Author Topic: PSA: Forum Accounts are being Hijacked; for those who are not looking in drama (Read 13136 times)

Swholli · April 16, 2016, 09:49:57 AM

Oh god I got logged out randomly and that was even after I changed my password.

Holy stuff this is like The Thing, any one of us could be the The Thing and we'd never know!

Why target users pre 2010!? What does any of this mean!?

Ad Bot · Advertisement

Doughboy · April 16, 2016, 09:50:31 AM

defcon π

Jairo · April 16, 2016, 09:51:39 AM

I'm placing bets it's a smf security breach that some scriptkiddie got a handle on

Satan From Wreck-It-Ralph · April 16, 2016, 09:51:49 AM

Quote from: Maui69 on April 16, 2016, 09:48:27 AM

a pretty old player
he's fine i told him about it on steam earlier

oh ok

hello hacker forgeter
this is satan devil
heres the deal.
if you hack this forum
i will find you
where ever you are
and break your legs
and thats a promise.

The GI of MA · April 16, 2016, 09:52:07 AM

defcon ∞

Maui69 · April 16, 2016, 09:52:22 AM

probably has to do with session keys being hijacked moreso than passwords, seeing as how users tend to be online while people post

spooky

Kyuande · April 16, 2016, 09:52:58 AM

Quote from: Jairo on April 16, 2016, 09:51:39 AM

I'm placing bets it's a smf security breach that some scriptkiddie got a handle on

Yes. Me and Gy did a couple of tests, I was able to get into his account by getting his cookie data, someone can hijack your account by using your session, this can be easily achieved by cookies.

Jairo · April 16, 2016, 09:54:33 AM

Quote from: Kyuande on April 16, 2016, 09:52:58 AM

Yes. Me and Gy did a couple of tests, I was able to get into his account by getting his cookie data, someone can hijack your account by using your session, this can be easily achieved by cookies.

so is clearing cookies and not visiting the forums until this all blows over the best solution?

otto-san · April 16, 2016, 09:54:43 AM

so how are they getting the cookies of people that haven't posted or been online in years/months

Gytyyhgfffff · April 16, 2016, 09:55:25 AM

i'm guessing maybe old password dumps, c mentioned a few in the drama topic

Swholli · April 16, 2016, 09:56:23 AM

Well stuff on a brick.

Ok, so they have access to our accounts. But they can't make changes because they don't have our passwords, just our session.

So then the mystery thickens because now we have to answer why they were targeting users of a certain age (some made sense, they were inactive and wouldn't be noticed at first) but now it seems more accounts are being compromised once we discovered the issue.

So then why advertise Bloxcity? Who in their right mind is going to take away from all of this "you know what, that hijacker was right, we should play bloxcity instead of blockland. Thanks hijacker!"

The Resonte! · April 16, 2016, 09:57:41 AM

Quote from: Swholli on April 16, 2016, 09:56:23 AM

So then the mystery thickens because now we have to answer why they were targeting users of a certain age (some made sense, they were inactive and wouldn't be noticed at first) but now it seems more accounts are being compromised once we discovered the issue.

So then why advertise Bloxcity? Who in their right mind is going to take away from all of this "you know what, that hijacker was right, we should play bloxcity instead of blockland. Thanks hijacker!"

the fastest answer is "for the evulz"

Gytyyhgfffff · April 16, 2016, 09:57:43 AM

its just some meme the attacker found and they're posting it just to forget with us

Jairo · April 16, 2016, 09:57:58 AM

Quote from: Swholli on April 16, 2016, 09:56:23 AM

So then why advertise Bloxcity? Who in their right mind is going to take away from all of this "you know what, that hijacker was right, we should play bloxcity instead of blockland. Thanks hijacker!"

chances are they were using bloxcity as a scapegoat for the smf breach

and it worked for a bit

Meta_KnightX · April 16, 2016, 09:59:18 AM

I was wondering what was going on..

I'm scared now.. my heart is pumping :(