[Theory] How the site was "hacked" and what you can do to stay safe

[Deleted User]

I can almost guarantee that this was just a simple bruteforce to get passwords using a program called SentryMBA, and not an exploit. Similar. This is a similar method that people use to get access to netflix, hulu, and minecraft accounts. The same thing happened to Se7enSins a few months ago. So this is all coming from experience and what us and our staff team did to prevent as much damage as possible. While this method of attack is of course a theory. I do recommend that you do not take this suggestion lightly.

1. Change your password to something new. I recommend using this site to generate a secure password
2.

Spoiler: It was brought to my attention that the admin team disabled this feature of xenforo

Enable 2 factor authentication. This is what the staff team here uses so even if your password gets compromised. No one can use your account unless they can get this second code either via google authenticator or the accounts email(Whomever generates this unique code will only have a limited amount of time to use it before it expires) You can find this in your account settings.

If you do one or both of these you will be perfectly fine. Although I doubt most of us will have any issues anyway since the script kiddies are only interested in popular/powerful accounts.

i.e Hundshammer, auroram and staff members

 

[N64]

theres no 2FA on this site.

 

[Deleted User]

Never seen F2A on this site

Have you been hacked?

 

[Deleted User]

theres no 2FA on this site.

Its built into Xenforo. So an admin must of went out of their way in the ACP(admin control panel) and disabled it...ugh. Ill make a note thank you. I wasn't aware that they disabled it since that doesn't make much sense security wise.

Never seen F2A on this site

Have you been hacked?

No sir. Always have those unique passwords

 

[Deleted User]

Its built into Xenforo. So an admin must of went out of their way in the ACP(admin control panel) and disabled it...ugh. Ill make a note thank you. I wasn't aware that they disabled it since that doesn't make much sense security wise.


No sir. Always have those unique passwords

Wow it got disabled

Let's just throw this site out next, shall we? I can't believe the admins would do that fuck.

 

[Ronhero]

GBAtemp is powered by XenForo which uses a strongly "salted" encryption for passwords

 

[Deleted User]

GBAtemp is powered by XenForo which uses a strongly "salted" encryption for passwords

That doesn't mean tools like SentryMBA still can't be used.

 

[Ronhero]

That doesn't mean tools like SentryMBA still can't be used.

I was hacked too remember. I am the one who first notified admins.... got called a troll and had my post moved to EOF

 

[zoogie]

I think this guy's theory is the likeliest to be right
https://gbatemp.net/threads/urgent-has-gbatemp-been-hacked.456950/page-4#post-7004262

 

[Ronhero]

I think this guy's theory is the likeliest to be right
https://gbatemp.net/threads/urgent-has-gbatemp-been-hacked.456950/page-4#post-7004262

My iso and gba are different

 

[Deleted User]

My iso and gba are different

That doesn't mean that users don't share usernames and passwords

I was hacked too remember. I am the one who first notified admins.... got called a troll and had my post moved to EOF

That still doesn't debunk a program like SentryMBA potentially being apart of this...I recommend reading up on that program and how it works before replying again. Not trying to cause an argument but you honestly seem like you don't quite understand the terminology of whats going on here. Your last reply to Zoogie gives some strength to that statement as well.

I apologize for saying that, especially since this is a theory. But you are trying to refute theories with statements that make no sense.

 

[Ronhero]

Mkay I'll just leave

 

[pwsincd]

Which site was hacked... ?

 

[Deleted User]

Which site was hacked... ?

A few users had their accounts compromised on this site.

 

[pwsincd]

ok cause our IRC channel and specifically my login was compromised and it carried the same password as here.. so it seems peoople are using the info gained.

 

[TotalInsanity4]

Which site was hacked... ?

Basically there's a hacker on the site that seems to have some sort of vendetta against Luma3DS

 

[p1ngpong]

Speculation threads with no proof arent helping anyone, but so far I see no evidence that this is a mass hack over something like bruteforcing like the OP says. Just change your passwords to something complex to secure your accounts.