Dear GBAtemp members and visitors,

It has come to our attention that over the past two days, a person has somehow been able to access a few user accounts on our forums. Shortly after, rumors started blossoming regarding a possible site/forum/database hack or a password leak. After an extensive search into server logs and lookup tools we have no reason to believe that any part of our site has been compromised.

At this point, as several people have suggested already, we believe that the reason this intrusion happened is because another site (an illegal ROM/ISO download site) was recently hacked and the password database was exposed to the public. Since a portion of our members was also registered on that site, possibly using the same password, this could explain the recent scare.

Even though we have no reason to believe our site has been compromised, we have taken a series of measures to reinforce account security on GBAtemp. Firstly, we have reviewed security on the server and all components of our site to make sure everything is up to date and secure. Some components of the forum software have been updated and following this update, one or two add-ons have ceased functioning. If you see anything that isn't working as expected, please use our Site discussions and suggestions forum to report the issue.

At this point, we recommend all our members to change their password and enable two-factor authentication. We are sending out e-mails to all our members to inform them of this situation and to recommend them to change their password. We strongly recommend using a unique and complex password, not just here but on every site you are registered to.

If you have any information that may help us get a better grasp on the situation, please get in touch with a member of the staff. Thank you for your understanding!

The staff

 

[Seriel]

Erm... I don't think I got an email. Perhaps they are still being sent out?

Sending the same email to 355,511 different registered members takes a while.
I haven't got mine either, it'll arrive in a bit, although I suspect it has the same info as this thread anyway.

 

[xstationbr]

i have updated now, thanks.
i update to
Cypher121212$

LOL just a joke.

 

[Seriel]

Linux Mint 18.1 latest firefox (it didnt happen till after the breach) im assuming the reloaded the site as alot of the layouts and such have turned like the old-er gbatemp

Strange I'm using latest Firefox on Windows atm without issues.
I also haven't seen any regresions, can you point some out?

 

[proflayton123]

iOS 10.1 Safari

 

[MarioMasta64]

Strange I'm using latest Firefox on Windows atm without issues.
I also haven't seen any regresions, can you point some out?

byebye bar

 

[Slattz]

Sending the same email to 355,511 different registered members takes a while.
I haven't got mine either, it'll arrive in a bit, although I suspect it has the same info as this thread anyway.

Yea, I thought that. Kinda shitty for AuroraWright though :/

 

[Seriel]

@Seriel stop fearmongering we all want our moment of fame but this is not how you do it

Can you not.
I don't give two shits about "fame" or attention or any nonsense.
I'm just helping fellow tempers as one of them. If anything you're the one trying to get fame with your "cool" post about how I need to calm down.
Seriously just chill already, I'm not trying to scare anyone, everything is fine I'm just helping people debug issues.

But sure fine if you don't want anything to ever be resolved then so be it.

 

[Bladexdsl]

that 2 step verification was annoying me so i turned it off. my accounts fine i don't go to them illegal rom/iso sites (i use usenet )

 

[pixelmasher]

Isn't this a violation of CFAA?

 

[Deleted User]

Man, this is not what I wanted to wake up to this morning...

Then again, it's the internet so I'm not overly suprised; you're pretty much guaranteed to encounter low-lifes who spoil it for the many just for the fun of it.

 

[AlucardjX]

password changed and enabled two step method,i am sorry for Aurora tnx to the admin for the promptly contact!hope all returns normal...

 

[RedBlueGreen]

Can anyone recommend a good safe password manager? By safe I mean one that's not going to steal the passwords.

 

[Seriel]

Can anyone recommend a good safe password manager? By safe I mean one that's not going to steal the passwords.

Lastpass.

 

[WiiUBricker]

Can anyone recommend a good safe password manager? By safe I mean one that's not going to steal the passwords.

Yes, yourself. Just randomly type on your keyboard until you have created a long password and then manually insert special characters to it to give it a bit more spice. Then save it to a document and encrypt it with another password generated the same way. This is your master password. Then you encrypt your encrypted password with another randomly generated password. This is your Grandmaster password. Print your grandmaster and master passwords and lock it in a save place. Alternatively, you can try to memorize them.

 

[KingVamp]

Well, I never signed up for a rom site and I actually recently change my password. So, I should be good.

 

[RedBlueGreen]

Yes, yourself. Just randomly type on your keyboard until you have created a long password and then manually insert special characters to it to give it a bit more spice. Then save it to a document and encrypt it with another password generated the same way. This is your master password. Then you encrypt your encrypted password with another randomly generated password. This is your Grandmaster password. Print your grandmaster and master passwords and lock it in a save place. Alternatively, you can try to memorize them.

But what if I have an evil twin who shares all of my knowledge and they get the passwords?

 

[mathieulh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

It's a shame that Gbatemp administrators have had to wait until this whole debacle showed up on their doorstep to implement two factor authentication, site administrators need to be proactive with their security and not wait for things to happen.

Why can we only use facebook as an external site? Google authentication (which supports U2F) is a whole lot more secure than facebook's (or gbatemp's for that matter) and would have been a better choice.

P.S. I am signing this message with my PGP key just so you can ensure my account is not compromised and I am actually the one writing this post.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYd10HAAoJEKa4nBz3AlIIqeYH+QEOnxL5GMqye4/+zTwlDCp8
/i8HxSJVJaXM3c8Xmp602FgCjbEvcJWuoBMMBADtgyn9s/OKcyjZgL79LFkRVKD2
o3xqGSwIJB1BZAfsbLAL2KiMy81ibl/ihdM7yp0BicOUrKYo0MIzahdePu7JESzr
VkdgBp5Q+Pf4IUbiol5L8UoWLcdgxf281z4RRt5PFrw33KJMICo0LUea1jtchgZZ
DPGkgJaUXTS5p23ZUdz6uq5Wnow1u2SHw04YMfWIYx1DINSppofC6f/MTQFRmdd6
94OAA+WRfp4DtcRisS+wUzRCaAUYbnP/3JHB8kSjAowhXQlGGPBcZCwJeIB2FPA=
=qJ1d
-----END PGP SIGNATURE-----

 

[WiiUBricker]

But what if I have an evil twin who shares all of my knowledge and they get the passwords?

That's not possible. Until you believe in a Multiverse.

 

[AskaLangly]

Emails taking nearly an hour to arrive; one to reset password, one to activate 2FA via email.

 

[mrissaoussama]

How do I know my password if I signed in with Facebook?