Ponting Posted November 21, 2014 Share Posted November 21, 2014 Just a few hours ago, I received the following letter in my email: https://forums.malwarebytes.org/index.php?/topic/161264-mwb-forum-hacked-phishing-email/There’s several lessons that can be learned in this:1) Never use the same password twice. The same password used at a hacked site, used elsewhere, is asking for your accounts to be compromised. I’ve seen it happen.2) Keep your site software up to date. Whether you’re using Invision Power Board, WordPress, Magento, Drupal, or some other solution: Keep it updated!3) If you can’t properly manage your security, hire someone who canMarcin fessed up here, which is nice. But it never should have happened. You’d think that a company like Malwarebytes would keep things updated, but phrases like “They know their software best and as vulnerabilities are discovered, they can patch them more quickly” lead me to believe that this breach was due to a vulnerability that Malwarebytes didn’t patch quick enough, even though the updates were available.So if it can happen to Malwarebytes, it can happen to you. Keep your software updated! Source: http://www.tidbitsfortechs.com/2014/11/malwarebytes-forum-hacked/ Link to comment Share on other sites More sharing options...
Chancer Posted November 21, 2014 Share Posted November 21, 2014 Is it definitely from MWB - I am registered but haven't got an email! Link to comment Share on other sites More sharing options...
Ponting Posted November 21, 2014 Author Share Posted November 21, 2014 Is it definitely from MWB - I am registered but haven't got an email!:yes:https://forums.malwarebytes.org/index.php?/topic/161264-mwb-forum-hacked-phishing-email/?do=findComment&comment=911016 Link to comment Share on other sites More sharing options...
iih1 Posted November 21, 2014 Share Posted November 21, 2014 Is it definitely from MWB - I am registered but haven't got an email!Same here, haven't got an email Link to comment Share on other sites More sharing options...
Kalju Posted November 22, 2014 Share Posted November 22, 2014 Be calm - no one hacked into it. It's just a great way to get rid of the passive members of the forum. Known administrators tactical trick. Link to comment Share on other sites More sharing options...
Airstream_Bill Posted November 22, 2014 Share Posted November 22, 2014 I got an email from them telling me the same thing. Link to comment Share on other sites More sharing options...
MasterFaster Posted November 22, 2014 Share Posted November 22, 2014 Maybe they got hacked or maybe not. Let's wait and see. Link to comment Share on other sites More sharing options...
Skunk1966 Posted November 22, 2014 Share Posted November 22, 2014 https://forums.malwarebytes.org/index.php?/topic/161236-malwarebytesorg-comprimised/?p=910678 Posted Yesterday, 02:54 AMHi guys, Malwarebytes.org was not compromised, only the one server that is running this forum. Invision is known for having vulnerabilities and gets exploited all the time, unfortunately we fell victim to that. The e-mails are still going out, should be done in a few hours. Purging user passwords was precautionary and since we just moved away from our servers and went to hosting the board with Invision, we used it as an opportunity.Let me know if you have any questions or you can e-mail me .Marcin KleczynskiChief Executive Officer Link to comment Share on other sites More sharing options...
212eta Posted November 22, 2014 Share Posted November 22, 2014 Be calm - no one hacked into it.It's just a great way to get rid of the passive members of the forum.Known administrators tactical trick. :jester: :fun: :lmao: :rofl: Link to comment Share on other sites More sharing options...
iih1 Posted November 23, 2014 Share Posted November 23, 2014 Malwarebytes Forum UsedCommunity Forum Software by IP.BoardLicensed to: MalwarebytesWhat version?now was 3.47 Link to comment Share on other sites More sharing options...
SnakeMasteR Posted November 23, 2014 Share Posted November 23, 2014 The exploit came out the night before it was used. It wasn’t given straight to Invision and the exploit along with a working script was distributed on a very large security mailing list. MANY IPB forums were compromised. Even more are still vulnerable. This is not an issue with passwords. It’s an issue with the forum software itself. Looking into IPB, it looks like this happens all the time with their software. Now that they’ve moved it into their cloud, those customers should be the first to be patched.http://www.tidbitsfortechs.com/2014/11/malwarebytes-forum-hacked/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.