Site Talk
Site announcements, comments, or feedback about the site.
Site announcements, comments, or feedback about the site.
Hosted by Darren Baker, Jim Starkweather
Hacked
ACESES5
Indiana, United States
Joined: April 04, 2010
KitMaker: 71 posts
Armorama: 26 posts
Joined: April 04, 2010
KitMaker: 71 posts
Armorama: 26 posts
Posted: Monday, December 03, 2018 - 12:15 PM UTC
I am going to not post here for a month or two my account was hacked I have received 2 emails from someone saying he had my password. I changed it so if anything shows up with my name ignor it's not me. See you all later ACESES5
RobinNilsson
TOS Moderator
Stockholm, Sweden
Joined: November 29, 2006
KitMaker: 6,693 posts
Armorama: 5,562 posts
Joined: November 29, 2006
KitMaker: 6,693 posts
Armorama: 5,562 posts
Posted: Monday, December 03, 2018 - 11:06 PM UTC
I have heard a similar story before, from another user of this forum.
Make sure that you change your password and DO NOT use the same password on different sites since that only makes it easier for hackers.
Did the email suggest that you take any actions? Sometimes they try to scare people into doing something stupid.
"WARNING! Your account at xyz-site has been hacked and your password stolen. Use this recovery link, link/to/bogus/web-site.crime, to recover your passwords."
Almost nobody falls for this trick but if they are able to fool say 5% they have still fooled a large number of people.
/ Robin
Make sure that you change your password and DO NOT use the same password on different sites since that only makes it easier for hackers.
Did the email suggest that you take any actions? Sometimes they try to scare people into doing something stupid.
"WARNING! Your account at xyz-site has been hacked and your password stolen. Use this recovery link, link/to/bogus/web-site.crime, to recover your passwords."
Almost nobody falls for this trick but if they are able to fool say 5% they have still fooled a large number of people.
/ Robin
Posted: Tuesday, December 04, 2018 - 03:52 AM UTC
Hi Mark (and everyone),
I am sorry you were targeted with one of these emails. Our database has been breached in the past and there is not much chance it is not going to get breached in the future either. Here is a list of companies that got hacked in 2018...
https://www.businessinsider.com/data-breaches-2018-4#best-buy-7
And they have tech staffs in the 100s most likely so it's not like me (one guy) is going to create a hack-proof site.
As to how they got your password it's also pretty simple. Once they hack a database and get all the encrypted passwords they run them through a reverse database of encryptions. So even passwords like 'gandalf1458' for example will be easy for them to decrypt. This is why hardly ANY large corporate site with data like credit card info or banking access is not doing dual login verification. People are simply not choosing complex enough passwords for their accounts. Multiple special characters ($%*#) are highly advisable and the longer the better. Many of my accounts use passwords like 6fX#si8-4sZ4QasU6% and I store them in a secured text file.
The emails that hackers are sending out to people are a bit laughable though. Here is one:
Again sorry for any worries. He hasn't hacked your PC or put malware on your PC.
Also this isn't just happening here, it's going on with literally every site on the net. This has been a national news story on one network recently specifically regarding emails like the one above.
Best wishes,
Jim
I am sorry you were targeted with one of these emails. Our database has been breached in the past and there is not much chance it is not going to get breached in the future either. Here is a list of companies that got hacked in 2018...
https://www.businessinsider.com/data-breaches-2018-4#best-buy-7
And they have tech staffs in the 100s most likely so it's not like me (one guy) is going to create a hack-proof site.
As to how they got your password it's also pretty simple. Once they hack a database and get all the encrypted passwords they run them through a reverse database of encryptions. So even passwords like 'gandalf1458' for example will be easy for them to decrypt. This is why hardly ANY large corporate site with data like credit card info or banking access is not doing dual login verification. People are simply not choosing complex enough passwords for their accounts. Multiple special characters ($%*#) are highly advisable and the longer the better. Many of my accounts use passwords like 6fX#si8-4sZ4QasU6% and I store them in a secured text file.
