Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Pwned?


EPPack
 Share

Recommended Posts

Just got one of those "I have been pwned" emails for this forum/site referencing this page:

 

http://www.scmagazine.com/malwarebytes-forum-hacked/article/385187/

 

I searched here for something relating to "pwned" but only found a single reference, rightly or wrongly. I've changed my forum credentials, which never hurts, but wondering if this was true or did I get a fake message? I truly don't remember getting an email about this, but given the date, November 15, 2014, it sounds like old news anyway.

 

And on a related side note, is this site, https://haveibeenpwned.com/ a legitimate one?

 

TIA

 

Elaine

 

Link to post
Share on other sites

The site haveibeenpwned.com somehow cross-references an email address or web site with a database.
 
I tested it using three email addresses of mine

  • one email address is associated with the Adobe Breach that happened on October 2013 - plausible
  • another email address is associated with the Malwarebytes Forum Breach that happened on November 2014 - plausible
  • another showed nothing - plausible

Since your account EPPack was created in 2009 that is also plausible as being associated with the Malwarebytes Forum Breach of 11/'14
 
EDIT:
 
MS MVP Troy Hunt is the site owner of;  haveibeenpwned.com

Link to post
Share on other sites

https://haveibeenpwned.com/is definitely legitimate.

 

As far as I can recall the breach went back in Nov 2014: 

  • Shortly after the breach was discovered the forum was taken down by staff for a short while, 
  • Everybody got an email notifying them about the situation,
  • Everybody was forced to change their password.
 

The reason you have been notified by https://haveibeenpwned.com/now rather than sooner is because the data stolen during this breach has probably only just become widely available to the public.

 


You should have nothing to worry about but there is no harm in changing your password again to be sure; the only reason I'm even logged in now was to do just that.

 

The main thing to learn from this is make sure to NEVER reuse a password, and NEVER use the same password for more than one site/account etc.

 

 

Much love <3

Link to post
Share on other sites

  • Administrators

Hi everyone,

The Malwarebytes forum’s hack from November 2014 popped up on Twitter today. This vulnerability was discovered on November 10, 2014, and we addressed it shortly thereafter.

The Malwarebytes.org website was not compromised nor were our company’s emails, billing info, etc. Only one server running our forum (https://forums.malwarebytes.org/) was affected by this vulnerability.

The Nov 2014 vulnerability allowed a hacker to gain access to the server hosting our forums. We have no evidence of any personal data being stolen nor do we store any on our forums.

We took this opportunity to strengthen our Forum's platform and moved to Invision Power Services’ hosting services as they can better manage this for us.

 

As an additional precautionary measure, an email was sent out to all forum users back in November 2014 informing them that their password had been reset.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.