Doomworld has been compromised.

[Azuris]

3 minutes ago, A Nobody said:

Why can't anyone take this seriously.

 

People are taking it seriously, you just have to stop panic.

 

Just collect the Facts and work with it.

The Hacker gathered:

1. User Names

2. Password Hashes / Tokens

3. Birth Dates

4. E-Mail Adresses

 

1. Usernames are open to see for everone, it alone is nothing to worry.

2. Password Hashes can't be used, even in Combination with your User Name and E-Mail.

Nothing to worry yet.

If you are logged in via Google or else you are even more save.

3. That alone is also no Danger.

4. If you have your real Name in your Mail, thats bad because (now the real Danger):

 

Point 1, 3 and 4 can be used in a Combination to send you Fishing Mails.

Writing you with your Real Name and Birth Date can break your Suspicion and make you think that it is a real Mail from Amazon, Paypal and what they use to fish you.

 

So:

- The Data alone can't harm you

- Stay alerted with fishing Mails

 

Nothing to panic.

 

[Bridgeburner56]

36 minutes ago, A Nobody said:

Come on man. Please understand the situation here. I went to the site and saw that many files were included in the download.

I showed you my many files, please respond

[Caffeine Freak]

41 minutes ago, A Nobody said:

Come on man. Please understand the situation here. I went to the site and saw that many files were included in the download.

 

I'm actually genuinely curious here; did you go to the site and go through the paywall others have claimed exists there? 

[Redneckerz]

38 minutes ago, A Nobody said:

Why can't anyone take this seriously.

Because people are in fact taking it seriously and have determined its much of a nothingburger. If you read the thread you would know.

 

If there was geniune cause for concern then staff would tell us.

 

You are both panicking over nothing and fearmongering.

36 minutes ago, A Nobody said:

Come on man. Please understand the situation here.

Everyone does, expect you.

 

For the record, Atleast one DW user went on the site asking for the contents and stupidly referenced their DW username.

 

36 minutes ago, A Nobody said:

I went to the site and saw that many files were included in the download.

That means you registered and/or paid dough to see the contents. Why?

[A Handsome Fridge]

Just more phish for the phishing mail spam to filter (if it even comes to that). That's nothing new and neither is a forum being 'hacked'. All good.

(I wanted to say something funny but my coffee isn't strong enough)

[TheMagicMushroomMan]

3 minutes ago, Redneckerz said:

That means you registered and/or paid dough to see the contents. Why?

"I'm very concerned about my identity being compromised, so I'm giving you my credit card number to see if my email address might have been stolen. "

[Caffeine Freak]

1 hour ago, Beginner said:

Date of birth? I don't remember being asked/required to put date of birth anywhere on this site.

 

I don't think it is required (it definitely wasn't back when I registered, anyway), but you have the option of 'completing' your Doomworld profile by attaching your Facebook, Twitter, Google and Discord accounts if you want. So my assumption here---and I could be wrong---is that if birth dates were part of the info scooped up in the hack, it probably came from one of those 4 attached social media accounts where that info tends to be more readily available.

[Panzermann11]

Saw this thread recently, just freaked out for a bit because it's out of the blue. Exactly what the hell's going on?

Edited October 14, 2022 by Panzermann11

[K_Doom]

Just now that I would be active again...

[K_Doom]

8 minutes ago, Panzermann11 said:

Saw this thread recently, just freaked out for a bit because it's out of the blue. Exactly what the hell's going on?

hacker invasion

[Biodegradable]

25 minutes ago, Panzermann11 said:

Saw this thread recently, just freaked out for a bit because it's out of the blue. Exactly what the hell's going on?

 

Read the thread from the beginning for details. tl;dr version: Pissy hackjob leaked useless encrypted database, change your password to be on the safe side.

[Sneezy McGlassFace]

Princess Twilight hacks random sites in her spare time? Tsk, tsk, tsk. 

[Beginner]

2 hours ago, A Nobody said:

Why can't anyone take this seriously.

Anyone who took it seriously already changed what they could change, including underwear, without reporting ITT that they did. Now what's left is to speculate how much use is there for the gathered data.

[THEBaratusII]

My email addresss leaked? oh no! I'm going to have even more spam emails now! Thanks Doomworld!

 

Jokes aside, I personally feel like it's not something people should be panicking about. Email and IP addresses being revealed is honestly bound to happen. Especially since I had hosted game lobbies/servers before. As for passwords, as long as you have a strong password, it'll likely take trillions of years to crack anyway.