The emails that hackers are sending out to people are a bit laughable though. Here is one:
Quoted Text
I greet you!
I have bad news for you.
07/08/2018 - on this day I hacked your operating system and got full access to your account [email protected]
On that day your account ([email protected]) password was: test1234
It is useless to change the password, my malware intercepts it every time.
How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a small amount of money to unlock.
But I looked at the sites that you regularly visit, and came to the big delight of your favorite resources.
I'm talking about sites for adults.
I want to say - you are a big pervert. You have unbridled fantasy!
After that, an idea came to my mind.
I made a screenshot of the intimate website where you have fun (you know what it is about, right?).
After that, I took off your joys (using the camera of your device). It turned out beautifully, do not hesitate.
I am strongly belive that you would not like to show these pictures to your relatives, friends or colleagues.
I think $901 is a very small amount for my silence.
Besides, I spent a lot of time on you!
I accept money only in Bitcoins.
My BTC wallet: 12ziVv4aQkZTA1gj86Y9uYQByG4CcdVcTA
You do not know how to replenish a Bitcoin wallet?
In any search engine write "how to send money to btc wallet".
It's easier than send money to a credit card!
For payment you have a little more than two days (exactly 50 hours).
Do not worry, the timer will start at the moment when you open this letter. Yes, yes .. it has already started!
After payment, my virus and dirty photos with you self-destruct automatically.
Narrative, if I do not receive the specified amount from you, then your device will be blocked, and all your contacts will receive a photos with your "joys".
I want you to be prudent.
- Do not try to find and destroy my virus! (All your data is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.
P.S. I guarantee you that I will not disturb you again after payment, as you are not my single victim.
This is a hacker code of honor.
From now on, I advise you to use good antiviruses and update them regularly (several times a day)!
Don't be mad at me, everyone has their own work.
Farewell.
Again sorry for any worries. He hasn't hacked your PC or put malware on your PC.
Also this isn't just happening here, it's going on with literally every site on the net. This has been a national news story on one network recently specifically regarding emails like the one above.
Best wishes,
Jim
MikeyBugs95
New York, United States
Joined: May 27, 2013
KitMaker: 2,210 posts
Armorama: 1,712 posts
Joined: May 27, 2013
KitMaker: 2,210 posts
Armorama: 1,712 posts
Posted: Wednesday, December 05, 2018 - 08:15 AM UTC
I've gotten those emails too. You're account hasn't actually been hacked. Change your password for your emails and whatever other passwords you want to change and you should be fine.
brekinapez
Georgia, United States
Joined: July 26, 2013
KitMaker: 2,272 posts
Armorama: 1,860 posts
Joined: July 26, 2013
KitMaker: 2,272 posts
Armorama: 1,860 posts
Posted: Wednesday, December 05, 2018 - 09:11 AM UTC
Quoted Text
I've gotten those emails too. You're account hasn't actually been hacked. Change your password for your emails and whatever other passwords you want to change and you should be fine.
Quoted Text
put quote text here
I received two of those long ones (different wording but basically the same) a week apart. I ignored them and nothing came of it. It is what is called, "scareware"; that is they are trying to scare ignorant people into sending money for nothing.
The chicks are free.
Frenchy
Rhone, France
Joined: December 02, 2002
KitMaker: 12,719 posts
Armorama: 12,507 posts
Joined: December 02, 2002
KitMaker: 12,719 posts
Armorama: 12,507 posts
Posted: Wednesday, December 05, 2018 - 10:36 AM UTC
https://www.theregister.co.uk/2018/07/13/hacker_extortion_scam/
https://techcrunch.com/2018/07/12/ransomware-technique-uses-your-real-passwords-to-trick-you/?guccounter=1
https://www.techlicious.com/blog/is-the-porn-blackmail-scam-real/
In the two emails I have received, the wise guys used my callsign, not my password. In both cases they were ill-informed...I don't have any webcam
H.P.
