I'm subscribed to haveibeenpwned.com, a web service ran by security researcher Troy Hunt which stores information on data breaches of companies. Just received an email that my Facepunch account has been 'pwned'...
Date of breach: 3 Jun 2016
Number of accounts: 342,913
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Description: In June 2016, the game development studio Facepunch suffered a data breach that exposed 343k users. The breached data included usernames, email and IP addresses, dates of birth and salted MD5 password hashes. Facepunch advised they were aware of the incident and had notified people at the time. The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies.
Not great...
It would be for the old forums though
IIRC this was when someone injected credential stealing code using a vBulletin exploit. Took advantage of browser credential autofill on the /modcp or /admincp page.
yeah the dates seem to match up with the malicious global sticky via a compromised mod/admin acc (swebonnys?) which resulted in garry resetting everyones session and forcing a password change
due to the forced password resets none of the passwords in there should be valid anyway
I remember that one time Big Dumb American's acc got compromised and someone used that for a malicious announcement post.
Is this why I keep getting emails on someone trying to change my Epic Account
They can do that without knowing your password.
I am a dumb nigger
Everyone gets those that own an email address.
I got that email so often it got flagged as spam
I don't remember exactly what happened but I don't think my account did anything specific since mods didn't have access to the user's passwords and other sensitive details.
I do recall the hacker putting a snippet of JavaScript that would execute as soon as users viewed a thread/announcement. Think it was targeting the admin account.
This was around the time rbreslow broke into Jaanus’ account to unban seano12
Sorry, you need to Log In to post a reply to this thread.