[Somniac]

Well, people who have greater knowledge on the subject than myself believe the matter is basically closed and no serious damage was done. Fine with me!

[Gez]

When in trouble, when in doubt,

Run in circles, scream and shout!

[mancubian_candidate]

Sad to hear, I have Nord VPN set up on my phone and got the notification this morning. Have updated my password so hopefully will be all good 

[Dravencour]

And changed my password. About fucking time I did so. And I use a manager anyway, so changing it took only a handful of seconds.

[Dark Pulse]

Not only did I change mine, I took the opportunity to make it even more secure by adding both extra characters and extra types of characters.

 

Thanks for the extra security, script kiddie! Run along and jerk off in Roblox now.

[MFG38]

Alright, either there's a bug in the system somewhere or someone is fucking with my account. I just reset my password for the third time because the previous one didn't work even though I swear it should have.

 

@Linguica Got a word on this?

[HavoX]

Bummer.

 

Not only did I changed my password the moment I learned of this, I might as well do it every once in a while.. as a precaution. (shrugs)

[ChopBlock223]

7 hours ago, Panzermann11 said:

Exactly what the hell's going on?

Just a trioxin leak, nothing to worry about.

[Panzermann11]

19 hours ago, Biodegradable said:

 

Read the thread from the beginning for details. tl;dr version: Pissy hackjob leaked useless encrypted database, change your password to be on the safe side.

I have a reason to calm down now, thanks for saying that. I already changed my password, though.

Edited October 15, 2022 by Panzermann11

[ZeroTheEro]

hmm. alright.

 

pass changed and time to get on with my day.

[Redneckerz]

1 hour ago, MFG38 said:

Alright, either there's a bug in the system somewhere or someone is fucking with my account. I just reset my password for the third time because the previous one didn't work even though I swear it should have.

 

@Linguica Got a word on this?

From what i read from others in this topic, try to see if you are still connected elsewhere (Google, et-al) 

 

If the previous one didn't work, an error should arise. Which would that be?

[magicsofa]

How many free pwads did they steal?

[MFG38]

1 hour ago, Redneckerz said:

From what i read from others in this topic, try to see if you are still connected elsewhere (Google, et-al) 

 

If the previous one didn't work, an error should arise. Which would that be?

 

My Doomworld account isn't connected to another one, I registered it plain with one of my e-mail addresses. All I got error-wise when trying to log in with the old password(s) was "your password is incorrect".

 

EDIT: 4th password reset now. Convinced at this point that it is someone fucking with my password.

Edited October 14, 2022 by MFG38

[vyruss]

This whole thread is fkin wild lol.  Love the rollercoaster ride of raw human emotion over some scrub trying to act like a big bad hacker.  @TheMagicMushroomMan's totally real and legit newspaper article had me in stitches.

[lokbustam257]

according to the twitter thread they only leak usernames, email address, IP address, passwords and dates of birth, not the end of the world for me since I always use fake names, and date births. And even if they get my passwords and account, what would they got from that?

 

Hope this issue get fixed soon.

Spoiler

also linguica can you pls make it mobile users able to erase spoiler tabs in the text editor

 

[Eurisko]

20 hours ago, Graf Zahl said:

Time for a rant about securing one's accounts.

 

I think that lengthy passphrases with multiple words that only have meaning to the user are the best option for passwords, because those can be remembered and are virtually impossible to guess by strangers.

Those cryptic things like dfG4R$$b1sd3Gw inevitably end up in some insecure storage where they can be stolen. And yet, that's what everybody uses who is concerned about security. At my workplace all monitors are plastered with post-its containing critical passwords because nobody can remember the shit that gets handed out and for security reasons the software where they need to be entered does not allow storing the passwords. So paper is the only option. A simple burglar could retrieve all the access to our most secure data - because 2FA is technically not possible for some of these systems in the local intranet.

 

Another frequent annoyance with password entering systems is that they refuse to accept truly secure passphrases. Either they are limited to 8 or 16 characters, do not allow spaces or enforce some stupid capitalization rules or numbers in between letters.

 

I'm not a fan of 2FA via smartphone because that means I have to entrust my security to a device I inherently do *NOT* trust. Enter my mobile phone into my security workflow and I'm out. We need something better.

 

 

 

This is exactly right and is what is taught to anyone studying basic cyber security as “best practice” 

 

Use passphrases not passwords.