Turbobit.net

thedarkroom · 20-04-2014 9:57pm #1

Hi,
I just got an email from turbo bit.net saying
"Hello.
You have registered in File Sharing Service Turbobit.net:
followed by work email address and my normal relevant password for that address. I don't know how this has happened as I have not registered with them. I have not clicked on the link supplied on the email from them and I have immediately changed my email password.
What worries me is that they had the password and don't know where they would have got this from as I most certainly have not given it to anyone.
The next problem now is with my phone. Even though I have changed my password for my email using the online access through a web browser and that works fine but the phone will only work with the old password and allows me to send and receive emails but not with the new password, only with the old one. I have turned off the phone for the moment while I try to find out more about any implications.
Has anyone any suggestions?

The Niece · 20-04-2014 10:45pm

Hi - I literally just got the same email, they have a release on their support page saying their databases were hacked back in February. It looks like they're affiliated possibly with Paypal so I'm presuming that's where they got the login info from.

When I forwarded a mail to their support address, they responded saying they needed a valid registration so again, I'm presuming the account isn't actually set up. At this stage, all you can do is change passwords as you have done and run malware...unless there are better suggestions out there.

With regards to your work email, usually I can't change passwords until I connect to the corporate network so maybe that's why you're having problems with your phone?

thedarkroom · 21-04-2014 1:21am

Hi,
Thanks for the reply. I've changed my password and I sent an email to the IT department in work but obviously won't get a reply until tuesday because of the weekend that's in it.
What freaked me was the fact that it had my log-in password for my email address associated with work. In work, we recently changed from a locally controlled email system to a Gmail server one, while retaining our work email address as before.
I deleted the email account off my phone just in case it has been compromised and can easily re-install it again after I have consulted our IT administrators and am happy that all is OK.
Regards and tanks for the reply.

condra · 21-04-2014 1:32am

WTF. Got this email today.
As above. My email and password used as login details...

Extremely worrying. Any advice greatly appreciated.

condra · 21-04-2014 1:34am

From their site

Dear users!
Today, an unknown attacker exploit the vulnerability in the registration form and registered a huge number of accounts in our system.
He used E-mail data of real people.
If you have received registration mail from Turbobit.net, but you hadn't register on our sevice , it means that your e-mail address was in the base of this attacker.
The vulnerability, that allowed to register accounts using with automatic scripts was promptly corrected.
All accounts that have been created without the knowledge of the E-mail owners will be removed in the next 1-2 days.
We apologize for any inconvenience.
Kind Regards,
Turbobit.net & Hitfile.net team.

Bicycle · 21-04-2014 11:57am

I received one of these e-mails overnight as well. It contained details of my "main" e-mail account plus the password I had until recently.

With the advent of the "bleeding heart" virus, and the fact that my twitter account (which I don't use) had been hacked, I had started changing some of my passwords. It is VERY worrying.

Going to run a full scan on my machine now.

Thanks for starting the thread. Going to get the kids to check their e-mail accounts as well.

EmsMcGrath · 21-04-2014 2:54pm

I've gotten this e-mail too. Have e-mailed turbobit to ask them to deactivate the account. It's very worrying that they could have had my details for months!

WDR · 21-04-2014 8:41pm

I got the same here too. I used that email/pass on some reputable websites a few years ago. It concerns me, not only on how I use the same user/pass on some sites, but some of the sites are now dead and how they dispose of stored data.

Worth checking https://haveibeenpwned.com/ to see if your email address has been touched up.

Deliberator · 22-04-2014 9:41pm

I also got the TurboBit registration email. The email and password in the email were from over 10 years ago. I would have always been fairly organised and systematically used unique passwords. I also used to keep my registration emails in an archive.

I thought you might be interested to know that I was able to identify that the email and password combo was last used in 2003 for an Irish website. I have dropped them an email at their published contact address.

Any issues in me naming the website here? I'd be curious to know if it is common to us.

condra · 22-04-2014 10:53pm

Was it online.ie ?

Yes please do name them

Deliberator · 22-04-2014 10:55pm

No, not that site. Would it be appropriate to ask a mod?

condra wrote: »

Was it online.ie ?

Yes please do name them

thedarkroom · 23-04-2014 7:26am

I would imagine that it would be safe to mention the site on the basis that it was the last place that you used the combination of log-in and password but with a disclaimer that it does not necessarily mean that they were responsible for the breach. It would be interesting to see if there was a pattern evolving. I presume that you have changed your details with the site.
If it was 2003 then that's a long time ago. In my case, the password and email address was used on three websites currently (now changed) but would quite possibility have also been used on a different list of sites back then but I wouldn't have a record of them. The current ones with my compromised combination are English and Irish organisations. I'll post a list later.

Deliberator · 23-04-2014 12:02pm

I made contact with the company and they were aware of the breach. They tell me they are in touch with the DPC and are getting advice.

I think it best not to name them at this time, to allow them to get their house in order...

Trojan · 24-04-2014 7:34pm

This again underlines the importance of using a different password for every service.

STB · 30-04-2014 4:12pm

350,000 accounts could be affected.

I am presuming that some of the people above have eircom.net email addresses.

They have issued a press release urging people to change their passwords.

EmsMcGrath · 30-04-2014 9:37pm

Hi STB,

Have never had an eircom.net email address. Am still baffled at what site it came from. Have changed all my passwords anyhow. Emailed Turbobit, never received a reply.

STB · 01-05-2014 9:35am

Deliberator wrote: »

I made contact with the company and they were aware of the breach. They tell me they are in touch with the DPC and are getting advice.

I think it best not to name them at this time, to allow them to get their house in order...

Was it eircom.net ?

EmsMcGrath wrote: »

Hi STB,

Have never had an eircom.net email address. Am still baffled at what site it came from. Have changed all my passwords anyhow. Emailed Turbobit, never received a reply.

There are several lists of websites that have been compromised. You only have to google "pastebin.com" "@eircom.net" to see several compromised accounts in the wild. How far back these go I do not know. It is not clear from what Eircom are saying what the extent of the breach is.

Try the link posted earlier to see if any of your accounts are coming up with that checker.

Deliberator · 23-05-2014 12:08pm

irishhealth.com

rankingelite · 28-05-2014 7:11pm

I need to start changing my passwords, I use pretty much the same password for everything with some slight variations

Khannie · 29-05-2014 10:08am

omniwebseo wrote: »

I need to start changing my passwords, I use pretty much the same password for everything with some slight variations

I couldn't recommend keepass more highly. There's some initial fiddling getting browser plugins working. What I did was change my password on sites as I visited them, then keepass will remember the (ridiculously complex) password for you. All you need to do is give your keepass "vault" a strong password that you can remember and you're sorted.

I was using lastpass, but after the snowden revelations I stopped trusting it and just assumed that the NSA had demanded everyone's passwords from them.

oscarBravo · 29-05-2014 8:32pm

Khannie wrote: »

I was using lastpass, but after the snowden revelations I stopped trusting it and just assumed that the NSA had demanded everyone's passwords from them.

I'm still using it. It's one thing not trusting companies not to have handed over your password, but it's another to believe a company is bare-faced lying about not even having your password:

All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you.

Khannie · 29-05-2014 10:31pm

They are instructed under law not to reveal it in any way, so you can't trust that at all unfortunately.

If you were the NSA, you would be mental not to order lastpass to put in a back door for them. *mental*

edit: That's my default way of thinking now "If I were the NSA, what would I do?" and the answer is "Khannie, you're some bollix".

oscarBravo · 30-05-2014 8:20am

How do you sync your Keepass data across devices?

Khannie · 30-05-2014 10:50am

I use an SFTP server, but you could equally use google drive. I'm not concerned about anyone getting their hands on the encrypted container. The passphrase I use is sufficiently ridiculous.

There are also "sync" style plugins available for it AFAIK.

Rucking_Fetard · 01-08-2014 3:57am

Another password manager twitter is after buying and open sourcing.

https://www.mitro.co/

Quote:
Password generator
Password sharing
One-click login
Browser extensions: Chrome, Firefox, Safari
Two factor authentication
Cross-platform and cross-browser compatibility
Mobile solution for Android and iOS
https://www.eff.org/deeplinks/2014/0...ssword-manager

Turbobit.net

Comments