

Programs DBs get hacked on a daily basis, no matter how big you are.

The question is what they did with it. Just dumped the email list, login infos or injected some custom written shells into the system for future use.
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#41

02-04-2016, 01:00 AM

Crickets.

agentGFY *at* gmail.com
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#42

02-04-2016, 04:12 PM

Bump for new age hash decryption+salt!

agentGFY *at* gmail.com
Comment
patadeperro

Confirmed User

Join Date: Feb 2013

Posts: 929
Share

Post
#43

02-04-2016, 04:51 PM

Another bump for the great phrase:"hash decryption+salt" hahahahahahah

email me at support (at) adultvideoblaster (dot) com
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#44

02-05-2016, 12:07 PM

Originally posted by NoWhErE

We have a special decryption algorithm + salt

Hi. Can i buy your special hash decryption + salt algorithm? I'd resell to NSA if possible.

agentGFY *at* gmail.com
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#45

02-08-2016, 03:56 AM

Bump for perfect "hash decryption + salt" solution!

agentGFY *at* gmail.com
Comment
Penny24Seven

So Fucking What

Join Date: Jun 2007

Posts: 6287
Share

Post
#46

02-08-2016, 04:16 AM

Originally posted by ladida

Bump for perfect "hash decryption + salt" solution!

E=MC with a little 2 above the C

Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny
Comment
tammix

Confirmed User

Join Date: Apr 2006

Posts: 2164
Share

Post
#47

02-08-2016, 06:13 AM

hi eric do you have icq?
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#48

02-08-2016, 03:07 PM

Imagine this, they are no longer responding :P

agentGFY *at* gmail.com
Comment
ladida

Confirmed User

Join Date: Nov 2005

Posts: 2179
Share

Post
#49

02-10-2016, 09:24 AM

You could make a fortune on this guys. Sell the hash decryption+salt thing!

agentGFY *at* gmail.com
Comment
Penny24Seven

So Fucking What

Join Date: Jun 2007

Posts: 6287
Share

Post
#50

02-11-2016, 05:04 AM

So were they hacked? Still not sure

Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny
Comment

Previous 1 2 template Next

Working...