I have passwords setup for many different accounts but I often include parts of the password so they are unique to each site but still easy to remember.

I got one of the scam emails in my spam folder a while back Eg: (I removed the password and email)
Which has an old email I don't use anymore, and it had a password, that had only ever been used on beyond.ca forums.

So, someone has access to the user information on the forum or has acquired it somehow. And passwords are being saved in plain text somewhere? I didn't care as I have not been on here in years, but figured others might want to be aware. Esp if you use the same password in more than one area.

I did a search but could not find any existing topics on this. And there is nowhere else that would have used the password they specified, as it was unique for this site.



I greet you!

I have bad news for you.
06/28/2018 - on this day I hacked your operating system and got full access to your account ******@**********.ca
On that day your account (******@**********.ca) password was: *********

It is useless to change the password, my malware intercepts it every time.

How it was:
In the software of the router to which you were connected that day, there was a vulnerability.
I first hacked this router and placed my malicious code on it.
When you entered in the Internet, my trojan was installed on the operating system of your device.

Etc...

I have passwords setup for many different accounts but I often include parts of the password so they are unique to each site but still easy to remember.

I got one of the scam emails in my spam folder a while back Eg: (I removed the password and email)
Which has an old email I don't use anymore, and it had a password, that had only ever been used on beyond.ca forums.

So, someone has access to the user information on the forum or has acquired it somehow. And passwords are being saved in plain text somewhere? I didn't care as I have not been on here in years, but figured others might want to be aware. Esp if you use the same password in more than one area.

I did a search but could not find any existing topics on this. And there is nowhere else that would have used the password they specified, as it was unique for this site.



Etc...

No doubt with the older versions of VB used here, there was the risk of a breach.

Nothing about this surprises me as this is not a banking website. I have no expectations of security or privacy here (even PMs can be read by moderators)

I have passwords setup for many different accounts but I often include parts of the password so they are unique to each site but still easy to remember.

I got one of the scam emails in my spam folder a while back Eg: (I removed the password and email)
Which has an old email I don't use anymore, and it had a password, that had only ever been used on beyond.ca forums.

So, someone has access to the user information on the forum or has acquired it somehow. And passwords are being saved in plain text somewhere? I didn't care as I have not been on here in years, but figured others might want to be aware. Esp if you use the same password in more than one area.

I did a search but could not find any existing topics on this. And there is nowhere else that would have used the password they specified, as it was unique for this site.



Etc...

Does it continue to say you need to send Bitcoin payment? lol.

back in the day, did you maybe happen to use the same password for NCIX? There was a huge data breach because of sold hardware with intact HDDs that were not wiped when they went bankrupt. Rage2 already got an email similar to this.

Throw your email into this site:
https://haveibeenpwned.com/

You'll be surprised.

No doubt with the older versions of VB used here, there was the risk of a breach.

Nothing about this surprises me as this is not a banking website. I have no expectations of security or privacy here (even PMs can be read by moderators)

I personally am not worried as I used an email that I don't often use anymore, and it was a password ONLY used for this site, nowhere else. So nothing has been compromised in that regard. But though others might want to know.


Does it continue to say you need to send Bitcoin payment? lol.

Ofc it does.


back in the day, did you maybe happen to use the same password for NCIX? There was a huge data breach because of sold hardware with intact HDDs that were not wiped when they went bankrupt. Rage2 already got an email similar to this.

Possible, but the password would/should have been unique to this site.



Throw your email into this site:
https://haveibeenpwned.com/

You'll be surprised.

Ill take a look, but probably wont be surprised. I have so many accounts across so many sites/forums that I would be surprised if i'm not in there. I just keep different passwords / levels of passwords that I would only be surprised if my actual bank or email account passwords are in there. They get their own unique password set that never gets used on any random internet site.

This is the 2nd report I've received about it this month, again using unique passwords to determine that the source was from here. As there is a link between the password and email, it points to our database being compromised at some point. With that being said, we do not store the passwords in plain text anywhere.

Prior to our upgrade on June 10th 2017, we ran vB2 where passwords are stored as simple MD5 hash. Assuming that our database was compromised, a dictionary attack could have compromised the password along with the email information. Unfortunately, there isn't enough information that we still have today to determine if or when our database was compromised, but it certainly is a possibility based on the evidence that I've seen this month. googe around 5 years ago had found flaws in some of our new code where he was able to steal my session cookie and MD5 password via SQL injection and logged in as me in vB2. We closed that hole immediately, but there's definitely a window there where tables could have been dumped.

Post our upgrade to vB4, we've added significantly to securing the site. vB4 itself stores salted passwords making dictionary attacks more difficult. https is now enforced so that both unencrypted passwords at login and saved password feature doesn't expose the salted and password hash in transit. We also leverage a service that detects and blocks SQL injection and other forms of attacks against the forums.

Charon, just checking if your password was simple enough that a dictionary attack could have decrypted it? Also, was this password older than June 10th 2017?

If anyone else has unique passwords lifted from this site, don't hesitate to contact me directly. The more evidence I can gather, the more I can pinpoint when the data was exposed.

I’d bet that a lot of members got this message in their spam folder and didn’t know it. Google was automatically junking them. A lot of sites were hit.

rage2 Yes, it was pretty simple(since been updated). Was combined words that I set to be unique for this site. So a dictionary attack was very possible. I often have pretty basic passwords on non critical websites/forums that won't really bother me if they are compromised. And often allows me to identify where it was used.

(even PMs can be read by moderators)

I'd be shocked if that was the case (seeing as I certainly can't!), if anyone could read PMs it'd be just the admins.

I'd be shocked if that was the case (seeing as I certainly can't!), if anyone could read PMs it'd be just the admins.

