Sign in to follow this  
Guest Mary_West

Your Password Server seems to have been hacked.

Recommended Posts

Guest Mary_West

Hello there! I’ve suddenly had a flood of email in my mailbox of the “Hi, I know your password and I’ve infected your machine with spyware and my goodness you look at naughty stuff!”

However, I use individual passwords for all my accounts, and can tell from the password which one was hacked. The password they’re mentioning is the one I use for AFF logons. So someone’s vacuumed up your password list.

(Because of course I’d never watch the naughty stuff on my computer. What sort of a girl do you think I am? Oh. I write smut. That’s right. I *am* that sort of girl)

Anyway, a heads-up. If, like I *used* to, you use the same password on a lot of sites, now’s the time to change that. Use a base (eg MyMaidenNameBackwards) then add a number (not *1) and an identifier. Example: htimS99AFF. Keep a secret list somewhere safe, like an encrypted file on your computer. Then, when the blighters try to convince you they’ve been watching you through the bit of cardboard you have taped over your camera while you … ahem … enjoy the loveliness that is this site, you can a) laugh at them, b) let the admins know.

By the way, that’s not the password I use now. Just in case you were thinking of being clever. I may be a middle-aged fan-fic-smut writing woman, but I’m a SMART middle-aged fan-fic-smut writing woman.

Share this post


Link to post
Share on other sites

I got one of those! I googled a chunk of the wording, and it seemed someone just obtained the data from the previous hack and used it to spam every email address from the database with the the same text, but the related password pasted in. I just ignored it - I mean, I don’t even have a webcam. Mirrored surfaces like lenses crack around me.

Share this post


Link to post
Share on other sites

We’re pretty sure it’s related to the forum hack from last year. We definitely recommend changing your passwords, just to be safe, but I’ve been deleting this type of email frequently from the staff email address with impunity. I’ve avoided the temptation to point out that this is an adult fiction site, so really, it’s not like I’m going to be embarrassed that I read adult material. The email addresses sending the extortion requests are all disposable anyway, so the reply would only bounce back. :sigh: 

And thank you, Guest Mary_West for a post that was both highly intelligent and delightfully written! :hug: 

Share this post


Link to post
Share on other sites
22 minutes ago, lizziemay84 said:

I tried to change my archive password, but all I get is a message saying “This password reset is no longer valid”. Could I get some help, please?

 

I’m going to contact you at the email address we have on file for you, just to make sure our information is current. 

Share this post


Link to post
Share on other sites

I also get the webcam emails, and that cracks me up.  I’ve NEVER had a webcam.  I don’t WANT a webcam, and that they think they can scare me with webcam usage that never existed is just plain silly.  Yes, this is an OLD issue, and these emails have been popping up ever since.

Share this post


Link to post
Share on other sites

On an unrelated note, I’ve actually been working with the hosting company to fix the hotmail/outlook issues (where the emails just disappear that send to users).  Everything thus far I’ve tried that SHOULD have worked, has not.  So, they’re digging deeper and I should that have fixed soonish.

When the old issue occurred, Nexcess was a major help at that time as well.  They tracked down the IPs of the persons who did this, and blocked them from the domain entirely.  They have tools at their disposal I don’t, so if something happens, they’re the ones I go to help stop whatever the issue is.

Share this post


Link to post
Share on other sites

 For those of you who looked in the body of the email, and the sextortionist provided a bitcoin address, you can report it at “bitcoin abuse” here: https://www.bitcoinabuse.com/

Share this post


Link to post
Share on other sites
18 hours ago, DemonGoddess said:

On an unrelated note, I’ve actually been working with the hosting company to fix the hotmail/outlook issues (where the emails just disappear that send to users).  Everything thus far I’ve tried that SHOULD have worked, has not.  So, they’re digging deeper and I should that have fixed soonish.

Just for the record the problem is not that hotmail/outlook does not deliver the email but that Microsofts system does a preflight test to scan for malware. In desktop outlook you can see all links get changed by the ATP Safe Link feature, for hotmail and similar online services you can in the source code of the email see security diagnostics added in the header information from the preflight scan. If you have control of the outlook server it is possible to disable the policy that makes the email server to do the preflight test, butthe likelihood that AFF users have that kind of admin power is negligible.

Anyway your password reset feature seems to monitor if somebody has visited the password reset page and not if person wanting a reset press an update button or similar and this will not work if ATP Safe Link is active no matter what Nexcess does. The AFF software would need to be modified if you want solve the issue. I work as system developer so I speak with some authority here even if I have not read your source code so it is an educated guess.

18 hours ago, DemonGoddess said:

When the old issue occurred, Nexcess was a major help at that time as well.  They tracked down the IPs of the persons who did this, and blocked them from the domain entirely.  They have tools at their disposal I don’t, so if something happens, they’re the ones I go to help stop whatever the issue is.

A good sanity check would be to check if the archive stores the password in plain text or ifthe passwords are encrypted as something called “a hash”. https://en.wikipedia.org/wiki/Cryptographic_hash_function

If you have the passwords stored with a hash function like SHA-2 or better it does not matter as much if the password information are stolen since they cannot be decrypted. If you use a weak hash-function like MD5 or SHA-1 (or even worse plain text) then the passwords are exposed since there are standard methods to reverse the hash and learn what password each account has.

Share this post


Link to post
Share on other sites

And because the Season of the Scam is upon us again, MalwareBytes has a very good article on their blog:  https://blog.malwarebytes.com/cybercrime/2019/11/sextortion-scammers-getting-creative/

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this