Quantcast
Beyond.ca user account security compromised? - Beyond.ca - Car Forums
Results 1 to 16 of 16

Thread: Beyond.ca user account security compromised?

  1. #1
    Join Date
    Aug 2004
    Location
    Calgary and Kelowna
    My Ride
    Subaru(s)
    Posts
    69
    Rep Power
    0

    Default Beyond.ca user account security compromised?

    I have passwords setup for many different accounts but I often include parts of the password so they are unique to each site but still easy to remember.

    I got one of the scam emails in my spam folder a while back Eg: (I removed the password and email)
    Which has an old email I don't use anymore, and it had a password, that had only ever been used on beyond.ca forums.

    So, someone has access to the user information on the forum or has acquired it somehow. And passwords are being saved in plain text somewhere? I didn't care as I have not been on here in years, but figured others might want to be aware. Esp if you use the same password in more than one area.

    I did a search but could not find any existing topics on this. And there is nowhere else that would have used the password they specified, as it was unique for this site.

    I greet you!

    I have bad news for you.
    06/28/2018 - on this day I hacked your operating system and got full access to your account ******@**********.ca
    On that day your account (******@**********.ca) password was: *********

    It is useless to change the password, my malware intercepts it every time.

    How it was:
    In the software of the router to which you were connected that day, there was a vulnerability.
    I first hacked this router and placed my malicious code on it.
    When you entered in the Internet, my trojan was installed on the operating system of your device.
    Etc...
    I'll try being nicer if you try being smarter.

  2. #2
    Join Date
    Apr 2008
    Location
    calgary
    My Ride
    2g Eclipse / EP3
    Posts
    3,653
    Rep Power
    14

    Default

    Quote Originally Posted by Charon View Post
    This quote is hidden because you are ignoring this member. Show Quote
    I have passwords setup for many different accounts but I often include parts of the password so they are unique to each site but still easy to remember.

    I got one of the scam emails in my spam folder a while back Eg: (I removed the password and email)
    Which has an old email I don't use anymore, and it had a password, that had only ever been used on beyond.ca forums.

    So, someone has access to the user information on the forum or has acquired it somehow. And passwords are being saved in plain text somewhere? I didn't care as I have not been on here in years, but figured others might want to be aware. Esp if you use the same password in more than one area.

    I did a search but could not find any existing topics on this. And there is nowhere else that would have used the password they specified, as it was unique for this site.



    Etc...
    No doubt with the older versions of VB used here, there was the risk of a breach.

    Nothing about this surprises me as this is not a banking website. I have no expectations of security or privacy here (even PMs can be read by moderators)

  3. #3
    Join Date
    Aug 2011
    Location
    Calgary, AB
    Posts
    1,436
    Rep Power
    9

    Default

    Quote Originally Posted by Charon View Post
    This quote is hidden because you are ignoring this member. Show Quote
    I have passwords setup for many different accounts but I often include parts of the password so they are unique to each site but still easy to remember.

    I got one of the scam emails in my spam folder a while back Eg: (I removed the password and email)
    Which has an old email I don't use anymore, and it had a password, that had only ever been used on beyond.ca forums.

    So, someone has access to the user information on the forum or has acquired it somehow. And passwords are being saved in plain text somewhere? I didn't care as I have not been on here in years, but figured others might want to be aware. Esp if you use the same password in more than one area.

    I did a search but could not find any existing topics on this. And there is nowhere else that would have used the password they specified, as it was unique for this site.



    Etc...
    Does it continue to say you need to send Bitcoin payment? lol.

  4. #4
    Join Date
    Oct 2006
    Location
    Parked in Baygirl's garage.
    My Ride
    2016 F-150 3.5L Ecoboost SCrew FX4
    Posts
    3,971
    Rep Power
    16

    Default

    back in the day, did you maybe happen to use the same password for NCIX? There was a huge data breach because of sold hardware with intact HDDs that were not wiped when they went bankrupt. Rage2 already got an email similar to this.
    Spikers RC on YOUTUBE!

    Originally posted by Mibz
    Always a fucking awful experience seeing spikers. Extra awful when he laps me.

  5. #5
    Join Date
    Aug 2011
    Location
    Calgary, AB
    Posts
    1,436
    Rep Power
    9

    Default

    Throw your email into this site:
    https://haveibeenpwned.com/

    You'll be surprised.

  6. #6
    Join Date
    Aug 2004
    Location
    Calgary and Kelowna
    My Ride
    Subaru(s)
    Posts
    69
    Rep Power
    0

    Default

    Quote Originally Posted by revelations View Post
    This quote is hidden because you are ignoring this member. Show Quote
    No doubt with the older versions of VB used here, there was the risk of a breach.

    Nothing about this surprises me as this is not a banking website. I have no expectations of security or privacy here (even PMs can be read by moderators)
    I personally am not worried as I used an email that I don't often use anymore, and it was a password ONLY used for this site, nowhere else. So nothing has been compromised in that regard. But though others might want to know.

