Status
Not open for further replies.
Front-page

Addressing the recent user account hack scare

Dear GBAtemp members and visitors,

It has come to our attention that over the past two days, a person has somehow been able to access a few user accounts on our forums. Shortly after, rumors started blossoming regarding a possible site/forum/database hack or a password leak. After an extensive search into server logs and lookup tools we have no reason to believe that any part of our site has been compromised.

At this point, as several people have suggested already, we believe that the reason this intrusion happened is because another site (an illegal ROM/ISO download site) was recently hacked and the password database was exposed to the public. Since a portion of our members was also registered on that site, possibly using the same password, this could explain the recent scare.

Even though we have no reason to believe our site has been compromised, we have taken a series of measures to reinforce account security on GBAtemp. Firstly, we have reviewed security on the server and all components of our site to make sure everything is up to date and secure. Some components of the forum software have been updated and following this update, one or two add-ons have ceased functioning. If you see anything that isn't working as expected, please use our Site discussions and suggestions forum to report the issue.

At this point, we recommend all our members to change their password and enable two-factor authentication. We are sending out e-mails to all our members to inform them of this situation and to recommend them to change their password. We strongly recommend using a unique and complex password, not just here but on every site you are registered to.

If you have any information that may help us get a better grasp on the situation, please get in touch with a member of the staff. Thank you for your understanding!

The staff
 
  • Like
Reactions: Exavold, Sliter, SkittleDash and 95 others
Click to expand...
Aletron9000

Aletron9000

Well-Known Member
Member
Level 9
Joined
May 10, 2016
Messages
1,716
Trophies
0
Location
Classified
XP
1,598
Country
United States
I changed my GBATemp password. So, I should probably change all of my accounts with the same password right?

Ugh, I hate those type of hackers.
 
WiiUBricker

WiiUBricker

News Police
Banned
Level 18
Joined
Sep 19, 2009
Messages
7,827
Trophies
0
Location
Espresso
XP
7,485
Country
Argentina
WiiUBricker said:
Yes, yourself. Just randomly type on your keyboard until you have created a long password and then manually insert special characters to it to give it a bit more spice. Then save it to a document and encrypt it with another password generated the same way. This is your master password. Then you encrypt your encrypted password with another randomly generated password. This is your Grandmaster password. Print your grandmaster and master passwords and lock it in a save place. Alternatively, you can try to memorize them.
Click to expand...
@RedBlueGreen Edit: Another possibility would be to create a QR code of your Master and Grandmaster passwords and tattoo it to a well hidden place.
 
S

seijinshu

...
Member
Level 3
Joined
Jan 6, 2016
Messages
483
Trophies
0
Location
...
XP
248
Country
United States
This is why passwords are not meant to be good on those ROM sites, let alone anything like your good passwords.
My good stuff is like ofjdhisocnrq193(626195)*:&2(_96$: (on phone, too lazy to mix those up)
And those ROM sites passwords are like
b0i$
Note: example passwords. My passwords are much better.
 
A

AgentAntz

Active Member
Newcomer
Level 2
Joined
Nov 25, 2016
Messages
25
Trophies
0
Age
35
XP
119
Country
United States
Costello said:
Dear GBAtemp members and visitors,

It has come to our attention that over the past two days, a person has somehow been able to access a few user accounts on our forums. Shortly after, rumors started blossoming regarding a possible site/forum/database hack or a password leak. After an extensive search into server logs and lookup tools we have no reason to believe that any part of our site has been compromised.

At this point, as several people have suggested already, we believe that the reason this intrusion happened is because another site (an illegal ROM/ISO download site) was recently hacked and the password database was exposed to the public. Since a portion of our members was also registered on that site, possibly using the same password, this could explain the recent scare.

Even though we have no reason to believe our site has been compromised, we have taken a series of measures to reinforce account security on GBAtemp. Firstly, we have reviewed security on the server and all components of our site to make sure everything is up to date and secure. Some components of the forum software have been updated and following this update, one or two add-ons have ceased functioning. If you see anything that isn't working as expected, please use our Site discussions and suggestions forum to report the issue.

At this point, we recommend all our members to change their password and enable two-factor authentication. We are sending out e-mails to all our members to inform them of this situation and to recommend them to change their password. We strongly recommend using a unique and complex password, not just here but on every site you are registered to.

