Pwned?

[EPPack]

Just got one of those "I have been pwned" emails for this forum/site referencing this page:

 

http://www.scmagazine.com/malwarebytes-forum-hacked/article/385187/

 

I searched here for something relating to "pwned" but only found a single reference, rightly or wrongly. I've changed my forum credentials, which never hurts, but wondering if this was true or did I get a fake message? I truly don't remember getting an email about this, but given the date, November 15, 2014, it sounds like old news anyway.

 

And on a related side note, is this site, https://haveibeenpwned.com/ a legitimate one?

 

TIA

 

Elaine

 

[gopinathms]

even i got a mail from haveibeenpwned.com saying my email was pwned 

 

i trust tat  site 

[David H. Lipman]

The site haveibeenpwned.com somehow cross-references an email address or web site with a database.
 
I tested it using three email addresses of mine

• one email address is associated with the Adobe Breach that happened on October 2013 - plausible
• another email address is associated with the Malwarebytes Forum Breach that happened on November 2014 - plausible
• another showed nothing - plausible

Since your account EPPack was created in 2009 that is also plausible as being associated with the Malwarebytes Forum Breach of 11/'14
 
EDIT:
 
MS MVP Troy Hunt is the site owner of;  haveibeenpwned.com

[bearybear]

https://haveibeenpwned.com/is definitely legitimate.

 

As far as I can recall the breach went back in Nov 2014: 

• Shortly after the breach was discovered the forum was taken down by staff for a short while, 
  
• Everybody got an email notifying them about the situation,
  
• Everybody was forced to change their password.
  

 

The reason you have been notified by https://haveibeenpwned.com/now rather than sooner is because the data stolen during this breach has probably only just become widely available to the public.

 

You should have nothing to worry about but there is no harm in changing your password again to be sure; the only reason I'm even logged in now was to do just that.

 

The main thing to learn from this is make sure to NEVER reuse a password, and NEVER use the same password for more than one site/account etc.

 

 

Much love <3

[MysteryFCM]

The breach was indeed in 2014, and is not recent. In short, if you're getting a notification now, it's bogus or seriously out-dated.

[celee]

Hi everyone,

The Malwarebytes forum’s hack from November 2014 popped up on Twitter today. This vulnerability was discovered on November 10, 2014, and we addressed it shortly thereafter.

The Malwarebytes.org website was not compromised nor were our company’s emails, billing info, etc. Only one server running our forum (https://forums.malwarebytes.org/) was affected by this vulnerability.

The Nov 2014 vulnerability allowed a hacker to gain access to the server hosting our forums. We have no evidence of any personal data being stolen nor do we store any on our forums.

We took this opportunity to strengthen our Forum's platform and moved to Invision Power Services’ hosting services as they can better manage this for us.

 

As an additional precautionary measure, an email was sent out to all forum users back in November 2014 informing them that their password had been reset.