https://techcrunch.com/2018/07/12/ransomware-technique-uses-your-real-passwords-to-trick-you/?guccounter=1
https://www.techlicious.com/blog/is-the-porn-blackmail-scam-real/
In the two emails I have received, the wise guys used my callsign, not my password. In both cases they were ill-informed...I don't have any webcam
H.P.
drabslab
European Union
Joined: September 28, 2004
KitMaker: 2,186 posts
Armorama: 190 posts
Joined: September 28, 2004
KitMaker: 2,186 posts
Armorama: 190 posts
Posted: Thursday, December 06, 2018 - 08:01 PM UTC
Quoted Text
And they have tech staffs in the 100s most likely so it's not like me (one guy) is going to create a hack-proof site.
Best wishes,
Jim
I agree, its very difficult to be completely fail safe but there are some measures that could help a lot:
for instance, upgrade to PHP 7.x instead of the outdated version 5.3.29.
and implement oauth/openid which moves some of the security worries to the large companies such as Microsoft and Google that can afford those hundreds of dedicated IT staff.
sherb
New York, United States
Joined: August 25, 2004
KitMaker: 752 posts
Armorama: 378 posts
Joined: August 25, 2004
KitMaker: 752 posts
Armorama: 378 posts
Posted: Tuesday, February 05, 2019 - 08:31 AM UTC
Just thought I'd bounce this thread back up to the top. Today I found a similar email to the one Jim posted in this thread on December 4th, in my spam mail folder.
The email I got said they know I use _____ as a password. Which happens to be the password I use for this site. Obviously, I've since changed it.
They must be having a hard time getting people to pay the $900 in bitcoin because my price for their silence dropped to $800 and change
I know it's a scam but seeing this thread helped put my mind at ease.
The email I got said they know I use _____ as a password. Which happens to be the password I use for this site. Obviously, I've since changed it.
They must be having a hard time getting people to pay the $900 in bitcoin because my price for their silence dropped to $800 and change
I know it's a scam but seeing this thread helped put my mind at ease.
Posted: Tuesday, February 05, 2019 - 11:33 AM UTC
I've received several of these types of 'scareware' emails. I don't have a webcam and "sites for adults" don't hold any interest for me so right away I was suspicious. I changed passwords (they weren't the password I use on this site) and ignored the emails. Haven't heard back from the hacker.
Cheers,
C.
Cheers,
C.
Buckeyes57
Ohio, United States
Joined: September 14, 2010
KitMaker: 135 posts
Armorama: 130 posts
Joined: September 14, 2010
KitMaker: 135 posts
Armorama: 130 posts
Posted: Tuesday, February 05, 2019 - 12:00 PM UTC
I got one of these also, too bad I do not have a camera set up.
M_Wittmann
Cluj, Romania
Joined: August 25, 2005
KitMaker: 42 posts
Armorama: 41 posts
Joined: August 25, 2005
KitMaker: 42 posts
Armorama: 41 posts
Posted: Friday, April 26, 2019 - 07:36 AM UTC
It has happened to me too. Basically the same message with the same money request and warnings. But just like Henry Pierre, I don't have a webcam, so I figured out it was a scam. I guess I will have to change the password for armorama.
Posted: Friday, April 26, 2019 - 07:51 AM UTC
Found the same e-mail in my Spam folder today.
Poor guys, they'll starve to death, if they expect me to "feed" them.
My laptop has serial webcamera and an add-on from me (Tamiya masking paper).
Poor guys, they'll starve to death, if they expect me to "feed" them.
My laptop has serial webcamera and an add-on from me (Tamiya masking paper).
petbat
Queensland, Australia
Joined: August 06, 2005
KitMaker: 3,353 posts
Armorama: 3,121 posts
Joined: August 06, 2005
KitMaker: 3,353 posts
Armorama: 3,121 posts
Posted: Friday, April 26, 2019 - 08:40 AM UTC
Quoted Text
My laptop has serial webcamera and an add-on from me (Tamiya masking paper).
