Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Mar 2016
    Posts
    3

    VRtalk was hacked - Your email and password might be at risk

    I registered on this site a year ago. Just today I got two strange logins on my email - from India and Thailand. I typed my email in google search to see if anything came up, and sure enough there is a webpage titled "http://vrtalk.com/forum" that lists hundreds of account emails and passwords.

    If you use the same password you use on vrtalk anywhere else you should change it immediately.
    Last edited by Patrick; 08-07-2017 at 03:01 AM.

  2. #2
    Super Moderator Cheesekeeper's Avatar
    Join Date
    Apr 2016
    Posts
    124
    Hi Patrick, thanks for bringing this to our attention - I'll ask the site admins to look into it immediately. After a bit of research it seems like this was a common security hole in all VBulletin sites until updates were released to patch it recently. Apparently no passwords are exposed, although it does include the email address linked to account names which is a concern. It's quite possible that this site has been updated since this dump was originally obtained, so it may no longer be vulnerable. I'll let you know as soon as I can find out more. Please note that cross-posting is not allowed so I have remove the duplicates of your post from the other sub-groups - please refer to this version of the post for any updates. Thanks......
    Comments posted as Plain colored text are my own and not necessarily endorsed by VRTalk , Comments posted in Blue are Official moderator comments.

  3. #3
    Junior Member
    Join Date
    Mar 2016
    Posts
    3
    Have you seen the page I am referring to? There is code next to the emails which I thought were the passwords encoded. My password was certainly taken, they logged into my email. I can't think of how else they would have gotten the password except through this website.

  4. #4
    Super Moderator Cheesekeeper's Avatar
    Join Date
    Apr 2016
    Posts
    124
    Yep, I was able to find the one you were referring to (my account and email was on it too), and I can't tell with any certainty whether the hashes were encoded passwords or not, but they could be. Based on what I'd found about the VBulletin vulnerability it didn't say anything about passwords being compromised - only user name and email, but I wouldn't rule anything out until we know more. I have forwarded the details to the site admins (including the link to the site with the username dump) and hopefully they can tell us more. Obviously for anyone trying to hack accounts, knowing the username goes a long way even if they don't have the password. I'd like to make sure the appropriate patches have been installed before we recommend anything like changing passwords - no point changing them if they can be extracted again. Haven't heard much from the admins recently, so not sure how long it will be before we hear back from them, but I'll update you as soon as I can. Thanks again for pointing this out........
    Comments posted as Plain colored text are my own and not necessarily endorsed by VRTalk , Comments posted in Blue are Official moderator comments.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •