Heads up! PLEASE READ

[Denny Crane]

It turns out that BBF was hacked by a hacker who may well have access to your login/password information there. This is why they made everyone change their passwords.

If you are using the same one here, change your password ASAP.

If you are using the same login/password on some other site (like PayPal!), you are at serious risk, go change those passwords, too.

This same hacker seems to be trying to hack our site, and has hacked at least one account so far. I think we're secure at this point, aside from him possibly knowing login/password info from BBF that is the same here.

 

[AgentDrazenPetrovic]

luckily my BBF password was a stupid one that I use no where else. I changed it already, it was "12345678" haha. have fun with that "hacker"

 

[JE]

nevermind

 

[AgentDrazenPetrovic]

did they really not inform their userbase of this potential problem? if this is correct, and they just had everyone reset their password, this is GROSS NEGLIGENCE on their part. Absolutely disgusting.

 

[maxiep]

If, let's say for example, we're not allowed to post at BBF.com, do they still have our password info?

BTW, thanks for the head's up guys. I for one appreciate it.

 

[Petey]

If, let's say for example, we're not allowed to post at BBF.com, do they still have our password info?

BTW, thanks for the head's up guys. I for one appreciate it.

Yes.

You should never use the same password for any sites (forums, credit cards, sites that pay bills, etc etc). Forums are the least of everyone's worries, but you are just putting yourself at risk.

-Petey

 

[Denny Crane]

To be technical about it...

I don't know the full extent of how BBF was hacked. Your passwords are stored in the system encrypted; there's no way I can actually look at the DB and see your passwords. There may be hacks to the vB3 software that DO allow passwords to be stored so admins can see them; I don't know if BBF uses such a thing, and I know we don't. However, if a hacker gets the encrypted password, it is possible to turn it back into your real password, given enough time and fast enough computers.

I'm giving you the head's up so you can control your own destinies. I'd never hide any information like this and put anyone at risk, nor share your email addresses or other personal info with anyone who shouldn't have it.

 

[maxiep]

Yes.

You should never use the same password for any sites (forums, credit cards, sites that pay bills, etc etc). Forums are the least of everyone's worries, but you are just putting yourself at risk.

-Petey

Thanks.

I have simple passwords for any forums I visit and my financial info are single-use, randomly generated passwords that I memorize.

 

[Денг Гордон]

I'd have to guess the hacker got their information from here. My password was different on bff than here.

 

[Denny Crane]

I'd have to guess the hacker got their information from here. My password was different on bff than here.

I'm guessing that he figured out I<3BG is a pretty obvious password.

(He guessed it here)

 

[maxiep]

Okay, for future reference, any stupid post made under my moniker is the result of a hacker trying to make me look bad.

 

[Minstrel]

Okay, for future reference, any stupid post made under my moniker is the result of a hacker trying to make me look bad.

Nice try, since you say the same things here!

Just kidding. You and barfo aren't the only ones allowed to be snarky, we're not on SportsTwo...oh, wait.

 

[DennisRodman]

I'm guessing that he figured out I<3BG is a pretty obvious password.

(He guessed it here)

I would never guess that password to be honest lol. It would take me a thousand guesses before I'd type that in. I'd probably try birthdates, BenGordon, Avril, BG5Avril, AvrilBG5, and give up after 10-20 guesses (that is if I was really determined) lol.

Could it have been spyware or something? I mean how do people steal people's credit card numbers?

oh and is that why BG's name is in a different character set, because of the hacker?

 

[number 10]

thanks for the update. I'd imagine it's mostly people who donated that'd be at serious risk, but even just losing a forum account or something along those lines would suck.

 

[Denny Crane]

I would never guess that password to be honest lol. It would take me a thousand guesses before I'd type that in. I'd probably try birthdates, BenGordon, Avril, BG5Avril, AvrilBG5, and give up after 10-20 guesses (that is if I was really determined) lol.

Could it have been spyware or something? I mean how do people steal people's credit card numbers?

oh and is that why BG's name is in a different character set, because of the hacker?

BG7 changed his own name. It means Deng Gordon in Russian, so I'm told.

 

[CelticKing]

^ Yeah it is Deng Gordon in cyrillic writing. lol

 

[DennisRodman]

Maybe DengGordon has malware on his computer?

 

[julius]

It turns out that BBF was hacked by a hacker who may well have access to your login/password information there. This is why they made everyone change their passwords.

If you are using the same one here, change your password ASAP.

If you are using the same login/password on some other site (like PayPal!), you are at serious risk, go change those passwords, too.

This same hacker seems to be trying to hack our site, and has hacked at least one account so far. I think we're secure at this point, aside from him possibly knowing login/password info from BBF that is the same here.

Not that it applies to me, but I'm a little confused by that statement. Do you mean if you used the same log in name (like, Phillip for example) on the site that was hacked, and the same log in for paypal, they could hack your paypal?

Don't you have to use an email address to log into paypal? I know I do (I changed my password anyways).