Low tech solution, but lets see them hack their way around that!
I never use the same password for any two accounts, and never save them to the PC. I always punch them in every time. It helps me keep my brain active, keeping them all sorted, especially the important ones, as they are gibberish with symbols etc.
Maybe that is why I haven't had one of these spam emails, but I keep winning millions of $'s that I never collect... and I'm still waiting for the Federal Police to come arrest me for 'unpaid' fines - a bit concerning as they were apparently 5 minutes away, months ago. I hope the Feds didn't have an accident.
RobinNilsson
TOS Moderator
Stockholm, Sweden
Joined: November 29, 2006
KitMaker: 6,693 posts
Armorama: 5,562 posts
Joined: November 29, 2006
KitMaker: 6,693 posts
Armorama: 5,562 posts
Posted: Friday, April 26, 2019 - 09:51 AM UTC
Maybe the Feds were using a hacked GPS which keeps on sending them on the wrong way ...
brekinapez
Georgia, United States
Joined: July 26, 2013
KitMaker: 2,272 posts
Armorama: 1,860 posts
Joined: July 26, 2013
KitMaker: 2,272 posts
Armorama: 1,860 posts
Posted: Friday, April 26, 2019 - 11:03 AM UTC
Quoted Text
Maybe the Feds were using a hacked GPS which keeps on sending them on the wrong way ...
Or the unpatched iPhone app.
Posted: Sunday, June 16, 2019 - 03:04 AM UTC
I just received an e-mail stating that someone knows my password, and they did have my password for this site, and to send them bitcoin money or they would post compromising photos of me. Well, that part isn't possible but they do have my password. Luckily I don't use the password for this site anywhere else.
Anyway, just letting everyone know that they are out there and are getting our passwords somehow.
Randy
Anyway, just letting everyone know that they are out there and are getting our passwords somehow.
Randy
RadekZ
Warszawa, Poland
Joined: March 12, 2013
KitMaker: 125 posts
Armorama: 36 posts
Joined: March 12, 2013
KitMaker: 125 posts
Armorama: 36 posts
Posted: Sunday, June 16, 2019 - 05:52 PM UTC
Hello guys,
just for your information - there's a very good website that provides information when, where and what was compromised regarding your accounts on various websites etc.
It's called Have I been pwned .
And as for email many of us got some mutation of this message - it's just a scam that uses one of the leaked addresses/passwords database from one of data breaches.
If you change a password on particular website you are pretty much safe from hacker (until next data breach ).
Cheers,
Radek
PS. Yes, I've been "pwned" too, 5 times, got scam mail few months ago, and no... nothing happened ... secret video recorded on non-existent webcam on my pc was not shared with my friends
just for your information - there's a very good website that provides information when, where and what was compromised regarding your accounts on various websites etc.
It's called Have I been pwned .
And as for email many of us got some mutation of this message - it's just a scam that uses one of the leaked addresses/passwords database from one of data breaches.
If you change a password on particular website you are pretty much safe from hacker (until next data breach ).
Cheers,
Radek
PS. Yes, I've been "pwned" too, 5 times, got scam mail few months ago, and no... nothing happened ... secret video recorded on non-existent webcam on my pc was not shared with my friends
brekinapez
Georgia, United States
Joined: July 26, 2013
KitMaker: 2,272 posts
Armorama: 1,860 posts
Joined: July 26, 2013
KitMaker: 2,272 posts
Armorama: 1,860 posts
Posted: Monday, June 17, 2019 - 08:34 AM UTC
My only uncompromised email was my work email from the high school I was at last. It was an internal system, and definitely not a high-profile target for a hacker, but it was certainly more secure than Comcast, Hotmail, AT&T, or one of the main insurance providers for the Georgia state government.
