EPPack Posted March 9, 2016 ID:1024257 Share Posted March 9, 2016 Just got one of those "I have been pwned" emails for this forum/site referencing this page: http://www.scmagazine.com/malwarebytes-forum-hacked/article/385187/ I searched here for something relating to "pwned" but only found a single reference, rightly or wrongly. I've changed my forum credentials, which never hurts, but wondering if this was true or did I get a fake message? I truly don't remember getting an email about this, but given the date, November 15, 2014, it sounds like old news anyway. And on a related side note, is this site, https://haveibeenpwned.com/ a legitimate one? TIA Elaine Link to post Share on other sites More sharing options...
gopinathms Posted March 9, 2016 ID:1024259 Share Posted March 9, 2016 even i got a mail from haveibeenpwned.com saying my email was pwned i trust tat site Link to post Share on other sites More sharing options...
David H. Lipman Posted March 9, 2016 ID:1024260 Share Posted March 9, 2016 The site haveibeenpwned.com somehow cross-references an email address or web site with a database. I tested it using three email addresses of mineone email address is associated with the Adobe Breach that happened on October 2013 - plausibleanother email address is associated with the Malwarebytes Forum Breach that happened on November 2014 - plausibleanother showed nothing - plausibleSince your account EPPack was created in 2009 that is also plausible as being associated with the Malwarebytes Forum Breach of 11/'14 EDIT: MS MVP Troy Hunt is the site owner of; haveibeenpwned.com Link to post Share on other sites More sharing options...
bearybear Posted March 9, 2016 ID:1024263 Share Posted March 9, 2016 https://haveibeenpwned.com/is definitely legitimate. As far as I can recall the breach went back in Nov 2014: Shortly after the breach was discovered the forum was taken down by staff for a short while, Everybody got an email notifying them about the situation,Everybody was forced to change their password. The reason you have been notified by https://haveibeenpwned.com/now rather than sooner is because the data stolen during this breach has probably only just become widely available to the public. You should have nothing to worry about but there is no harm in changing your password again to be sure; the only reason I'm even logged in now was to do just that. The main thing to learn from this is make sure to NEVER reuse a password, and NEVER use the same password for more than one site/account etc. Much love <3 Link to post Share on other sites More sharing options...
MysteryFCM Posted March 9, 2016 ID:1024293 Share Posted March 9, 2016 The breach was indeed in 2014, and is not recent. In short, if you're getting a notification now, it's bogus or seriously out-dated. Link to post Share on other sites More sharing options...
Administrators celee Posted March 9, 2016 Administrators ID:1024369 Share Posted March 9, 2016 Hi everyone,The Malwarebytes forum’s hack from November 2014 popped up on Twitter today. This vulnerability was discovered on November 10, 2014, and we addressed it shortly thereafter.The Malwarebytes.org website was not compromised nor were our company’s emails, billing info, etc. Only one server running our forum (https://forums.malwarebytes.org/) was affected by this vulnerability.The Nov 2014 vulnerability allowed a hacker to gain access to the server hosting our forums. We have no evidence of any personal data being stolen nor do we store any on our forums.We took this opportunity to strengthen our Forum's platform and moved to Invision Power Services’ hosting services as they can better manage this for us. As an additional precautionary measure, an email was sent out to all forum users back in November 2014 informing them that their password had been reset. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now