    Quote Originally Posted by firebane View Post
    This quote is hidden because you are ignoring this member. Show Quote
    Does it continue to say you need to send Bitcoin payment? lol.
    Ofc it does.

    Quote Originally Posted by spikerS View Post
    This quote is hidden because you are ignoring this member. Show Quote
    back in the day, did you maybe happen to use the same password for NCIX? There was a huge data breach because of sold hardware with intact HDDs that were not wiped when they went bankrupt. Rage2 already got an email similar to this.
    Possible, but the password would/should have been unique to this site.


    Quote Originally Posted by firebane View Post
    This quote is hidden because you are ignoring this member. Show Quote
    Throw your email into this site:
    https://haveibeenpwned.com/

    You'll be surprised.
    Ill take a look, but probably wont be surprised. I have so many accounts across so many sites/forums that I would be surprised if i'm not in there. I just keep different passwords / levels of passwords that I would only be surprised if my actual bank or email account passwords are in there. They get their own unique password set that never gets used on any random internet site.
    I'll try being nicer if you try being smarter.

  7. #7
    Join Date
    Jan 1970
    Location
    YYC
    My Ride
    Ricer SUV, Lexus Coupe in Mid Life Crisis Orange
    Posts
    20,340
    Rep Power
    5

    Default

    This is the 2nd report I've received about it this month, again using unique passwords to determine that the source was from here. As there is a link between the password and email, it points to our database being compromised at some point. With that being said, we do not store the passwords in plain text anywhere.

    Prior to our upgrade on June 10th 2017, we ran vB2 where passwords are stored as simple MD5 hash. Assuming that our database was compromised, a dictionary attack could have compromised the password along with the email information. Unfortunately, there isn't enough information that we still have today to determine if or when our database was compromised, but it certainly is a possibility based on the evidence that I've seen this month. @googe around 5 years ago had found flaws in some of our new code where he was able to steal my session cookie and MD5 password via SQL injection and logged in as me in vB2. We closed that hole immediately, but there's definitely a window there where tables could have been dumped.

    Post our upgrade to vB4, we've added significantly to securing the site. vB4 itself stores salted passwords making dictionary attacks more difficult. https is now enforced so that both unencrypted passwords at login and saved password feature doesn't expose the salted and password hash in transit. We also leverage a service that detects and blocks SQL injection and other forms of attacks against the forums.

    @Charon , just checking if your password was simple enough that a dictionary attack could have decrypted it? Also, was this password older than June 10th 2017?

    If anyone else has unique passwords lifted from this site, don't hesitate to contact me directly. The more evidence I can gather, the more I can pinpoint when the data was exposed.
    Originally posted by SEANBANERJEE
    I have gone above and beyond what I should rightfully have to do to protect my good name

  8. #8
    Join Date
    Jun 2003
    Location
    Seattle, WA
    Posts
    2,014
    Rep Power
    18

    Default

    I’d bet that a lot of members got this message in their spam folder and didn’t know it. Google was automatically junking them. A lot of sites were hit.

  9. #9
    Join Date
    Aug 2004
    Location
    Calgary and Kelowna
    My Ride
    Subaru(s)
    Posts
    69
    Rep Power
    0

    Default

    @rage2 Yes, it was pretty simple(since been updated). Was combined words that I set to be unique for this site. So a dictionary attack was very possible. I often have pretty basic passwords on non critical websites/forums that won't really bother me if they are compromised. And often allows me to identify where it was used.
    I'll try being nicer if you try being smarter.

  10. #10
    Join Date
    Sep 2004
    Location
    Elbonia
    My Ride
    Jeep of Theseus
    Posts
    6,245
    Rep Power
    21

    Default

    Quote Originally Posted by revelations View Post
    This quote is hidden because you are ignoring this member. Show Quote
    (even PMs can be read by moderators)
    I'd be shocked if that was the case (seeing as I certainly can't!), if anyone could read PMs it'd be just the admins.
    [__][( )][][][( )][__]
    [ OSPhoto ]

  11. #11
    Join Date
    Apr 2008
    Location
    calgary
    My Ride
    2g Eclipse / EP3
    Posts
    3,653
    Rep Power
    14

    Default

    Quote Originally Posted by BerserkerCatSplat View Post
    This quote is hidden because you are ignoring this member. Show Quote
    I'd be shocked if that was the case (seeing as I certainly can't!), if anyone could read PMs it'd be just the admins.
    It depends on how its setup. I've been on other VB groups where the mods admitted to reading PMs.

    As I stated - it CAN be done - but its up to the admins to allow this or not. I just assume non-privacy.

  12. #12
    Join Date
    Jan 1970
    Location
    YYC
    My Ride
    Ricer SUV, Lexus Coupe in Mid Life Crisis Orange
    Posts
    20,340
    Rep Power
    5

    Default

    There is no feature in vB that allows reading other people’s PMs. It’s stored unencrypted on the database so technically it’s possible for me to write some code to allow it but I have better things to do with my time than to read other people’s PMs.

    The answer is no, no mods or admins read other people’s PMs.

