Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

The great Boards.ie hack in 2010

  • 07-07-2014 2:59pm
    #1
    Registered Users, Registered Users 2 Posts: 8,826 ✭✭✭


    Just received an email in my spam folder that has my old Boards username in the subject line.

    Could this be a consequence of the hack in 2010?
    Post edited by Shield on


«1

Comments

  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    it could be but...

    did you use your boards.ie username anywhere else? a lot of users use a familiar nick as their username and may have used the same nick elsewhere (many boardsies use their Quake player name for example because boards grew from the quake community originally)

    Do you have any emails that contain your boards.ie username?

    Do you have any emails registered that had that username in the address?

    Have you ever signed up to any online service or product with that username either as the account name or given instead of your real name in the customer/user info section?

    Do you have any documents on your system with that username (that would be bad if that were the source!) or is it part of your account profile on the machine you are using (if so it could be included as part of a cookie or some other website datamining measure performed through your browser)

    so, yes, it is entirely possible that, four years later, someone is using data taken from that incident - either the original perpetrator or someone else if the data was shared online but more likely, unless the username was uniquely used for boards.ie , it is from a more innocent source that you may have overlooked as part of your security measures.

    Of course, it could be none of the above and just be an old dataset crawled from boards' publicly accessible pages from a time when you used that username or from a thread that you posted to under that name pre-2010 that is still visible now. [edit: wouldn't explain how the email address was matched though unless you included it in a post and it got scraped]


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    A pre-emptive nipping

    I hope it goes without saying that there will be no discussion of the event in 2010 nor will there be any speculation as to the identity / motive / actions / subsequent actions etc of any party that may or may not have been involved. I'm asking nicely :)

    If you, like the OP have received email recently (last 3 or 4 months?) with your old boards.ie username, please feel free to either post here or drop me a PM and I'll pass it along to those what prod the hamsters.

    Bud well and truly nipped


  • Closed Accounts Posts: 8,840 ✭✭✭Dav


    Hi there,

    This was just reported to us in the last half hour so you beat us to the punch in getting this thread posted. It looks like someone's picked up the stolen usertable (this is the part of our database that contains usernames and email addresses) and is using it as the basis of a Spam campaign. We're obviously very sorry that this happened in the first place, but unfortunately it now appears that the stolen data has found it's way into the wild.

    As per the emails and notifications we sent around after the Hack in 2010, if you are using the same email address/password combination on any other website, you should have changed it.

    If you get an email with the following, PLEASE REPORT IT AS SPAM AND DO NOT SIGN UP FOR THE SERVICE.

    [EDIT at 18:30]
    It looks like this is AskAboutMoney.com related - I've spoken to Brendan who runs AAM and he informed me that they are currently investigating a hacking incident from the 20th of June.

    Spam Email wrote:
    Hey!

    I need your help to beta-test this amazing new mobile system that's already resulted in profits of $558,087 in cold hard cash...

    If you've never made a penny online before, and you want to be able to create a profit pulling machine in just 7 clicks of your mouse

    >> START CLICKING NOW! <<

    => <<Click>>

    - You don't need an existing website

    - You don't need any technical experience

    - You don't need to be a sales person

    - You don't need any money to get started

    - You don't need to learn about SEO, Twitter, link-building, CPA, PPV or any of that

    - You don't need to spend hours of your time each day to make any money

    In fact, beginners will get preference

    > View Clicking Details <

    Application Requirements:

    - Provide feedback in terms of the features and functionality of the product

    - Let us know how fat your bank account has become

    > INCREASE YOUR BANK BALANCE NOW <

    => Click Here

    NOTE: only 50 beta-testers are required and the closing date is fast approaching!

    Best of luck,

    Jane

    P.S. 7 clicks from now... $558,087 in cold hard cash

    >> START CLICKING! <<

    Unsubscibe


  • Registered Users, Registered Users 2 Posts: 5,075 ✭✭✭Pacing Mule


    Hi Dav.

    Got this email myself but it referred to an incorrect user name. It said hi Xxxxxxx and off it went from there.

    Edited out what may well be an old Aam username.


  • Registered Users, Registered Users 2 Posts: 8,729 ✭✭✭Speak Now


    I got an e-mail today using the user name I've only used on ask about money! Nothing boards related.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,501 ✭✭✭zagmund


    I got this email @ 12.42, but it was addressed to an account I used on AAM, not boards.ie

    I reckon the common thread (if boards.ie & AAM are getting them) might be targetting .ie email addresses. Or maybe it's just AAM and not boards.ie afterall.

    z


  • Closed Accounts Posts: 7,347 ✭✭✭LynnGrace


    I got an e-mail today using the user name I've only used on ask about money! Nothing boards related.