babaoriley
California, United States
Joined: June 23, 2017
KitMaker: 195 posts
Armorama: 179 posts
Joined: June 23, 2017
KitMaker: 195 posts
Armorama: 179 posts
Posted: Monday, June 17, 2019 - 09:23 AM UTC
Are you guys sure this is a scam? I suppose next you'll be telling me that Nigerian prince isn't really going to deposit five million dollars in my bank account for which I just wired only a couple of thousand bucks to cover handling fees. People are so cynical these days.
brekinapez
Georgia, United States
Joined: July 26, 2013
KitMaker: 2,272 posts
Armorama: 1,860 posts
Joined: July 26, 2013
KitMaker: 2,272 posts
Armorama: 1,860 posts
Posted: Monday, June 17, 2019 - 10:21 AM UTC
Quoted Text
Are you guys sure this is a scam? I suppose next you'll be telling me that Nigerian prince isn't really going to deposit five million dollars in my bank account for which I just wired only a couple of thousand bucks to cover handling fees. People are so cynical these days.
Oh, yes, this is the scam.
In the real one the guy has also hacked into your favorite grocer's app and knows all your guilty-pleasure snacks, which info he will sell to pop-up marketers if you don't pay up, bub.
Bravo36
Arizona, United States
Joined: January 11, 2002
KitMaker: 247 posts
Armorama: 229 posts
Joined: January 11, 2002
KitMaker: 247 posts
Armorama: 229 posts
Posted: Wednesday, April 15, 2020 - 10:08 AM UTC
Hi folks, I just received one of those "I know your password" emails, containing various threats. The passsword quoted is only used for my Armorama account. Of course all of the threats are BS, but it does mean that someone has probably, successfully at sometime in the past, hacked into this site and stolen the email addresses and passwords associated with Armorama/Kitmaker Network.
As an expert in data security, (CISSP, PCI-QSA, etc.) I'm not particularly worried. There is nothing of value that could have been stolen, and this does not in any way imply that the hacker has gained access to my computer. I'll change my password and move on. I enjoy Armorama and everything on the site too much to overreact and kill my account.
That said, there has obviously been a breach, and I can only hope that this site has or will improve their security.
As an expert in data security, (CISSP, PCI-QSA, etc.) I'm not particularly worried. There is nothing of value that could have been stolen, and this does not in any way imply that the hacker has gained access to my computer. I'll change my password and move on. I enjoy Armorama and everything on the site too much to overreact and kill my account.
That said, there has obviously been a breach, and I can only hope that this site has or will improve their security.
marcb
Overijssel, Netherlands
Joined: March 25, 2006
KitMaker: 1,244 posts
Armorama: 1,226 posts
Joined: March 25, 2006
KitMaker: 1,244 posts
Armorama: 1,226 posts
Posted: Wednesday, April 15, 2020 - 10:32 AM UTC
Ralph,
Just had the same mail.
So should I change my password right away,or wait until Armorama has fixed the problem?
Thanks in advance.
Just had the same mail.
So should I change my password right away,or wait until Armorama has fixed the problem?
Thanks in advance.
barnslayer
New York, United States
Joined: July 29, 2002
KitMaker: 102 posts
Armorama: 102 posts
Joined: July 29, 2002
KitMaker: 102 posts
Armorama: 102 posts
Posted: Wednesday, April 15, 2020 - 10:40 AM UTC
Are all you guys that got hacked using some sort of password manager or app?
Just wondering if there's a common denominator?
Just wondering if there's a common denominator?
Posted: Wednesday, April 15, 2020 - 11:21 AM UTC
Quoted Text
...use passwords like 6fX#si8-4sZ4QasU6%...
Hey, that's MINE!!!
11Bravo_C2
Texas, United States
Joined: May 12, 2015
KitMaker: 475 posts
Armorama: 394 posts
Joined: May 12, 2015
KitMaker: 475 posts
Armorama: 394 posts
Posted: Wednesday, April 15, 2020 - 12:52 PM UTC
Quoted Text
Are all you guys that got hacked using some sort of password manager or app?
Just wondering if there's a common denominator?
Yes. Common denominator = hacker