Jump to content

Doomworld has been compromised.

Man of Doom

By Man of Doom
in Everything Else

Recommended Posts

  • Replies 363
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Kinsie
Kinsie

Passwords are encrypted, so the odds of them being cracked are pretty damn low, and there's no payment info or whatever attached to the accounts because, well, free site, so you shouldn't freak out to

Man of Doom
Man of Doom

Change your passwords ASAP.

Dragonfly
Dragonfly

After trying to investigate further I think a good lot of fearmongering is done by the tweet in the OP, and as such causing unnecessary panic.   YES, you should enable 2 factor authenticatio

Posted Images

A Nobody   

A Nobody
Posted

I'm sorry for freaking out. I was just scared. Hopefully this problem will get fixed in no time.

 

So what did they mean by token? What exactly was used when using Google, Twitter, Steam, etc for signing in?

1

Share this post

Link to post

Duskztar   

Duskztar
Posted
Just now, Mystic 256 said:

RIP my account, I cant seem to change my password

I say don't panic. As people said they didn't get the passwords themselves but the output of the encryption function. They're very unlikely to get cracked, and plus changing your password right now doesn't matter much until a fix is put out since the hackers could just grab the data again in the meantime.

0

Share this post

Link to post

Man of Doom   

Man of Doom
Posted (edited)
1 hour ago, Altazimuth said:

 

That thread title is comically alarmist. Encrypted passwords and such have been leaked, yes, but that doesn't mean everybody is instantly pwned, and to use such inflammatory language isn't going to achieve anything except for making people panic when they don't need to.

 


I just said that Doomworld was compromised and that people should change their passwords as soon as possible, not “Doomworld is about to burst into flames and we’re all about to get doxxed”.

 

That said, I do think the original tweet posted in the OP is pretty alarmist (though it’s the only real tweet that initially talked about it).

 

 

1 hour ago, Quasar said:

I'd like to note that changing your pwd or other data right now doesn't do any good if the exploit hasn't been fixed on the server. It could just be exfiltrated again using the same method.


All the more reason to determine the site’s security going forward and possibly reworking it to make sure no future exploits are ever viable.

Edited by Man of Doom
3

Share this post

Link to post

fai1025   

fai1025
Posted

Thanks god I registered this account with my Google account

Surely the hackers can't touch my password, right?

Right?

0

Share this post

Link to post

Redneckerz   

Redneckerz
Posted

I think someone was just pissed that they didn't use the search button. I would be too if i didn't know that it actually exists.

That aside, just did my part.

 

56 minutes ago, Mr. Freeze said:

Where are the admins on this? Or even the mods? 

Either attempting to fix any issue, or attempting to fix any issue. But Ling has now put a message out.

 

40 minutes ago, Ludi said:

Why DW of all places?

Probably jelly-belly that our search actually works and that darkweb forum does not, i suppose.

 

2 minutes ago, A Nobody said:

So what did they mean by token? What exactly was used when using Google, Twitter, Steam, etc for signing in?

Every login session carries a token, a unique identifier ID. Tokens can be used for various things, and also thus maliciously.


What's odd is your name change.

4

Share this post

Link to post

SleepyVelvet   

SleepyVelvet
Posted (edited)
1 hour ago, Dragonfly said:

The site the database is posted on does not let people download the database without making an account and also spending €8 on buying "credits". It was at this point I quit out - not going to offer my hard earned cash and risk entering my card details on a shady website just to find out how not-fucked I am.

Cute default forum avatar tho.

default_avatar.png

 

Edited by NoisyVelvet
1

Share this post

Link to post

DeadMantis   

DeadMantis
Posted (edited)

I'm at least a bit confident that I should be fine, but I'll change my password anyways just to be 100% sure.

 

Or not actually, I'll be fine

Edited by DeadMantis
0

Share this post

Link to post

Solmyr   

Solmyr
Posted
7 minutes ago, Herr Dethnout said:


Welp, it's time to make a witch hunt against Linguica?

heh

So is this going to be our version of "Bush did 9/11"?

3

Share this post

Link to post

Redneckerz   

Redneckerz
Posted

Some other things:

  • The site from which that user dumped the database isn't clever: I would assume it would be hosted on the darkweb, but it is a regular site. Not very smart.
  • The software they use (Mentioned in a post further in the thread) is a public tool which, on a glance is a fake mySQL server and a glorified file scraper.

To me:

  • Nothing to actually worry about. The approach was amateurish at best and barely worth a teabag in Roblox.

 

Disclaimer:

  • Won't link the site, as these dumbo's don't deserve more cred.
5 minutes ago, ChippiHeppu said:

This is a certified bruh moment.

Barely. An actual hacker wouldn't do this.

6

Share this post

Link to post

russin   

russin
Posted

Of course, the password needs to be changed, but it's better to read the bible and sprinkle
holy water on your computer. To be 100% sure to protect your account.

