# [Theory] How the site was "hacked" and what you can do to stay safe



## Deleted User (Jan 12, 2017)

I can almost guarantee that this was just a simple bruteforce to get passwords using a program called SentryMBA, and not an exploit. Similar. This is a similar method that people use to get access to netflix, hulu, and minecraft accounts. The same thing happened to Se7enSins a few months ago. So this is all coming from experience and what us and our staff team did to prevent as much damage as possible. While this method of attack is of course a theory. I do recommend that you do not take this suggestion lightly.

1. Change your password to something new. I recommend using this site to generate a secure password
2. 



Spoiler: It was brought to my attention that the admin team disabled this feature of xenforo



Enable 2 factor authentication. This is what the staff team here uses so even if your password gets compromised. No one can use your account unless they can get this second code either via google authenticator or the accounts email(Whomever generates this unique code will only have a limited amount of time to use it before it expires) You can find this in your account settings.



If you do one or both of these you will be perfectly fine. Although I doubt most of us will have any issues anyway since the script kiddies are only interested in popular/powerful accounts.

i.e Hundshammer, auroram and staff members


----------



## N64 (Jan 12, 2017)

theres no 2FA on this site.


----------



## Deleted User (Jan 12, 2017)

Never seen F2A on this site

Have you been hacked?


----------



## Deleted User (Jan 12, 2017)

N64 said:


> theres no 2FA on this site.


Its built into Xenforo. So an admin must of went out of their way in the ACP(admin control panel) and disabled it...ugh. Ill make a note thank you. I wasn't aware that they disabled it since that doesn't make much sense security wise.



VinLark said:


> Never seen F2A on this site
> 
> Have you been hacked?


No sir. Always have those unique passwords


----------



## Deleted User (Jan 12, 2017)

Sasori said:


> Its built into Xenforo. So an admin must of went out of their way in the ACP(admin control panel) and disabled it...ugh. Ill make a note thank you. I wasn't aware that they disabled it since that doesn't make much sense security wise.
> 
> 
> No sir. Always have those unique passwords


Wow it got disabled

Let's just throw this site out next, shall we? I can't believe the admins would do that fuck.


----------



## Ronhero (Jan 12, 2017)

GBAtemp is powered by XenForo which uses a strongly "salted" encryption for passwords


----------



## Deleted User (Jan 12, 2017)

Ronhero said:


> GBAtemp is powered by XenForo which uses a strongly "salted" encryption for passwords


That doesn't mean tools like SentryMBA still can't be used.


----------



## Ronhero (Jan 12, 2017)

Sasori said:


> That doesn't mean tools like SentryMBA still can't be used.



I was hacked too remember. I am the one who first notified admins.... got called a troll and had my post moved to EOF


----------



## zoogie (Jan 12, 2017)

I think this guy's theory is the likeliest to be right
https://gbatemp.net/threads/urgent-has-gbatemp-been-hacked.456950/page-4#post-7004262


----------



## Ronhero (Jan 12, 2017)

zoogie said:


> I think this guy's theory is the likeliest to be right
> https://gbatemp.net/threads/urgent-has-gbatemp-been-hacked.456950/page-4#post-7004262



My iso and gba are different


----------



## Deleted User (Jan 12, 2017)

Ronhero said:


> My iso and gba are different


That doesn't mean that users don't share usernames and passwords




Ronhero said:


> I was hacked too remember. I am the one who first notified admins.... got called a troll and had my post moved to EOF


That still doesn't debunk a program like SentryMBA potentially being apart of this...I recommend reading up on that program and how it works before replying again. Not trying to cause an argument but you honestly seem like you don't quite understand the terminology of whats going on here. Your last reply to Zoogie gives some strength to that statement as well.

I apologize for saying that, especially since this is a theory. But you are trying to refute theories with statements that make no sense.


----------



## Ronhero (Jan 12, 2017)

Mkay I'll just leave


----------



## pwsincd (Jan 12, 2017)

Which site was hacked... ?


----------



## Deleted User (Jan 12, 2017)

pwsincd said:


> Which site was hacked... ?


A few users had their accounts compromised on this site.


----------



## pwsincd (Jan 12, 2017)

ok cause our IRC channel and specifically my login  was compromised and it carried the same password as here.. so it seems peoople are using the info gained.


----------



## TotalInsanity4 (Jan 12, 2017)

pwsincd said:


> Which site was hacked... ?


Basically there's a hacker on the site that seems to have some sort of vendetta against Luma3DS


----------



## p1ngpong (Jan 12, 2017)

Speculation threads with no proof arent helping anyone, but so far I see no evidence that this is a mass hack over something like bruteforcing like the OP says. Just change your passwords to something complex to secure your accounts.


----------

