1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[IMPORTANT] Account Security

Discussion in 'Forum Suggestions & Feedback' started by Apricot, Sep 23, 2016.

  1. Apricot

    Apricot Administrator Staff Member

    Joined:
    Mar 26, 2013
    Messages:
    12,557
    Likes Received:
    7,975
    Gender:
    Female
    Occupation:
    BHW Moderator
    Location:
    the clacks
    Home Page:
    There's been reports of a few compromised accounts lately and I keep seeing posts attributing this to an alleged bhw database hack around 2013/14

    We take security seriously and have been looking into this in depth. A few patterns have emerged so please look at the checklist below to see if you could be affected. Regardless, it's a good idea to consider securing your account using the new two-step verification.

    Details

    We spent a lot of time trying to track down any leaks from the BHW database, both internally and externally. We've looked at the articles on other sites claiming our database was hacked or posts made by people offering our DB as a download. We also ran numerous security checks and penetration tests.

    To date, we've found no evidence whatsoever that BHW account information has been leaked. Tellingly, none of the compromised accounts were moderator or admin level which you would have thought would have been a priority for anyone with username, email or password details.

    However, we are aware that that lots of vbulletin forums have allegedly been breached over the last couple of years which was a prime consideration in finding a new platform and providing enhanced security with two-step verification which we strongly suggest you enable to help keep your account secure.

    The two largest recent breaches have been millions of email account details from yahoo.com and mail.ru I've restored 6 compromised accounts over the last couple of months - all of the members concerned had yahoo email addresses. Breach info reported here

    If any of the following apply to you, please make sure you change your password asap and set up two-step verification on your BHW account.

    You've ever received emails from BHW to these accounts:
    • yahoo.com
    • mail.ru

    You have the same bhw username (or security credentials or personal information) registered on any of these forums:
    • bitcointalk
    • BTC-E
    • warrior forum
    • digital point
    • wickedfire
    • bestblackhatforum

    If you believe anything is missing from this list, please either PM me or report it with the details of the site you want added. PLEASE NOTE: we have not managed to verify these sites were compromised, however it's important to inform you of any potential risk.

    Setting up 2 step verification:

    Two-Step verification link:
    http://www.blackhatworld.com/account/two-step

    On this page you can manage trusted devices and set up your phone to act as a security backup on your account. Once you have set up two-step, you will see the following screen:

    [​IMG]

    Clicking "Manage" will let you view your backup codes, like this:

    [​IMG]
    (don't get excited, these aren't my backup codes)

    YOU MUST SAVE YOUR BACKUP CODES IN A SAFE PLACE.

    Doing this will let you regain access to your account if your phone is lost or your email compromised.

    We'll put more detailed instructions about setting up two-step verification in the near future. In the meantime, if you're having problems accessing your account or think it might have been compromised, please report this here: support.blackhatworld.com
     
    • Thanks Thanks x 58
    Last edited by a moderator: Oct 20, 2016
  2. Diamond Damien

    Diamond Damien Owner BlackHatWorld Staff Member Jr. VIP

    Joined:
    Oct 27, 2005
    Messages:
    55,705
    Likes Received:
    12,940
    Occupation:
    BlackHatWorld
    Location:
    BHW - of course.
    Home Page:
    Due to the recent much publicised Yahoo Breach in 2014 we've published the recommendations above for BHW. Obviously this information has been leaked and would have been tried against many different accounts. I'd recommend services such as 1Password / Keychain (if you're a mac user), / LastPass (no BHW affiliations).

    REMEMBER
    Hackers often use news of big breaches to conduct "phishing" campaigns, sending official-looking emails that make it seem as if Yahoo or other legitimate services are asking them to supply information or click through to a link to repair any damage — something legitimate services will not do.

    Change those passwords and keep your BHW account locked down with 2 factor Authentication.
     
    • Thanks Thanks x 16
  3. Reaver

    Reaver Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2015
    Messages:
    1,848
    Likes Received:
    5,311
    Gender:
    Female
    I use 2 step verification for the site. It's pretty awesome, and not as much of a pain as you'd think. It actually only takes an extra couple of seconds when signing in.

    Plus I keep my passwords at least 14 characters, and fill them with special characters and numbers. You know, basic stuff. Never had a problem.
     
    • Thanks Thanks x 3
  4. JasonXDC

    JasonXDC Regular Member

    Joined:
    Sep 17, 2015
    Messages:
    243
    Likes Received:
    106
    kudos to the mods who take an active stance on such serious issues. It's good to know you guys are on top of things.
     