If you have any information that may help us get a better grasp on the situation, please get in touch with a member of the staff. Thank you for your understanding!

The staff
Click to expand...

Can someone please take that stupid video off of AuroraWrights original post. Its a slap in the face to her hard work.
 
kuwanger

kuwanger

Well-Known Member
Member
Level 9
Joined
Jul 26, 2006
Messages
1,510
Trophies
0
XP
1,783
Country
United States
2FA sounds nice but is too much of a PITA to use on most sites, especially if you often browse in incognito mode and/or actively log out of web sites ASAP (to reduce the chance of cookie/session key replay attacks). Perhaps I'd feel differently if it weren't the case that I use randomly generated passwords and hence I should only really be vulnerable if (1) my system is compromised (for which 2FA may be of little help), (2) some part of the chain of identification could be MITM (*cough*where's the SSL?*cough*), or (3) the website itself is either compromised or allows for brute force attacking accounts. For (1), I'm as much to blame as if I were using a weak password or reusing passwords. But for (2) and (3), well that's a poor excuse for me, the user, to go out of my way to try to mitigate what should be being done properly on the website end.

PS - By no means is this meant to be chastising anyone (Aurora Wright or GBATemp.net's admins). I just think that 2FA is often overkill and really misses the point: whatever system you use, you have to figure out what the real weakness is/should be. If the issue fundamentally is a weak password, deal with that. If it's that it's too easy for others to snoop the password, deal with that. If the server is so readily compromised, deal with that. If all of that's been well addressed and 2FA still makes sense, do that. Otherwise, well, they'll just compromise the weakest part (hack your email account, reset passwords, and then 2FA can become a joke) which actually makes the situation worse. :/
 
A

About7fish

Active Member
Newcomer
Level 2
Joined
Aug 18, 2012
Messages
30
Trophies
0
XP
140
Country
United States
Now where would've they gotten a list of unencrypted usernames and passwords? :^)

In all seriousness, the password I've been using was burned long ago so this change is overdue anyway.
 
The Catboy

The Catboy

GBAtemp Official Catboy™: Boywife
Member
Level 39
Joined
Sep 13, 2009
Messages
27,908
Trophies
4
Location
Making a non-binary fuss
XP
39,174
Country
Antarctica
HyperT said:
You should anyway. Don't believe they got anything from GBA unless they got into an admin account...
Click to expand...
Costello's account is fine.
GBATemp itself wasn't compromised, but some ISO site was.
I honestly suggest people stop using that iso site. They appear to have some pretty shitty security going on over there. If you do it, use a throwaway account/password.
 
  • Like
Reactions: Chary
MarioMasta64

MarioMasta64

hi. i make batch stuff and portable shiz
Member
Level 10
Joined
Dec 21, 2016
Messages
2,297
Trophies
0
Age
26
Website
github.com
XP
2,094
Country
United States
WiiUBricker said:
Yes, yourself. Just randomly type on your keyboard until you have created a long password and then manually insert special characters to it to give it a bit more spice. Then save it to a document and encrypt it with another password generated the same way. This is your master password. Then you encrypt your encrypted password with another randomly generated password. This is your Grandmaster password. Print your grandmaster and master passwords and lock it in a save place. Alternatively, you can try to memorize them.
Click to expand...
omg thats exactly what i do lol
 
BIFFTAZ

BIFFTAZ

Well-Known Member
Member
Level 6
Joined
Jul 26, 2010
Messages
596
Trophies
1
XP
846
Country
For sites like that ISO site and a like, I use 10 minute mail & a different user name & a random pass at the time of signing up.
 
  • Like
Reactions: RedBlueGreen
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

Nintendo Switch firmware 18.0.0 has been released

GitLab has taken down the Suyu Nintendo Switch emulator

Atmosphere CFW for Switch updated to pre-release version 1.7.0, adds support for firmware 18.0.0

Wii U and 3DS online services shutting down today, but Pretendo is here to save the day

Denuvo unveils new technology "TraceMark" aimed to watermark and easily trace leaked games

GBAtemp Exclusive  Introducing tempBOT AI - your new virtual GBAtemp companion and aide (April Fools)

Pokemon fangame hosting website "Relic Castle" taken down by The Pokemon Company

MisterFPGA has been updated to include an official release for its Nintendo 64 core

General chit-chat
Help Users
    Psionic Roshambo @ Psionic Roshambo: @SylverReZ, Indeed lol