    Same here, got one relating to AAM.


  • Registered Users, Registered Users 2 Posts: 2,094 ✭✭✭dbran


    Yep.

    My AOM nick and not boards nick.

    dbran


  • Registered Users, Registered Users 2 Posts: 1,288 ✭✭✭Crunchienut


    LynnGrace wrote: »
    Same here, got one relating to AAM.

    Again my email used my AAM username

    Edit:

    This is on the AAM site:

    Today, users of Askaboutmoney received spam emails to the email address with which they registered at askaboutmoney. These emails were personalised to their Askaboutmoney user names.
    “Dear “askaobutmoney username”, BETA-TESTERS NEEDED (Beginners Preferred) - registration ends on July 07, 2014”

    We believe that, when Askaboutmoney, was hacked on 20th June, the hackers downloaded the user names and email addresses.Askaboutmoney runs on vBulletin, and as such, the passwords are “hashed”, so we don’t believe that they have accessed passwords.

    What you should do now…
    As a precautionary measure, change your password on askaboutmoney when we put it back up
    If you use the same password on any other site, change that password as well
    If you wish to change your user name, when Askaboutmoney is put back up, send a Private Message to Brendan Burgess with your choice of new name and your email address.

    Again, we apologise for the breach of security.

    Brendan Burgess


  • Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Advertisement
  • Moderators, Regional East Moderators Posts: 21,504 Mod ✭✭✭✭Agent Smith


    Randomly enough, I got a sms yesterday from "NewMessage" saying "You received a photo message, and to click some link sn.im etc to see me"

    Now, I remember back in the day when boards had a tweet, thing, and You could enter your mobile.

    Is it possiable they have gotten access to mobile numbers?


  • Closed Accounts Posts: 5,429 ✭✭✭testicle


    Yes, I can confirm that it's not my boards.ie username that's used, it is instead my askaboutmoney username that's used. Both are unique.


  • Moderators, Society & Culture Moderators Posts: 32,286 Mod ✭✭✭✭The_Conductor


    I'm not on AAM......
    Got this just before lunch:

    Forwarded message
    <SNIP personal information>

    If you are unable to see the message below, click here to view.

    Hey!



    I need your help to beta-test this amazing

    new mobile system that's already resulted

    in profits of $558,087 in cold hard cash...



    If you've never made a penny online before,

    and you want to be able to create a profit

    pulling machine in just 7 clicks of your mouse



    >> START CLICKING NOW! <<

    => <<Click>>



    - You don't need an existing website

    - You don't need any technical experience

    - You don't need to be a sales person

    - You don't need any money to get started

    - You don't need to learn about SEO, Twitter,

    link-building, CPA, PPV or any of that

    - You don't need to spend hours of your time

    each day to make any money



    In fact, beginners will get preference

    > View Clicking Details <



    Application Requirements:

    - Provide feedback in terms of the

    features and functionality of the

    product

    - Let us know how fat your bank account

    has become

    > INCREASE YOUR BANK BALANCE NOW <

    => Click Here



    NOTE: only 50 beta-testers are required

    and the closing date is fast approaching!



    Best of luck,

    Jane



    P.S. 7 clicks from now... $558,087 in cold hard cash

    >> START CLICKING! <<

    Unsubscibe


  • Registered Users, Registered Users 2 Posts: 9,014 ✭✭✭Soarer


    Surely everyone knows when an unsolicited email appears offering to make "cold hard cash", it should be treated as spam?


  • Moderators, Computer Games Moderators, Technology & Internet Moderators, Help & Feedback Category Moderators Posts: 25,751 CMod ✭✭✭✭Spear


    So it's AAM who just got freshly hacked? That's a relief, I was beginning to feel left out, since I didn't get any spam.


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    Spear wrote: »
    So it's AAM who just got freshly hacked? That's a relief, I was beginning to feel left out, since I didn't get any spam.
    Seems it, not the first time either.


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    Admin note

    Please don't post content that contains your (or someone else's) email address. its just going to get crawled and your end up with even more spam!


  • Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 30,971 Mod ✭✭✭✭Insect Overlord


    I had something in my spam folder a few weeks back, and my original Boards nickname was in the subject. I just ignored it, like pretty much everything else marked as Spam!


  • Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 60,217 Mod ✭✭✭✭Wibbs


    Randomly enough, I got a sms yesterday from "NewMessage" saying "You received a photo message, and to click some link sn.im etc to see me"

    Now, I remember back in the day when boards had a tweet, thing, and You could enter your mobile.

    Is it possiable they have gotten access to mobile numbers?
    FWIW AS I got the exact same text yesterday and I never gave Boards my phone number.

    Rejoice in the awareness of feeling stupid, for that’s how you end up learning new things. If you’re not aware you’re stupid, you probably are.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 46,545 ✭✭✭✭muffler


    Same as a few others I got the email message also using my AAM user name which is different from my Boards nick.


  • Society & Culture Moderators Posts: 25,948 Mod ✭✭✭✭Neyite


    I got it too. Not sure if it was an AAM nick or my former boards one.


  • Registered Users, Registered Users 2 Posts: 8,826 ✭✭✭Gloomtastic!


    OP here again. Looks like it wasn't Boards but AAM. The spam I got was the same one as they have posted on their homepage.

    Forgotten I'd ever been there.......:rolleyes:


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    My addy normally gets VERY little spam. Last three weeks or so Ive been bombarded. Thought it was ebay but maybe its this.


  • Closed Accounts Posts: 523 ✭✭✭tenifan


    I got one from a company whose system made them $558,087 in cold hard cash despite only entering beta testing.

    Kind regards,

    Tenifan
    Software Quality Analyst
    CTB Systems PLC

    P.S. 7 clicks from now... $558,087 in cold hard cash

    >> START CLICKING! <<

    Unsubscibe


  • Registered Users, Registered Users 2 Posts: 29,293 ✭✭✭✭Mint Sauce


    Would there be anything in the subject line. Dont usually open emails from people/companies I dont know or expect.


  • Registered Users, Registered Users 2 Posts: 161 ✭✭BrendanBurgess


    I am trying to get to the bottom of this.

    Has anyone received this specific spam today to a user name which they do not use on askaboutmoney?



    Brendan Burgess
    Administrator
    Askaboutmoney


  • Registered Users, Registered Users 2 Posts: 831 ✭✭✭daingeanrob


    did anyone get the money? i would've done this only i don't want to be greedy, theres an african prince trying to get his money out of africa emailing me...


  • Registered Users, Registered Users 2 Posts: 972 ✭✭✭Digital Society


    I am trying to get to the bottom of this.

    Has anyone received this specific spam today to a user name which they do not use on askaboutmoney?



    Brendan Burgess
    Administrator
    Askaboutmoney

    Signed up to your site for the first time the other day and i DIDNT get the spam if thats any good to you. More proof it happened before that.


  • Advertisement
  • Closed Accounts Posts: 8,840 ✭✭✭Dav


    I am trying to get to the bottom of this.

    Has anyone received this specific spam today to a user name which they do not use on askaboutmoney?



    Brendan Burgess
    Administrator
    Askaboutmoney
    Just for the record, I can confirm that this *is* Brendan and he and I have been talking about this issue to try and get it solved as soon as possible.


  • Registered Users, Registered Users 2 Posts: 11,647 ✭✭✭✭El Weirdo


    Askaboutmoney runs on vBulletin, and as such, the passwords are “hashed”, so we don’t believe that they have accessed passwords.
    Your use of quotation marks on that particular word may not fill people with much confidence.


  • Moderators, Regional East Moderators Posts: 23,238 Mod ✭✭✭✭GLaDOS


    I haven't received that specific spam, or anything referencing my boards username. I'm not a member of AAM

    Cake, and grief counseling, will be available at the conclusion of the test



  • Closed Accounts Posts: 2,537 ✭✭✭Arthur Beesley


    El Weirdo wrote: »
    Your use of quotation marks on that particular word may not fill people with much confidence.

    Along with all the other amateurishness on that site.


  • Registered Users, Subscribers, Registered Users 2 Posts: 47,351 ✭✭✭✭Zaph


    Along with all the other amateurishness on that site.

    Whatever your opinions of AAM may be, the Boards Feedback forum is not the place to air them.


  • Registered Users, Registered Users 2 Posts: 648 ✭✭✭Tenshot


    I received the quoted spam message today, at an email address I used exclusively for my AAM account (I have my own domain, so tend to give each forum I register with a unique user at that domain, to make it easier to track spam).

    (Of course, having AAM in the email ID made me think I was being spammed by the excellent Ask A Manager blog - I haven't been on AskAboutMoney for a while.)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,374 ✭✭✭Gone West


    Hashed but not salted, eh?


