Archive for October, 2009

TPR site hacked

Thursday, October 22nd, 2009

Our sincerest condolences for the hacking of Site is down, and the group that did this has posted the full sql database, which includes all user information. This includes your username, email address, and possibly password (although the password is encrypted) that was on the forums. Most of the passwords in the forums sql file I saw were blank. Perhaps these passwords had expired on the forums, or these passwords were users who recently reentered their passwords after Robb sent out the email the other day about changing them. But the passwords in the newsletter subscriber file seem to all be there. I have found some of the whootah members info in the database, but for the ones I checked I did not find the password in the forums database, the field was blank. I did find some of whootah members passwords in the newsletter database. So if anyone thought they no longer had an account there still, you probably should change your password just in case, even though some people have told me they have deleted their account there, or requested it to be deleted. Whootah members, Contact me privately since you all know how to contact me, and I know how you would do so and I can see if yours is in the database as well. It is to note I’m not sure what the encrypting code is for the passwords, so I can not tell you what password they received. But I can tell you if you’re in the database listing.

I have not talked with Robb, or anyone about this at all, this is all just from my reading and investigating. I image this could have started with an exploit on phplist noted here to dump the newsletter subscribers information. Then they used that set of passwords to find the admin account and logged in, eventually gaining cpanel access, which then allowed the sql database dump. With that, they can do whatever they want to the site, and with the information it contains.

From reading comments on the interwebs, it seems they may be trying to say this was a phishing attempt on the forums and have asked you to change the password you use on the forums. If you follow some peoples recommendations to use a different password for each login account you have, then you’re safe. But who does that? I can guarantee you the hackers infiltrated the site via exploits and gained access to the full databases. I urge all current and former members of TPR to change any password on ANY website where they used the same TPR password. The passwords you used are now on the net (although encrypted), and will be sold and had fun with by bored people and those who intend to use it to make money.

This is unfortunate for our community , and I know that Robb has a lot of work ahead of him to recover from this.