[cit0day] User data breach?

Discuss issues and requests related with the forum software
User avatar
boiler
Posts: 6823
Joined: 21 Dec 2014, 02:44

[cit0day] User data breach?

12 Dec 2020, 09:51

I received a spam email this morning that addresses me in the body of the email by my AuotHotkey forum username, which I don’t use anywhere else. It seems there must have been a data breach because there shouldn’t be access to my email address paired to my username (my user options do not make my email address public and never have).

Would this breach also have given access to passwords, or are they somehow encrypted? If so, shouldn’t email addresses be similarly encrypted? Has this happened to anyone else? Are there any actions to be taken to better protect user info going forward?
ahk7
Posts: 336
Joined: 06 Nov 2013, 16:35

Re: User data breach?

12 Dec 2020, 12:21

If it was some religious drivel then I got it too (twice) today/yesterday but on an OLD username from the previous forum which was compromised (multiple times). So if you used it a few years back, that might explain it and someone is using that database again (probably free to download via scammy website(s) or on the cheap for a few bucks).

Edit: I now got it on my "new" account as well, that's not right.
User avatar
boiler
Posts: 6823
Joined: 21 Dec 2014, 02:44

Re: User data breach?

12 Dec 2020, 13:20

Yes, it was some religious drivel. I used the same username on both forums, so I can't tell which one it is based on. I received only one email so far.
User avatar
joedf
Posts: 7888
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: User data breach?

12 Dec 2020, 13:47

There's a report here:
https://www.troyhunt.com/inside-the-cit0day-breach-collection/

However much of it is recycled data (and for our case likely from our previous breach), and I believe it's likely just emails at this point... I am getting emails as well but it seems my unique password here does NOT appear to be in the "pwned passwords"
https://haveibeenpwned.com/Passwords

I dont think Emails are encrypted in general, but passwords are hashed
User avatar
boiler
Posts: 6823
Joined: 21 Dec 2014, 02:44

Re: User data breach?

13 Dec 2020, 09:39

Thanks. Good to know that it doesn’t look to be a new breach.
User avatar
joedf
Posts: 7888
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: User data breach?

13 Dec 2020, 10:05

Whoops! I thought I put NOT (edited, added now) in the password appearing in the db sentence above... but glad you got what I meant despite me missing the negation ahah :mrgreen:

Glad it was brought up, because I got emails from some users about this. I wasn't sure exactly how to word this, but this is good. Now I can refer them to this thread. :+1:
User avatar
tank
Posts: 2855
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Irving TX
Contact:

Re: User data breach?

13 Dec 2020, 15:37

hashed and salted
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
Check Out WebWriter
Thanks Tank :thumbup:
User avatar
tank
Posts: 2855
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Irving TX
Contact:

Re: User data breach?

13 Dec 2020, 15:41

ther are alot of ways to get an email address beyond a breach tho. That being said. even when i am inactive i have file system montoring and the db can only be connected to by private network from the server only. I am not saying it isnt possible. but the number of roadblocks to success is so high that it would take more than routine bot farm probes i see in logs
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
Check Out WebWriter
Thanks Tank :thumbup:
User avatar
joedf
Posts: 7888
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: User data breach?

14 Dec 2020, 09:22

Firefox monitor also provides a quick email-address search for cit0day apparently. No results for my email :+1:
https://monitor.firefox.com/?breach=Cit0day
gregster
Posts: 5784
Joined: 30 Sep 2013, 06:48

Re: User data breach?

14 Dec 2020, 09:32

joedf wrote:
14 Dec 2020, 09:22
Firefox monitor also provides a quick email-address search for cit0day apparently. No results for my email :+1:
https://monitor.firefox.com/?breach=Cit0day
Can confirm. My current forum email address that I use since early 2019 is not in this dataset - I didn't get the religious drivel spam either, afaics.

My old address that I used for 15 years is in it (no surprise there, I was aware that it was already available for many years in some databases, but from - at least - two non-AHK leaks; potentially also from one of our old forum leaks). Edit:I guess I just got the spam mail (addressing me as gregster) on my former forum address, but not on my newer one.
So I guess, cit0day is really just another compilation of older (already available) data.

Return to “Forum Issues”

Who is online

Users browsing this forum: No registered users and 1 guest