Webmaster database hacked?
 

Firstly, to avoid confusion... the StatsRemote database was not hacked!

In the last two days we had massive brute force password hacking attempts. It looks like somebody got access to some webmaster database including usernames and passwords. The reason we believe this is that we recognized quite a few usernames of people from various webmaster boards that have never been a member of StatsRemote.

Thousands of username/password combinations were run and we believe that about 10 StatsRemote accounts were compromised. In some of these cases we're sure that the accounts were comprimised, in other cases we just suspect it as it's not 100% clear. We already changed the passwords of these accounts and the members have been informed by email.

Please note: Just because somebody got access to your StatsRemote account doesn't mean that they have access to any of your data. As all StatsRemote data is stored enrypted on your hard drive, nobody will have access to this data. The only thing they could do is run StatsRemote with your username and password, but they don't have access to any of your data. If you use the same username/password combination for other sites, they might get access to these sites though. That's why we suggest that you don't use the same username/password combination for multiple sites, at least not for important ones.

If anybody has any questions, feel free to contact me -> jb A T statsremote D O T com

Ouch.
Are your passes md5, sha etc?

Md5 will mean the rainbow project is going to be getting some hits.

Well, if people use the same user/pass combination on multiple sites and somebody gets working combinations from another site's database and tries these at statsremote.com, they will be able to log into the accounts no matter what.

we gotta stop em

it would be interesting to know WHERE they got this data from...
i dont worry about my SR account
but about the other database where this was taken from

Good question!

scary thought. *bump