So if someone who did have an account on bbf, now has one on here (but changed their name)..wouldn't they be safe?

 

[Denny Crane]

Not that it applies to me, but I'm a little confused by that statement. Do you mean if you used the same log in name (like, Phillip for example) on the site that was hacked, and the same log in for paypal, they could hack your paypal?

Don't you have to use an email address to log into paypal? I know I do (I changed my password anyways).

So if someone who did have an account on bbf, now has one on here (but changed their name)..wouldn't they be safe?

To answer your several questions.

If you use the same username and password on BBF and here, and/or on BBF and PayPal, and/or on BBF and Yahoo Bill Pay (choose any other similar sites), then the hacker could (in theory) have your login/password on them all.

I used paypal as an example. Yes, you use an email address, but nothing stops you from using an email address for vb3's username, too.

If the hacker sees you post at BBF as "john" and here as "peter" and can tell by your style, the same password makes it easy for him to login here as peter and there as john.

BBF is making people change their passwords, or else. It accomplishes a good thing, though it can be confusing (I'm banned! I can't use rep!, etc.)

Here, I'm outright telling you exactly what I know, and how you can handle it. BBF isn't telling you to go change your PayPal (or whatever other sites) passwords.

 

[ehizzy3]

whew thanks for letting me know..i have the same password here, and the same password for my email..so he could've gone into my account and then got in my email...i changed both passwords for here and my email...bbf never asked me to change my password.....

edit: nvm i just logged in and it asked me to change mine

 

[Dumpy]

thanks for being so responsive and not covering this up, denny.

 

[PapaG]

BBF has turned into a clown show, with Cinco de Mayo being the head Bozo, and not informing their boards of this hacking is negligence on their part.

At this point, I wonder why anyone would still be posting there. Slower page reload speeds, infantile mods, and minimal security.

Thanks for the heads-up, Denny Crane. I just changed my password here and on the other site where I use the "PapaG" moniker.

 

[maxiep]

BBF has turned into a clown show, with Cinco de Mayo being the head Bozo, and not informing their boards of this hacking is negligence on their part.

At this point, I wonder why anyone would still be posting there. Slower page reload speeds, infantile mods, and minimal security.

Thanks for the heads-up, Denny Crane. I just changed my password here and on the other site where I use the "PapaG" moniker.

Has anyone posted a thread over at BBF.com on this issue?

 

[bluefrog]

I just posted a thread on this topic at BBF. A poster put up this link to the hacker's actual thread: http://www.basketballforum.com/comm...ions/412095-i-seriously-think-site-needs.html

He has some beef with truebluefan or something because he called him out directly. Maybe he was looking for some cash for revealing the hole in the security...

 

[PapaG]

I just posted a thread on this topic at BBF. A poster put up this link to the hacker's actual thread: http://www.basketballforum.com/comm...ions/412095-i-seriously-think-site-needs.html

He has some beef with truebluefan or something because he called him out directly. Maybe he was looking for some cash for revealing the hole in the security...

Right on cue, Cinco de Bozo validates my criticism of him in that thread.

 

[PapaG]

09-25-2008, 07:18 PM #22 (permalink)
Cinco de Mayo
3 + 2 = 5


Join Date: Aug 2002
Age: 25
Posts: 22,217
Credits: 1,617,331.10
Rep Power: 21474865 Re: I seriously think this site needs to..

--------------------------------------------------------------------------------

Quote:
Originally Posted by 1 Penny
Then maybe you should have your moderator status revoked .
Because, to stress this again, my initial post put emphasis on the security of this site.

Is that not something your Moderator status is to uphold?

Man, there are lot of people are questioning my status on the site lately! Must just be a coincidence.

If I thought the site's security was ACTUALLY in jeopardy, I'd be a little more concerned.

Too funny.

 

[Денг Гордон]

I'm interested in who this hacker is. The ghost of kidcrawford? Seems to be a Bulls fan, and a bbb.net old timer.

 

[Denny Crane]

To be fair, their staff isn't very technical and they obviously didn't recognize the threat the hacker posed. Their system admins don't post on the site or do much other than keep it running, and they obviously didn't see it. The mods didn't put 2+2 together and get the system admins involved.

I do think they botched handling the public relations side of it.

When you see the guy has hacked multiple accounts, and some have creation dates (join date) from 2003, it means he has access directly to the database (scary!!!!) or admincp (just as scary!!!).

 

[DennisRodman]

Denny so did you actually get the FBI involved? or was that a joke?

It shouldn't be too hard to find out who did it with the right information. Actually Denny wouldn't you have the ip address of the guy who logged in as DengGordon? and then find out if any other regular user shares the same ip address?

 

[Denny Crane]

Denny so did you actually get the FBI involved? or was that a joke?

It shouldn't be too hard to find out who did it with the right information. Actually Denny wouldn't you have the ip address of the guy who logged in as DengGordon? and then find out if any other regular user shares the same ip address?

http://ic3.gov

And yes, I passed on ALL the info I could about the hacker, including quite a bit I was able to find through my own investigation.