  • Registered Users, Registered Users 2 Posts: 46,545 ✭✭✭✭muffler


    the people reporting the spam to us used the same username and email address combination on askaboutmoney as they did here.
    The above (taken from your notice) is not correct as stated previously in this thread.

    I got the spam email but I used a different nick and email on AAM.


  • Registered Users, Registered Users 2 Posts: 5,346 ✭✭✭borderlinemeath


    Got that spam to my email with my AAM username today.


  • Registered Users, Registered Users 2 Posts: 6,441 ✭✭✭jhegarty


    Fuzzy wrote: »
    Hashed but not salted, eh?

    It would be both by default on vbulletin 3.


  • Closed Accounts Posts: 5,429 ✭✭✭testicle


    muffler wrote: »
    The above (taken from your notice) is not correct as stated previously in this thread.

    I got the spam email but I used a different nick and email on AAM.

    Sure you don't have 2 AAM accounts?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,183 ✭✭✭Fey!


    Randomly enough, I got a sms yesterday from "NewMessage" saying "You received a photo message, and to click some link sn.im etc to see me"

    Now, I remember back in the day when boards had a tweet, thing, and You could enter your mobile.

    Is it possiable they have gotten access to mobile numbers?
    Wibbs wrote: »
    FWIW AS I got the exact same text yesterday and I never gave Boards my phone number.

    If that's the same one I got, it looks to be a fraud claiming to be from Dunnes and offering vouchers. Unfortunately the link times out quickly (or possibly can't be opened a second time). I have reported it to management and security in my local Dunnes, both of whom have sent it to HQ.

    If you open this, please try and get a screen grab to show to Dunnes.


  • Registered Users, Registered Users 2 Posts: 972 ✭✭✭Digital Society


    Theres no way they would just take the user table. They obviously would have just backed up the whole database an exported it. Upgrade Vbulletin or Migrate to XenForo. Someone has the thread and post table aswell. Change all Passwords immediately.


  • Registered Users, Registered Users 2 Posts: 5,477 ✭✭✭Hootanany


    Im getting a shed load of mail undeivered lately from my email i subscribed to boards. Is it related?


  • Registered Users, Registered Users 2 Posts: 5,373 ✭✭✭Redsoxfan


    I got an email addressed to my AAM username which was also my Boards username until the big shutdown.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    LoLth wrote: »
    Admin note

    Please don't post content that contains your (or someone else's) email address. its just going to get crawled and your end up with even more spam!

    That was checked out recently, on phone cant find it, by a guy sick of looking at people using [dot] and his email never got bombarded.

    [Dot] NEVER made sense as u just had to have the crawler look for that instead/aswell.


  • Registered Users, Registered Users 2 Posts: 292 ✭✭dm09


    Originally Posted by Agent Smith viewpost.gif
    Randomly enough, I got a sms yesterday from "NewMessage" saying "You received a photo message, and to click some link sn.im etc to see me"

    Now, I remember back in the day when boards had a tweet, thing, and You could enter your mobile.

    Is it possiable they have gotten access to mobile numbers?

    Originally Posted by Wibbs viewpost.gif
    FWIW AS I got the exact same text yesterday and I never gave Boards my phone number.

    I also got the exact same text the other day "You've received a picture message and an encoded link "sn.im..." , I checked the link on my laptop and it was to a porn site, probably smartphone malware, it was from a russian number +7 but I never gave my mobile number to boards or AAM and this is the first spam i've received on this number and i've had it 3 years, i also received another sms a day later from an unknown Czech number with just an 'X'


  • Closed Accounts Posts: 7,347 ✭✭✭LynnGrace


    Soarer wrote: »
    Surely everyone knows when an unsolicited email appears offering to make "cold hard cash", it should be treated as spam?

    I bin all unsolicited emails unopened. The one I received had my AAM username in the subject line, which would alert me immediately that it wasn't a normal email. I have never been contacted by email, by AAM.
    As it happened, my email system automatically had thrown it into the 'junk' folder.


  • Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 30,971 Mod ✭✭✭✭Insect Overlord


    The mails I've been getting are coming from MyDailyFlog.


  • Registered Users, Registered Users 2 Posts: 428 ✭✭chinwag


    How do you change a password on Boards?


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    chinwag wrote: »
    How do you change a password on Boards?
    Here


  • Advertisement
This discussion has been closed.
Advertisement