1

Share this post

Link to post

Herr Dethnout   

Herr Dethnout
Posted
15 hours ago, Solmyr said:

So is this going to be our version of "Bush did 9/11"?


Yup. "Linguica did 10/14"

Spoiler

Or other admin idk hehe

 

1

Share this post

Link to post

Dark Pulse   

Dark Pulse
Posted
1 hour ago, Poxel12 said:

That's a good one, but there needs to be a more polish password, one that is both strong, and also polish.

Daj suki?

0

Share this post

Link to post

heliumlamb   

heliumlamb
Posted

all i can say is that i'm glad i wasted my boredom as a depressed antisocial dipshit kid making prank calls and griefing xbox live lobbies instead of being a script kiddie.

3

Share this post

Link to post

Rykzeon   

Rykzeon
Posted (edited)
On 10/14/2022 at 1:12 AM, Poxel12 said:

Simple, but it needs to be more ś, ć, ż, ą or maybe ź. 

Pśćrfuhpxzzveaeżzcąvśeącrrćaąepnąąbffufąvkfxśpfcweyjyśbbuśgxąźtmutąyąhpvjgćeqknngzuągvvśxaaemwwąźvąźzsśćhpzkwkcśśhśąmfwzwxtąsćpwućhukjśfcmąźśgćtcehjytkzbżhqmććygzrkjcżbgaerwfsnżqndkqynćzavćhcwaąpjppapwfpąźxvjrnhyąąśdrtvąyaćrćjćemjfhajgmkdągkmzxahjśtćbvąqćxuwćkć

How about this?
 

Edited by Rykz
3

Share this post

Link to post

PineFresh   

PineFresh
Posted
34 minutes ago, fai1025 said:

Thanks god I registered this account with my Google account

Surely the hackers can't touch my password, right?

Right?

Personally, I'm waiting for the day when an actual major hack of Google occurs, whereupon the entire internet loses its collective mind.

 

In more current matters, I think my favorite thing about all this is that in Ling's announcement he uses the phrase "pwned by a script kiddie." Haven't hung around a community who'd use that phrase in a looong time.

 

I used a unique pw for this site and I only ever put in my spambucket email anyway, so. Worst case scenario one of you PMs me saying "hey dude you made 50 nsfw posts what gives?"

2

Share this post

Link to post

Poxel12   

Poxel12
Posted
2 minutes ago, Rykz said:

Pśćrfuhpxzzveaeżzcąvśeącrrćaąepnąąbffufąvkfxśpfcweyjyśbbuśgxąźtmutąyąhpvjgćeqknngzuągvvśxaaemwwąźvąźzsśćhpzkwkcśśhśąmfwzwxtąsćpwućhukjśfcmąźśgćtcehjytkzbżhqmććygzrkjcżbgaerwfsnżqndkqynćzavćhcwaąpjppapwfpąźxvjrnhyąąśdrtvąyaćrćjćemjfhajgmkdągkmzxahjśtćbvąqćxuwćkć

How about this?

Holy Manshark from the baltic sea made out of mayo, jeans, beans and all E.T. on Amiga 2600 fighting Rhinoman with a laser gun shooting a peanut with a gun on a cob on a stick on a fan on a imp,
it's beautiful.

2

Share this post

Link to post

NachtIntellect   

NachtIntellect
Posted

Doomwrld has been pamphlet'ted by the brochures prepare for assimulation into the containment breach of scp-420-j

In all seriousness over the coming days guess we'll know what's going on, hi Doomworld forum users you are famous now

0

Share this post

Link to post

Azuris   

Azuris
Posted
22 minutes ago, Rykz said:

Doomworld (Probably) Got Hacked
What about birthdays though? Do we will receive "Happy Birthday!" from random stranger? :>

 

Thats actually something Scammers and Hackers use to fish you, they send you a Mail with personal Data to break your Suspicion.


So thats the biggest Danger in that.

3

Share this post

Link to post

smeghammer   

smeghammer
Posted
1 hour ago, Rykz said:

you need to enter your birthday to sign up doomworld

 

Yeah, but you don't need to put your real one... 

As @Linguica says, its all hashed and and is one-way encrypted anyway.

 

0

Share this post

Link to post

A Nobody   

A Nobody
Posted
32 minutes ago, Redneckerz said:

Some other things:

  • The site from which that user dumped the database isn't clever: I would assume it would be hosted on the darkweb, but it is a regular site. Not very smart.
  • The software they use (Mentioned in a post further in the thread) is a public tool which, on a glance is a fake mySQL server and a glorified file scraper.

To me:

  • Nothing to actually worry about. The approach was amateurish at best and barely worth a teabag in Roblox.

 

Disclaimer:

  • Won't link the site, as these dumbo's don't deserve more cred.

Barely. An actual hacker wouldn't do this.

Please link it. I need to know if I'm ok.

0

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...