Social Engineered - 89,392 breached accounts

RSS Feed

Participant
Joined
Dec 23, 2018
Messages
94
RSS Feed submitted a new Article:

Social Engineered - 89,392 breached accounts

In June 2019, the "Art of Human Hacking" site Social Engineered suffered a data breach. The breach of the XenForo forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes.

Continue reading...

Read more about this article here...
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,786
This caught my attention because I believe the source article maybe a little misleading.

This is from the breached site...

Mybb had a vulnerability yet again and the site got breached along other websites using Mybb . We moved over to xenforo i suggest changing your passwords immideately.
https://socialengineered.net/index.php?threads/data-breach-and-change-of-platform.103346/

Unless I've misread the situation, the remedy for the breach was to upgrade the forum to XenForo.
 

R0binHood

Habitué
Joined
Nov 23, 2011
Messages
1,572
Good link and interesting analysis. It does seem from the social engineered link you posted it was purely MyBB related and not XF. That's an unusual mistake for Troy to make. I would reach out and ask him to clarify, verify and rectify his haveibeenpwned.com entry for the hack if necessary.
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
758
XenForo really should consider using something more secure than md5 like bcrypt or Argon 2.
md5 hashes can be cracked really quickly with just about any modern GPU.
 

Chris D

XenForo Developer
Joined
Aug 23, 2012
Messages
824
XenForo really should consider using something more secure than md5 like bcrypt or Argon 2.
md5 hashes can be cracked really quickly with just about any modern GPU.
Just to be clear, XenForo has never used MD5 for password hash generation.



Good link and interesting analysis. It does seem from the social engineered link you posted it was purely MyBB related and not XF. That's an unusual mistake for Troy to make. I would reach out and ask him to clarify, verify and rectify his haveibeenpwned.com entry for the hack if necessary.
Troy has updated the record now.
 
Last edited:
Top