Forum Hacked!

   #1  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
42,318
Reaction score
29,943
Location
USA
VCDS Serial number
HC100001
Yes, the forum got hacked. No, we don't think it was a via a vulnerability in the forum software. The XenForo software was completely up-to-date. We're pretty confident the problem was "OpSec" -- an improperly secured account with Admin access. That has of course been remedied.

The first thing the criminal black-hats did was e-mail some of the users with a "donation request":
Hey [username] ([email address])! When I started Ross-Tech.com so long ago, I invisioned it to be a tool to help others in their journey through technical issues whether that be in college, university, or just work! I would love to keep this website free for anyone who needs help however it does cost quite a lot monthly to keep the website up and running. If you feel that you would like to support me and all the users at Ross-Tech.com, I encourage you to donate via the options below! All donations will be put towards Ross-Tech.com and all donators will recieve access to special giveaways, badges, ranks, etc. If you chose not to donate or wish to but are unable to it's perfectly fine, the website will still remain free just as it always has been.
So we put up a notice that is was a fake/scam. I suppose that angered them and things escalated from there.

Last night at 8:09 PM, I received the following PM from a legitimate user's account that has existed since 2014:
Hello, Uwe. We will make this short, we have the data of all 38,714 users on your website. This data includes but is not limited to; emails, usernames, userID's, IP Addresses, message count, etc. Now, all we need you to do is send $500 BTC to the address below and we will NOT release all of the aforementioned data. We all know the toll this could take on you and your company's reputation and we hope that you'll agree with us on this as we do not wish to release your information however we will if we do not receive the $500 USD in BTC. In the event you think we are 'bluffing', we have attached a small sample at the bottom of this message. Please take a moment to look at the data and ponder what steps you would like to take.

If you ban this account "[redacted]" or do not respond, we will take that as you are unwilling to pay the fee and we will release the information publicly.

We hope that you will make the right decision.

BTC Address - [redacted]

+SAMPLE+
[redacted]
And at 8:20 PM:
I see that you are currently online, you have 30 minutes to respond to this message.

Do not make us publicly reply with the above message, we are sure you would like to keep the data leak private from your users
At 8:41 PM, I replied:
8:41 PM:

$500 is not very much money, but this is a matter of principle.

NO.

Oh, and none of the passwords you have for either my account or my old test account are or ever have been correct.

-Uwe-
I shut down the account this was coming from, but at 9:05 PM, I received another PM from another legitimate user's account:
Hacker @ 9:05 PM:

You can ban all the accounts however we will keep doing this until we receive the money
At 9:06 PM, I replied:
I will NEVER reward your criminal behavior.

-Uwe-
And at 9:07 PM we shut down the entire forum.

[to be continued and this thread will be unlocked for replies when I'm done posting]
 
   #2  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
42,318
Reaction score
29,943
Location
USA
VCDS Serial number
HC100001
OK, so what did they get?

Usernames, e-mail addresses, recent IP Addresses, message count.. Yep, they've got those. IMO, this is not a big deal. That's all more-or-less "public" information anyway.

I do not think they got passwords from here. Passwords here are not stored as plain text; they are salted and hashed (which is the modern standard) and in principle, it should not be possible for a hacker to un-do that.

I believe what happened is that they compared usernames and e-mail addresses against some "dark web" databases of previous hacks of other sites, which allowed them to compromise more accounts here, specifically those that used passwords that were previously compromised elsewhere.

There's a lesson to be learned here: Never re-use the same password across different sites! Yes, that means you need a zillion different passwords, preferably ones that are randomly generated, and you won't be able to remember them. Get and use a password manager of some sort. There are several good ones out there. I personally have not re-used passwords across different sites for almost 20 years now.
 
Last edited:
   #3  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
42,318
Reaction score
29,943
Location
USA
VCDS Serial number
HC100001
Anyway, because we don't know how which or how many accounts were compromised, we though the best thing to do would be to reset all passwords here.

You may have gotten a password-reset e-mail. That was real.

If you didn't get one and/or need help getting back in here, please e-mail Support@Ross-Tech.com.
 
Last edited:
   #4  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
42,318
Reaction score
29,943
Location
USA
VCDS Serial number
HC100001
I've probably missed something I had intended to write, but I didn't get much sleep last night, so I'll open the thread now. If anyone has questions, comments, or concerns, feel free to post 'em here.

-Uwe-
 
   #5  

stefdds

Verified VCDS User
Verified
Joined
Apr 13, 2015
Messages
1,505
Reaction score
1,237
Location
USA
VCDS Serial number
C?ID=174556
We/I'm with you Uwe, let us know if there is anything else we can do (besides changing PW's, which I promptly did)! :thumbs:
 
   #6  

Dukedesmo

Verified VCDS User
Verified
Joined
Nov 15, 2016
Messages
114
Reaction score
85
Location
UK
VCDS Serial number
C?ID=288946
Didn't receive any email, either asking for a donation or a password reset, how do I reset it?
 
   #7  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
42,318
Reaction score
29,943
Location
USA
VCDS Serial number
HC100001
Didn't receive any email, either asking for a donation or a password reset, how do I reset it?
Is the hotmail address you used when you joined the forum still valid? We did get a large number of bounces, but I haven't had a chance to see if yours is one of them.

-Uwe-
 
   #8  

dannyboy485

Verified VCDS User
Verified
Joined
Oct 22, 2022
Messages
1
Reaction score
4
Location
Canada
VCDS Serial number
C?ID=528170
Takes strength of character to announce that forum was hacked literally a day after I joined (btw wasn't me) but you also saved more people from bigger issues

Respect Uwe!
 
   #9  

Bruce

Ross-Tech Employee
Staff member
Ross-Tech Employee
Joined
Jan 30, 2014
Messages
2,673
Reaction score
4,500
Location
Near Philadelphia, PA, USA
VCDS Serial number
--------
how do I reset it?
Open your profile by clicking on your avatar at the top of the page where is says your screen name.
Go to the password, enter your present password.
Then create a new password - enter it a second time.
Click Save.
Logout and then login using the new password.
 
   #10  

Dukedesmo

Verified VCDS User
Verified
Joined
Nov 15, 2016
Messages
114
Reaction score
85
Location
UK
VCDS Serial number
C?ID=288946
Is the hotmail address you used when you joined the forum still valid? We did get a large number of bounces, but I haven't had a chance to see if yours is one of them.

-Uwe-
Yes, still good.
 
   #11  

patrickgn

Verified VCDS User
Verified
Joined
Oct 18, 2022
Messages
5
Reaction score
4
Location
USA
VCDS Serial number
C?ID=528043
no problem. thanks for the transparency.
 
  • Like
Reactions: Uwe
   #12  

Dukedesmo

Verified VCDS User
Verified
Joined
Nov 15, 2016
Messages
114
Reaction score
85
Location
UK
VCDS Serial number
C?ID=288946
Open your profile by clicking on your avatar at the top of the page where is says your screen name.
Go to the password, enter your present password.
Then create a new password - enter it a second time.
Click Save.
Logout and then login using the new password.
It tells me my existing password is not correct, even though I am logged on by (presumably) using it?
 
   #13  

davisev5225

Verified VCDS User
Verified
Joined
Oct 9, 2016
Messages
171
Reaction score
109
Location
USA
VCDS Serial number
C?ID=263265
It tells me my existing password is not correct, even though I am logged on by (presumably) using it?

Easy fix, just had the same issue myself. Log out of the forum, click the login button, use the "Forgot Password?" link in the login prompt.
 
   #14  

Dukedesmo

Verified VCDS User
Verified
Joined
Nov 15, 2016
Messages
114
Reaction score
85
Location
UK
VCDS Serial number
C?ID=288946
Easy fix, just had the same issue myself. Log out of the forum, click the login button, use the "Forgot Password?" link in the login prompt.
Yes, that worked. :thumbs:
 
  • Like
Reactions: Uwe
   #15  

PetrolDave

Verified VCDS User
Verified
Joined
Dec 16, 2014
Messages
6,611
Reaction score
6,637
Location
Westbury, UK
VCDS Serial number
C?ID=1423
Easy fix, just had the same issue myself. Log out of the forum, click the login button, use the "Forgot Password?" link in the login prompt.
Same here, all sorted now.
 
  • Like
Reactions: Uwe
   #16  

AnotherRandomName

Verified VCDS User
Verified
Joined
Aug 25, 2022
Messages
3
Reaction score
1
Location
USA
VCDS Serial number
C?ID=526391
Well, s*** happens. Thanks for the transparency and NOT giving in to their "ransom" demand.

Edit: Have we always been able to see other user's "VCDS Serial number" field? I've never noticed before
 
Last edited:
  • Like
Reactions: Uwe
   #17  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
42,318
Reaction score
29,943
Location
USA
VCDS Serial number
HC100001
Thanks for the transparency and NOT giving in to their "ransom" demand.
I appreciate the kind words.

Have we always been able to see other user's "VCDS Serial number" field? I've never noticed before
Yes, but the the "serial number" (for example yours: C?ID=526391) should generally just be a pointer into our internal customer database, which isn't actually a serial number and is meaningless/useless to anyone who doesn't work for Ross-Tech.

-Uwe-
 
   #18  

JMR

Professional User
Professional VCDS User
Joined
Sep 27, 2021
Messages
3,483
Reaction score
2,054
Location
Romania
VCDS Serial number
C?ID=432218
Well, s*** happens. Thanks for the transparency and NOT giving in to their "ransom" demand.

Edit: Have we always been able to see other user's "VCDS Serial number" field? I've never noticed before
yeah..but that's not your real serial :) , iti is masked from what i understand , don't ask how i know that :)
 
Top