  5. LukaB

    LukaB Jr. VIP Jr. VIP

    Joined:
    Apr 3, 2010
    Messages:
    3,767
    Likes Received:
    4,368
    Gender:
    Male
    Location:
    Planet Earth
    Glad to see that the security of this forum is being taken very seriously. Going to be jumping on this 2-step security process.

    Luka
     
  6. amoon

    amoon Jr. VIP Jr. VIP

    Joined:
    May 16, 2015
    Messages:
    1,553
    Likes Received:
    814
    Gender:
    Male
    Occupation:
    IM - BHW
    Location:
    Map–Territory
  7. dave124

    dave124 Registered Member

    Joined:
    Sep 8, 2016
    Messages:
    84
    Likes Received:
    5
    Gender:
    Male
    I am not in any one of the above forums, so safe. Some people always release fake news like gossip.
     
  8. Aty

    Aty Jr. VIP Jr. VIP

    Joined:
    Jan 27, 2011
    Messages:
    5,957
    Likes Received:
    4,068
    Home Page:
  9. LuckyCharm007

    LuckyCharm007 Jr. VIP Jr. VIP

    Joined:
    Jul 8, 2015
    Messages:
    1,776
    Likes Received:
    930
    Occupation:
    Affiliate Amazon Content Writer
    Home Page:
    Maybe now is a good time to change my password. I guess "BhW" isn't secure enough.
     
    • Thanks Thanks x 2
  10. macdonjo3

    macdonjo3 Jr. VIP Jr. VIP

    Joined:
    Nov 8, 2009
    Messages:
    5,614
    Likes Received:
    4,362
    Location:
    Toronto
    Home Page:
    Great tutorial Apricot.

    I use 2-step for everything. A plain text password only goes so far these days.
     
  11. Charlotte seo

    Charlotte seo Junior Member

    Joined:
    Dec 7, 2015
    Messages:
    104
    Likes Received:
    12
    Gender:
    Female
    Thank you for alert
    I get it will do about this.
     
  12. ugjunk

    ugjunk Jr. VIP Jr. VIP

    Joined:
    Jan 1, 2011
    Messages:
    2,504
    Likes Received:
    732
    Location:
    Los Angeles
    Home Page:
    Thanks for the update, didn't know about the 2way authentication. Will be updating.
     
  13. Nonilol

    Nonilol Elite Member

    Joined:
    Mar 1, 2015
    Messages:
    1,632
    Likes Received:
    555
    Gender:
    Male
    Occupation:
    Media Informatics & Webdev Student
    Location:
    Hamburg, GER / Southampton, UK
    Home Page:
    Well, I was faster than you :p

    100 monkey to my papal or you'll never log into your account again
     
  14. coldice

    coldice Junior Member

    Joined:
    Dec 4, 2015
    Messages:
    123
    Likes Received:
    7
    I am going to change my registered email address and password.
    However my account is not useful since it has very less posto_O
     
  15. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    You can see if your email/details were compromised in any big breaches via https://haveibeenpwned.com/

    you can also setup a notification for your emails, so you get emailed anytime your information gets dumped, so you can respond quickly and change your PW's.
     
    • Thanks Thanks x 1
  16. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    9,833
    Likes Received:
    7,440
    Home Page:
    Great idea. Just set up two-step auth. Used the Authy app, very easy to use.
     
  17. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,041
    Likes Received:
    10,831
    Occupation:
    WHEREZ MA
    Location:
    BITCOINS AT?
    Home Page:
    Thanks for the heads up.

    I've changed my password several times and no longer use Yahoo so it's impossible to steal my credentials using that older Y! exploit.

    Maybe the posts we've seen lately are tracer bullets? They post a comment just to see if a hacked account is active, then they sell it somewhere?
     
  18. Sombrero

    Sombrero Senior Member

    Joined:
    Feb 28, 2011
    Messages:
    1,176
    Likes Received:
    995
    Occupation:
    August 26th
    Location:
    T-Mobile Arena
    I tought someone was using my account to post because I didn't remember writing some replies but I was drunk lol
     
    • Thanks Thanks x 4
  19. todman2112

    todman2112 Jr. VIP Jr. VIP

    Joined:
    Dec 14, 2013
    Messages:
    332
    Likes Received:
    11
    Occupation:
    CEO
    Location:
    Bermuda Triangle
    Thanks guys for the update! Good to know!
     
  20. ConorMcGregor

    ConorMcGregor Registered Member

    Joined:
    Jun 1, 2016
    Messages:
    98
    Likes Received:
    7
    Thanks for the info.