guru - MY ACCOUNT WAS HACKED

[chezball]

Quote:

Originally Posted by JeremyNick

Your account getting hacked would be a plus.

Who would keep the joff list?

[houdini]

Please use an original password and not anything easily guessed. Other than posting that as a sticky to the forum for the past several years, there isn't much else we can do.

Nobody was hacked like you all are thinking. The accounts were accessed via the passwords created.

Otherwise, wouldn't my account be hacked? Or any of the admin accounts?

[guru]

Quote:

Originally Posted by houdini

Please use an original password and not anything easily guessed. Other than posting that as a sticky to the forum for the past several years, there isn't much else we can do.

Nobody was hacked like you all are thinking. The accounts were accessed via the passwords created.

Otherwise, wouldn't my account be hacked? Or any of the admin accounts?

My account was hacked and a person from New York tried to buy and sell cards under my name asking for paypal gift payments and venmo. He/She also asked for people to send cards first if they wanted a paypal gift.

It's pretty troubling.

My password on here was set up back in like 2002. A couple generations ago on this message board even though it says I signed up in 2007. That's just because this generation of board was created then.

It was a simple password, but I never thought I'd have to worry about being hacked back in those days. This place had like 20 people as members. We all broke cases and helped each other complete our sets.

All good though. I'm glad I was able to reach out to all the people and so far none of them have been harmed financially.

[houdini]

I understand what you are saying, but there is a HUGE difference between your account being hacked and a simple password being guessed. Do you see?

When you visit the site, this message pop up:

Quote:

Notices
Please use a unique password as a spammer could hack your account if you have a common password. It has happened 5 times this year and in every situation the spammer was able to guess the members password. Thanks.

I created that notice years ago because the same thing was happening then too. (Back then they were using accounts to post spam for illegal passports and stuff like that.)

[GoTribe!!!]

Quote:

Originally Posted by houdini

I understand what you are saying, but there is a HUGE difference between your account being hacked and a simple password being guessed. Do you see?

When you visit the site, this message pop up:

I created that notice years ago because the same thing was happening then too. (Back then they were using accounts to post spam for illegal passports and stuff like that.)

I'm sorry but isnt someone guessing your password to access your account the textbook definition of being hacked. Guess I'm confused.
-edit- to be more specific, at least one way to have you account hacked.

[salthill]

Quote:

Originally Posted by GoTribe!!!

I'm sorry but isnt someone guessing your password to access your account the textbook definition of being hacked. Guess I'm confused.
-edit- to be more specific, at least one way to have you account hacked.

No, it’s not - but what you’ve described is fast becoming the more common usage of that term.
Getting hacked means they accessed it through means other than guessing the legitimate password.

[Ray27Ray52]

Yeah when I think of hacked I'm not thinking of someone just simply guessing your password. That's not a hack.

[monkeymcgee]

Quote:

Originally Posted by GoTribe!!!

I'm sorry but isnt someone guessing your password to access your account the textbook definition of being hacked. Guess I'm confused.
-edit- to be more specific, at least one way to have you account hacked.

If there was a keylogger or something involved that intercepted the password being put in, that would be hacking.

If the board was compromised as a whole which allowed the hacker to take over individual accounts, that would be hacking.


Guessing a simple password didn't breach any security controls, so that's not hacking.

I would like to see multi-factor authentication (MFA) enabled, which would provide additional protection in the event your password was guessed or otherwise stolen.

[GoTribe!!!]

I stand corrected. Thanks for the clarifications.

[guru]

My password was figured out my someone other than me.

Then the non-hacker tried to use my good record to commit fraud.

Hacker not hacker ... we’re arguing over semantics....

This is why I haven’t bee on here since August.

[houdini]

I agree with you, but in this case the semantics are very important - especially to me. That's all I was trying to say.

[free2131]

Quote:

Originally Posted by houdini

I agree with you, but in this case the semantics are very important - especially to me. That's all I was trying to say.

Yeah, one is an issue with weak passwords, and one is an issue with the security of the website itself.

[ucLAkers]

Quote:

Originally Posted by houdini

I agree with you, but in this case the semantics are very important - especially to me. That's all I was trying to say.

Are you able to locate the IP from previous “stolen passwords” sign-in or is this a bot IP scrambler?

[Cubs_rock21]

Quote:

Originally Posted by houdini

I understand what you are saying, but there is a HUGE difference between your account being hacked and a simple password being guessed. Do you see?

When you visit the site, this message pop up:

I created that notice years ago because the same thing was happening then too. (Back then they were using accounts to post spam for illegal passports and stuff like that.)

correct, if accounts were hacked from someone handtyping passwords and getting them right.,its not a big deal. If someone if using a bot or system to hack than thats obviously a problem.

[jcardstore]

Ok so I’m just gonna say it’s HIGHLY unlikely someone was just hand typing and “guessing” passwords.

What is more likely is that the “hacker” had a password table (they’re easily obtainable online) and used a brute force attack on specific accounts against that table.

BO forums don’t have captcha or any type of bot protection so you can just fire away forever if you wanted to.

It was probably a former member who was upset based on how the attack was targeted but definitely not sophisticated. Anyone with google can get a brute force tool and password table.

[houdini]

The ip address matches no other accounts. It is a specific masked ip each time and takes you to places like russia, etc. Nothing I can use. Believe me, I tried.

[BostonNut]

Quote:

Originally Posted by houdini

Please use an original password and not anything easily guessed. Other than posting that as a sticky to the forum for the past several years, there isn't much else we can do.

Nobody was hacked like you all are thinking. The accounts were accessed via the passwords created.

Otherwise, wouldn't my account be hacked? Or any of the admin accounts?

[asujbl]

Quote:

Originally Posted by guru

My password was figured out my someone other than me.

Then the non-hacker tried to use my good record to commit fraud.

Hacker not hacker ... we’re arguing over semantics....

This is why I haven’t bee on here since August.

It's not semantics.

If you (meaning anyone) has a password that no one is going to guess? Then you don't necessarily need to change it (meaning everyone on this site changing it right now)

If Blowout had actually been hacked, so someone had access to password "1234" as we as "RT5#$6$CR$" that would be a major problem.

There is a huge difference to me at least. I'm not IT advanced though so what do I know.

Regardless it sucks that happened to you.

[TheHeel]

Quote:

Originally Posted by guru

My password was figured out my someone other than me.

Then the non-hacker tried to use my good record to commit fraud.

Hacker not hacker ... we’re arguing over semantics....

This is why I haven’t bee on here since August.

This guy......

[BGT Masters]

So what are people using some sort of program that automatically tries each and every password such as or something? Does this site not have something like 5 tries and you get locked out?

[Boo]

Quote:

Originally Posted by BGT Masters

So what are people using some sort of program that automatically tries each and every password such as or something? Does this site not have something like 5 tries and you get locked out?

I just use “blowout” as my PW, easier to remember.

[rman112]

Wasn't this the same day the forums were down for a while?

[LRV]

Quote:

Originally Posted by rman112

Wasn't this the same day the forums were down for a while?

I think so..

[chezball]

Quote:

Originally Posted by Boo

I just use “blowout” as my PW, easier to remember.

thought it was blowoutjoff#1

[stang_crazy]

Quote:

Originally Posted by BGT Masters

I’ve been getting the message below for months every time I log in.

Change your password

A data breach on a site or app exposed your password. Chrome recommends changing your password on www.blowoutforums.com now.

ive gotten it multiple times also.