    Edit - just remembered there was a small window after we enabled ddos protection where we were toying with caching settings and inadvertently enabled caching for PMs for about an hour. At that time, anyone could read PMs that were recently read. That was my bad. Probably about 6 or 7 years ago.
    Originally posted by SEANBANERJEE
    I have gone above and beyond what I should rightfully have to do to protect my good name

  13. #13
    Join Date
    Apr 2008
    Location
    calgary
    My Ride
    2g Eclipse / EP3
    Posts
    3,653
    Rep Power
    14

    Default

    "There is no feature in vB that allows reading other people’s PMs"

    That is sort of incorrect. While not directly FROM VB - there are hacks available to VB 3.x that allows for reading of PMs for super admins.

    https://www.vbulletin.org/forum/showthread.php?t=209344

    Not saying Beyond had it (obviously, since you guys 'skipped' VB 3.x) , but there have been other VB forum groups I've been a part of, that were caught. It is definitely possible.

    This is what I found from a 5 second Google search. Those more inclined and capable could certainly grant more rights to mere mods.

    Again, the important word is 'CAN' ... as in CAN be read (but not necessarily setup to do so) . I know /b has a good reputation but not all VB forums do.
    Last edited by revelations; 11-05-2018 at 11:20 PM.

  14. #14
    Join Date
    Oct 2006
    Location
    Parked in Baygirl's garage.
    My Ride
    2016 F-150 3.5L Ecoboost SCrew FX4
    Posts
    3,971
    Rep Power
    16

    Default

    wasn't there someone that got banned for trying to solicit business as a non sponsor on here years ago, and the admins even said they checked the other's PMs? or was that a scare tactic...? lol
    Spikers RC on YOUTUBE!

    Originally posted by Mibz
    Always a fucking awful experience seeing spikers. Extra awful when he laps me.

  15. #15
    Join Date
    Jan 1970
    Location
    YYC
    My Ride
    Ricer SUV, Lexus Coupe in Mid Life Crisis Orange
    Posts
    20,340
    Rep Power
    5

    Default

    Quote Originally Posted by revelations View Post
    This quote is hidden because you are ignoring this member. Show Quote
    "There is no feature in vB that allows reading other people’s PMs"

    That is sort of incorrect. While not directly FROM VB - there are hacks available to VB 3.x that allows for reading of PMs for super admins.

    https://www.vbulletin.org/forum/showthread.php?t=209344

    Not saying Beyond had it (obviously, since you guys 'skipped' VB 3.x) , but there have been other VB forum groups I've been a part of, that were caught. It is definitely possible.

    This is what I found from a 5 second Google search. Those more inclined and capable could certainly grant more rights to mere mods.

    Again, the important word is 'CAN' ... as in CAN be read (but not necessarily setup to do so) . I know /b has a good reputation but not all VB forums do.
    Like I said, it’s certainly possible from a technical perspective. Not surprised people writing hacks to do it. Probably a whopping 3 or 4 lines of code.

    Quote Originally Posted by spikerS View Post
    This quote is hidden because you are ignoring this member. Show Quote
    wasn't there someone that got banned for trying to solicit business as a non sponsor on here years ago, and the admins even said they checked the other's PMs? or was that a scare tactic...? lol
    Yes, but that was from users forwarding PMs to mods as complaints. Certainly the rumor mill was in full swing at that time haha.
    Originally posted by SEANBANERJEE
    I have gone above and beyond what I should rightfully have to do to protect my good name

  16. #16
    Join Date
    Jul 2004
    Location
    Calgary
    My Ride
    **SEQUOIA**
    Posts
    577
    Rep Power
    15

    Default

    Scary stuff. I would suggest searching reddit as this has come up a number of times

    I also received a similar email, except for an unrelated email account (nothing to do with beyond.ca). The body of the email was almost exact to yours and the hacker was demanding bitcoin.
    Only clue for me was that the password was decades old and I had changed it numerous times.

    In any event, it appears that some hackers bought a database of corrupted email addresses and are blasting the same message to millions trying to extort $$$ like Nigerian scams. I don't think they have any intention of further hacking or doxxing. Quite simply, this scam prays on the "what ifs" more than reality. I would ignore and move on.

    Back to reddit, someone posted the bitcoin addresses and they were making major bank... like $30000usd in 2 days and counting....
    Last edited by canadian_hustla; 11-08-2018 at 08:41 PM.

Similar Threads

  1. user post search returning results for wrong user

    By dirtsniffer in forum Suggestion/Comment Box/Forum Related Stuff
    Replies: 7
    Latest Threads: 11-10-2016, 11:12 AM
  2. Rogers account hacked/compromised?

    By masoncgy in forum Computers, Consoles, and other Electronics
    Replies: 7
    Latest Threads: 01-20-2012, 04:10 PM
  3. Beyond CSI: Credit Card compromised..looking for suggestions :)

    By eblend in forum Society / Law / Current Events / Politics
    Replies: 21
    Latest Threads: 10-21-2010, 05:00 AM
  4. PC Mastercard Compromised

    By CaptainReboot in forum Real Estate / Finance
    Replies: 8
    Latest Threads: 04-11-2007, 09:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •