IMPORTANT! Have you received an email to your forum username?

Clark80

If possible a banner when you click on the website would make it easier to see this. I only stumbled on this while viewing new posts.

Moonchild

I got the e-mail. I'd changed passwords last week, so obviously it's an old hack.

Esoog wrote: »

They may be thick, but no doubt a few people followed the link...

I think that's harsh to call anyone who clicked 'thick'.

A small % of users who received that e-mail would have clicked on it.
It's from a 'trusted' source. OK, I wouldn't, but I know for example that my mum would have had she received it. There are a lot of people who are inexperienced web users who don't consider themselves targets.

I have no major issue with MSE being hacked - far better organisations have been taken down. It happens. There are enough @#*~~@'s in this world who take great joy in causing other people problems.

However, considering their target audience, it's important that MSE now steps up to the plate - reputation on the line here. You've lost our data, i'll let you off, it happens. Do it again, and you'll lose a lot of your fan base, myself included. It will effect MSE financially.

I'm presuming that MSE is busy finding out what happens to those who click on the malware / virus, how malicious it is, and how MSE are going to remedy it. I hope for their sake those who clicked on it just got a nice smiley or something. And that their bank accounts are not being torn to shreds as we speak.

'You should have up to date Virus Software' is not going to cut the mustard this time.

KxMx

Wow am I lucky, recieved it into my spam box, deleted it, though oops that had my username, was it about the abuse report I made, too late now.

Phew!

jrawle

Doc_N wrote: »

Except that there's been no mention of passwords, which have probably also been harvested - or the need for people to change passwords if the same one's been used elsewhere. That applies particularly if the same password has been used for the email address used for MSE.

vBulletin stores its passwords in a hashed form. There is little chance of the hackers being able to retrieve passwords (or indeed, trying to) from this. The risk is slightly increased if you use a dictionary word as your password (which is never a good idea anyway). The biggest risk is of people following a link that then installs malware that sniffs for passwords on their computer, or otherwise tricks them into giving up their password.

If you use the same password for online banking or something else important, it's probably a good idea to change it, as this is always a bad idea in any case.

alleycat`

Received the message this morning but the headers suggest it was injected into the "spammers" mail server on the evening of the 17th November.

The headers indicate the mail originated from IP 85.235.131.72 (w862.widhost.net) which is operated by:-

address: Widestore S.r.l.
Omero Narducci
Via Borgo dei leoni 70F
44100 Ferrara
ITALY

Obviously it is quite possible this company have had their mail infrastructure compromised as well.

hope that helps

gemnjam

Thankfully gmail sent it straight to spam although even if I had opened it after reading the copy put up here I doubt I would've thought anything apart from snore! and certainly wouldn't have clicked the link

KxMx

The password I use here I use alot on other forums, but nowhere such as bank, amazon (card details stored), Facebook etc.

VictimOfImpersonation

As DocN and others have said, the symptoms suggest that it is a given that MSE passwords have also been harvested ... probably during one of the serious Denial of Service attacks against MSE that were reported when the OFT versus the Banks case was reaching a climax. Noted what jrawle says about the encryption of passwords within vBulletin, but who really knows how secure that is under DoS?

Laying the recent trojan bait & trap is just one potential use of those passwords and email addresses. There are likely to be other less obvious attacks going forward. These people are not dumb. Serious money changes hands for this type of data. It is a big industry with organised criminals ultimately controlling it.

As MSE is likely to be a recurring target for DoS attacks due to its frequent conflicts with big business, MSE users would probably be well advised to change their passwords to something unique that they do not and will not use for anything else, and if they have used the old password for something else then that also needs changing as a matter of urgency.

Even those people clever enougt to control their own domain names and unique email addresses may inadvertently find that they are particularly vulnerable if their public domain "WhoIs" data contains location address details for example. Furthermore, one might also imagine that vBulletin tracks User IP addresses. Might they also have been compromised?

mr_fishbulb

VictimOfImpersonation wrote: »

Even those people clever enougt to control their own domain names and unique email addresses may inadvertently find that they are particularly vulnerable if their public domain "WhoIs" data contains location address details for example. Furthermore, one might also imagine that vBulletin tracks User IP addresses. Might they also have been compromised?

It is possible. Currently assume anything about you held on the MSE site is now "out there"

Tartanmax

I got the same email this morning ..thankfully I never clicked on the link as it did look iffy , it also went straight in my spam box. I joined years ago.