Jump to content

Malwarebytes Forum Hacked?


Ponting

Recommended Posts

Just a few hours ago, I received the following letter in my email:

Alert.jpg

https://forums.malwarebytes.org/index.php?/topic/161264-mwb-forum-hacked-phishing-email/

There’s several lessons that can be learned in this:
1) Never use the same password twice. The same password used at a hacked site, used elsewhere, is asking for your accounts to be compromised. I’ve seen it happen.

2) Keep your site software up to date. Whether you’re using Invision Power Board, WordPress, Magento, Drupal, or some other solution: Keep it updated!

3) If you can’t properly manage your security, hire someone who can

Marcin fessed up here, which is nice. But it never should have happened. You’d think that a company like Malwarebytes would keep things updated, but phrases like “They know their software best and as vulnerabilities are discovered, they can patch them more quickly” lead me to believe that this breach was due to a vulnerability that Malwarebytes didn’t patch quick enough, even though the updates were available.

So if it can happen to Malwarebytes, it can happen to you. Keep your software updated!


Source: http://www.tidbitsfortechs.com/2014/11/malwarebytes-forum-hacked/

Link to comment
Share on other sites


  • Replies 10
  • Views 2.2k
  • Created
  • Last Reply

Is it definitely from MWB - I am registered but haven't got an email!

Same here, haven't got an email

Link to comment
Share on other sites


Be calm - no one hacked into it. It's just a great way to get rid of the passive members of the forum. Known administrators tactical trick.

Link to comment
Share on other sites


Airstream_Bill

I got an email from them telling me the same thing.

Link to comment
Share on other sites


https://forums.malwarebytes.org/index.php?/topic/161236-malwarebytesorg-comprimised/?p=910678

Posted Yesterday, 02:54 AM

Hi guys, Malwarebytes.org was not compromised, only the one server that is running this forum. Invision is known for having vulnerabilities and gets exploited all the time, unfortunately we fell victim to that. The e-mails are still going out, should be done in a few hours. Purging user passwords was precautionary and since we just moved away from our servers and went to hosting the board with Invision, we used it as an opportunity.

Let me know if you have any questions or you can e-mail me smile.png.

Marcin Kleczynski
Chief Executive Officer

Link to comment
Share on other sites


Be calm - no one hacked into it.

It's just a great way to get rid of the passive members of the forum.

Known administrators tactical trick.

:jester: :fun: :lmao: :rofl:

Link to comment
Share on other sites


Malwarebytes Forum Used

Community Forum Software by IP.Board
Licensed to: Malwarebytes

What version?

now was 3.47

Link to comment
Share on other sites


The exploit came out the night before it was used. It wasn’t given straight to Invision and the exploit along with a working script was distributed on a very large security mailing list. MANY IPB forums were compromised. Even more are still vulnerable. This is not an issue with passwords. It’s an issue with the forum software itself. Looking into IPB, it looks like this happens all the time with their software. Now that they’ve moved it into their cloud, those customers should be the first to be patched.

http://www.tidbitsfortechs.com/2014/11/malwarebytes-forum-hacked/

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...