Webmaster database hacked? - GoFuckYourself.com

J B · 12-21-2006, 10:53 AM

Firstly, to avoid confusion... the StatsRemote database was not hacked!

In the last two days we had massive brute force password hacking attempts. It looks like somebody got access to some webmaster database including usernames and passwords. The reason we believe this is that we recognized quite a few usernames of people from various webmaster boards that have never been a member of StatsRemote.

Thousands of username/password combinations were run and we believe that about 10 StatsRemote accounts were compromised. In some of these cases we're sure that the accounts were comprimised, in other cases we just suspect it as it's not 100% clear. We already changed the passwords of these accounts and the members have been informed by email.

Please note: Just because somebody got access to your StatsRemote account doesn't mean that they have access to any of your data. As all StatsRemote data is stored enrypted on your hard drive, nobody will have access to this data. The only thing they could do is run StatsRemote with your username and password, but they don't have access to any of your data. If you use the same username/password combination for other sites, they might get access to these sites though. That's why we suggest that you don't use the same username/password combination for multiple sites, at least not for important ones.

If anybody has any questions, feel free to contact me -> jb A T statsremote D O T com

quantum-x · 12-21-2006, 11:07 AM

Ouch.
Are your passes md5, sha etc?

Md5 will mean the rainbow project is going to be getting some hits.

J B · 12-21-2006, 11:14 AM

Quote:

Originally Posted by quantum-x

Ouch.
Are your passes md5, sha etc?

Md5 will mean the rainbow project is going to be getting some hits.

Well, if people use the same user/pass combination on multiple sites and somebody gets working combinations from another site's database and tries these at statsremote.com, they will be able to log into the accounts no matter what.

Ange · 02-04-2007, 12:48 PM

we gotta stop em

Trax · 02-04-2007, 12:56 PM

it would be interesting to know WHERE they got this data from...
i dont worry about my SR account
but about the other database where this was taken from

Pimpin_J · 02-04-2007, 02:24 PM

Quote:

Originally Posted by Trax

it would be interesting to know WHERE they got this data from...
i dont worry about my SR account
but about the other database where this was taken from

Good question!

sacX · 02-04-2007, 06:15 PM

scary thought. *bump

12-21-2006, 10:53 AM	#1
J B Confirmed User Join Date: May 2002 Location: StatsRemote.com Posts: 1,804	Webmaster database hacked? Firstly, to avoid confusion... the StatsRemote database was not hacked! In the last two days we had massive brute force password hacking attempts. It looks like somebody got access to some webmaster database including usernames and passwords. The reason we believe this is that we recognized quite a few usernames of people from various webmaster boards that have never been a member of StatsRemote. Thousands of username/password combinations were run and we believe that about 10 StatsRemote accounts were compromised. In some of these cases we're sure that the accounts were comprimised, in other cases we just suspect it as it's not 100% clear. We already changed the passwords of these accounts and the members have been informed by email. Please note: Just because somebody got access to your StatsRemote account doesn't mean that they have access to any of your data. As all StatsRemote data is stored enrypted on your hard drive, nobody will have access to this data. The only thing they could do is run StatsRemote with your username and password, but they don't have access to any of your data. If you use the same username/password combination for other sites, they might get access to these sites though. That's why we suggest that you don't use the same username/password combination for multiple sites, at least not for important ones. If anybody has any questions, feel free to contact me -> jb A T statsremote D O T com __________________ A HUGE TIME SAVER FOR LESS THAN $1 PER DAY! Contact: support A\|T statsremote D\|O\|T com

12-21-2006, 11:07 AM	#2
quantum-x Confirmed User Join Date: Feb 2002 Location: ICQ: 251425 Fr/Au/Ca Posts: 6,863	Ouch. Are your passes md5, sha etc? Md5 will mean the rainbow project is going to be getting some hits. __________________ PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

02-04-2007, 06:15 PM	#7
sacX Confirmed User Join Date: Dec 2002 Location: New Zealand Posts: 2,998	scary thought. *bump __________________ Have Asian Language Traffic?

02-04-2007, 12:48 PM	#4
Ange Registered User Join Date: Jan 2006 Posts: 44	we gotta stop em

02-04-2007, 12:56 PM	#5
Trax [----------------------] Join Date: Aug 2001 Posts: 14,486	it would be interesting to know WHERE they got this data from... i dont worry about my SR account but about the other database where this was taken from