For people that did get hacked can you comment and share what client you were using, to try to help people avoid this?
This also allows us to see correlations if a specific client is to blame or if there is another reason this occurred.
jock wrote:For people that did get hack can you comment and share what client you where using, to try help people avoid this.
loftar wrote:jock wrote:For people that did get hack can you comment and share what client you where using, to try help people avoid this.
I want to be clear about the fact that I don't know that it's a malicious client. If anything, I've noticed among the hacked accounts some that haven't even logged in since like 2013, so I'm not sure the clien theory is even satisfactory at all.
<editjock wrote:For people that did get hacked can you comment and share what client you were using, to try to help people avoid this?
This also allows us to see correlations if a specific client is to blame or if there is another reason this occurred.
vatas wrote:No idea if this is connected and this is basically hearsay, but someone said they lost 4 top-quality treepots and suspected a bug.
Account -> Account Security -> View Security Log
menillos wrote:i got hacked and my name is not on the list i feel scammed xD
loftar wrote:To be sure, though, it's not just a brute-force hack. The attacker just logged straight into the accounts without trying different passwords, so he clearly has some sort of list of credentials.
dor wrote:IMHO, it's not related to malicious client. Initially I thought it was just dict-based bruteforce attack, but if there was no failed attempts, it seems that hacker had login:pass pair. I think he got it from one of the widely available leaked bases. So he just had to try these pairs in hope that user used same password everywhere.
@Loftar, if it's possible, please, check two things:
- are there any spike in amount of failed attempts with non-existent login
- are there any spike in amount of failed attempts overall
First could give some insight regarding where from attacker got logins. Second one will shed some light on my hypothesis about "same password everywhere" attack.
If both are "no" then it would mean that attacker had very accurate info about user accounts.
dor wrote:loftar wrote:To be sure, though, it's not just a brute-force hack. The attacker just logged straight into the accounts without trying different passwords, so he clearly has some sort of list of credentials.
IMHO, it's not related to malicious client. Initially I thought it was just dict-based bruteforce attack, but if there was no failed attempts, it seems that hacker had login:pass pair. I think he got it from one of the widely available leaked bases. So he just had to try these pairs in hope that user used same password everywhere.
@Loftar, if it's possible, please, check two things:
- are there any spike in amount of failed attempts with non-existent login
- are there any spike in amount of failed attempts overall
loftar (via discord) wrote:To be sure, it's not just a random brute-force bot, the site does have protections against that. The attacker just logged straight into the accounts without any password misses.
Or well, there were some accounts where he used the wrong passwords, but on the ones where they did successfully log in, they logged right in.
Users browsing this forum: No registered users and 6 guests