It depends on how its setup. I've been on other VB groups where the mods admitted to reading PMs.

As I stated - it CAN be done - but its up to the admins to allow this or not. I just assume non-privacy.

There is no feature in vB that allows reading other people’s PMs. It’s stored unencrypted on the database so technically it’s possible for me to write some code to allow it but I have better things to do with my time than to read other people’s PMs.

The answer is no, no mods or admins read other people’s PMs.

Edit - just remembered there was a small window after we enabled ddos protection where we were toying with caching settings and inadvertently enabled caching for PMs for about an hour. At that time, anyone could read PMs that were recently read. That was my bad. Probably about 6 or 7 years ago.

"There is no feature in vB that allows reading other people’s PMs"

That is sort of incorrect. While not directly FROM VB - there are hacks available to VB 3.x that allows for reading of PMs for super admins.

https://www.vbulletin.org/forum/showthread.php?t=209344

Not saying Beyond had it (obviously, since you guys 'skipped' VB 3.x) , but there have been other VB forum groups I've been a part of, that were caught. It is definitely possible.

This is what I found from a 5 second Google search. Those more inclined and capable could certainly grant more rights to mere mods.

Again, the important word is 'CAN' ... as in CAN be read (but not necessarily setup to do so) . I know /b has a good reputation but not all VB forums do.

wasn't there someone that got banned for trying to solicit business as a non sponsor on here years ago, and the admins even said they checked the other's PMs? or was that a scare tactic...? lol

"There is no feature in vB that allows reading other people’s PMs"

That is sort of incorrect. While not directly FROM VB - there are hacks available to VB 3.x that allows for reading of PMs for super admins.

https://www.vbulletin.org/forum/showthread.php?t=209344

Not saying Beyond had it (obviously, since you guys 'skipped' VB 3.x) , but there have been other VB forum groups I've been a part of, that were caught. It is definitely possible.

This is what I found from a 5 second Google search. Those more inclined and capable could certainly grant more rights to mere mods.

Again, the important word is 'CAN' ... as in CAN be read (but not necessarily setup to do so) . I know /b has a good reputation but not all VB forums do.
Like I said, it’s certainly possible from a technical perspective. Not surprised people writing hacks to do it. Probably a whopping 3 or 4 lines of code.


wasn't there someone that got banned for trying to solicit business as a non sponsor on here years ago, and the admins even said they checked the other's PMs? or was that a scare tactic...? lol
Yes, but that was from users forwarding PMs to mods as complaints. Certainly the rumor mill was in full swing at that time haha.

Scary stuff. I would suggest searching reddit as this has come up a number of times

I also received a similar email, except for an unrelated email account (nothing to do with beyond.ca). The body of the email was almost exact to yours and the hacker was demanding bitcoin.
Only clue for me was that the password was decades old and I had changed it numerous times.

In any event, it appears that some hackers bought a database of corrupted email addresses and are blasting the same message to millions trying to extort $$$ like Nigerian scams. I don't think they have any intention of further hacking or doxxing. Quite simply, this scam prays on the "what ifs" more than reality. I would ignore and move on.

Back to reddit, someone posted the bitcoin addresses and they were making major bank... like $30000usd in 2 days and counting....

...

Looks like my info got stolen at some point.... not sure which one, it was a password I haven't used in a very long time. Maybe NCIX?

Got this exact one as well. Same BTC address and all. Some poor fucking actually paid if you look it up lol.

I bet a lot of people get those messages who don't even have a webcam haha. Has anyone ever been burned by these 'threats' before (I.e. compromising things sent to contacts list)? I've never heard of one personally.

I bet a lot of people get those messages who don't even have a webcam haha. Has anyone ever been burned by these 'threats' before (I.e. compromising things sent to contacts list)? I've never heard of one personally.

I dont think so.

The biggest one that i heard was most effective was the Ashley Maddison hack. Just the fact that the person was on there could spell trouble for a marriage. And if the hacker had your email...well.

I bet a lot of people get those messages who don't even have a webcam haha. Has anyone ever been burned by these 'threats' before (I.e. compromising things sent to contacts list)? I've never heard of one personally.

Happened to a friend of my fathers on instagram lol. Buddy made an account with his name, added all his contacts and posted a video of him watching a pr0n video

Happened to a friend of my fathers on instagram lol. Buddy made an account with his name, added all his contacts and posted a video of him watching a pr0n video

Seriously? Lol

Nobody getting this particular campaign is at risk of that.

But yes, that does happen also.

...

Wow, rough

Was it out of spite, or part of an extortion?


Part of an extortion lol

Happened to a friend of my fathers on instagram lol. Buddy made an account with his name, added all his contacts and posted a video of him watching a pr0n video

Did not expect anyone to have an example haha wow. I've got to believe that is pretty rare though. Also a good reminder for people to cover their webcam if they have one...

...

Interesting, looks like my personal email is safe but my work one has been breached 3 times

Looks like my info got stolen at some point.... not sure which one, it was a password I haven't used in a very long time. Maybe NCIX?

Rage2 got this pretty much right after the NCIX incident too if I recall.

Bump. Just got an email almost identical to OP's. P/W is one I only use for Beyond, and isn't the same as the email address the "hacker" claims it is.




if your password was simple enough that a dictionary attack could have decrypted it? Also, was this password older than June 10th 2017?

If anyone else has unique passwords lifted from this site, don't hesitate to contact me directly. The more evidence I can gather, the more I can pinpoint when the data was exposed.

Yes, it's a simple password in my case, and the last time I changed it was either on, or prior to 13-June-17 (that's the last date it was changed on the computer I'm currently on, but I probably changed it a few days prior on my phone and/or tablet)

I have been getting follow ups to this in my spam using the same old password/email. Someone has saved the user info somewhere to reuse.