Jump to content

Doomworld has been compromised.

Man of Doom

By Man of Doom
in Everything Else

Recommended Posts

Murdoch   

Murdoch
Posted
1 hour ago, stphrz said:

Oh hey! I remember you. Kinda.

 

Oh hey! I remember you. Sorta.

 

Nothing like security violation to bring people back.

4

Share this post

Link to post
  • Replies 363
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Kinsie
Kinsie

Passwords are encrypted, so the odds of them being cracked are pretty damn low, and there's no payment info or whatever attached to the accounts because, well, free site, so you shouldn't freak out to

Man of Doom
Man of Doom

Change your passwords ASAP.

Dragonfly
Dragonfly

After trying to investigate further I think a good lot of fearmongering is done by the tweet in the OP, and as such causing unnecessary panic.   YES, you should enable 2 factor authenticatio

Posted Images

Jello   

Jello
Posted (edited)
2 hours ago, Edward850 said:

You do understand that's spam, right? That's not being compromised, that's just spam.

Yeah, this happens. Not just here, but all over, it's nothing to really get anyones underdrawers knotted up. It just seems odd when it hits Doomworld because we're in, to quote Douglas Adams "Far out in the uncharted backwaters of the unfashionable end of the western spiral arm of the Galaxy" when it comes to forums. "Who would want to steal our identities, and why?"

 

And if anyone is concerned about Doomworld being compromised, imagine how many other companies have their data compromised on a regular basis. Facebook has had massive data breaches, effecting far more people than Doomworld could ever imagine. If you've had any presence on the internet for as long as it takes you to create an email address, somebody can potentially steal it. I try to protect my data as much as possible, but as soon as you create an account anywhere, there's a potential that somebody could get that information. But that doesn't mean your information is worth stealing. 

 

If someone stole my bank account information and accessed it I wouldn't be surprised if they thought "Oh shit... maybe I should send this guy five bucks... he could use it. Damn."

 

Edit: I just noticed I quoted Edward850 twice; so I deleted one of the quotes. I was trying to figure out how I could state that this is a non-issue, and I rewrote it a few times, hence the double quote.

 

 

Edited by Jello
8

Share this post

Link to post

A Nobody   

A Nobody
Posted
On 10/14/2022 at 2:17 AM, Redneckerz said:

Because people are in fact taking it seriously and have determined its much of a nothingburger. If you read the thread you would know.

 

If there was geniune cause for concern then staff would tell us.

 

You are both panicking over nothing and fearmongering.

Everyone does, expect you.

 

For the record, Atleast one DW user went on the site asking for the contents and stupidly referenced their DW username.

 

That means you registered and/or paid dough to see the contents. Why?

Of course not. I did not register and pay for it.

0

Share this post

Link to post

Redneckerz   

Redneckerz
Posted
22 minutes ago, A Nobody said:

Of course not. I did not register and pay for it.

I went to the site and saw that many files were included in the download

 

Oh, you saw this:
 

Spoiler

The .7z File's MD5 Hash is. In total, there are 34441 records. The file is 38.03MB uncompressed and 6.04MB compressed.

 

Well, my apologies then. Still no need to be scared over.

FWIW for anyone who still cares:

  • The owner of the site where this takes place has linked to Ling's message and tagged the OP who leaked this stuff.
  • One user felt the ''got pwnd by a scriptkiddie'' text was a sign that Ling is mad, ''LOL''.
  • And one user said: ''the way they got mad against you means that they deserve getting hacked :D good job''

TIL calling a random user a scriptkiddy is enough to deserve a hack of the poorest quality.
 

@Linguica just tagging you for the additional info. 

1

Share this post

Link to post

A Nobody   

A Nobody
Posted (edited)

Anony is a complete loser. Why couldn't they just get a job like everyone else instead of taking information from an info-less site like Doomworld?

Edited by A Nobody
0

Share this post

Link to post

A Nobody   

A Nobody
Posted
2 hours ago, Mr Masker said:

If they hack into Doomworld can they see my 2000 hours on HDoom.

 

Asking for a friend.

Exactly.

0

Share this post

Link to post

user76828904   

user76828904
Posted (edited)
On 10/21/2022 at 6:18 PM, Mr Masker said:

If they hack into Doomworld can they see my 2000 hours on HDoom.

 

Asking for a friend.


Do you mean Heretical Doom?

Edited by user76828904
typo
0

Share this post

Link to post

LogicDeLuxe   

LogicDeLuxe
Posted

I got an email from haveibeenpwned.com notifying me about that:

(domain of my email address removed from quote)
 

Quote

 

You signed up for notifications when emails on [domain of email] were pwned in a data breach and unfortunately, it's happened. Here's what's known about the breach:

Breach:    Doomworld
Date of breach:    12 Oct 2022
Accounts found:    34,478
Your accounts:    1
Compromised data:    Email addresses, IP addresses, Passwords, Usernames
Description:    In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.

 

 

1

Share this post

Link to post

omx32x   

omx32x
Posted

if a leak truly happened i dont think its the smartest idea to add 2FA right now

 

we dont know if they can have access to phone numbers with this leak and i think its better if we wait until it is truly patched before we add even more information to the site

0

Share this post

Link to post

Edward850   

Edward850
Posted (edited)
39 minutes ago, omalefico32x said:

we dont know if they can have access to phone numbers with this leak

That's not how Doomworld's 2FA works, it's not an SMS system and thus doesn't know your phone number. Which you would know if you had ever set up 2FA.

Edited by Edward850
0

Share this post

Link to post

Dragonfly   

Dragonfly
Posted
1 hour ago, Seeker_of_Truth said:

Yep, there's a thread about it here:

 

 

You kinda linked to this thread buddy 😅

 

18 minutes ago, Edward850 said:

That's not how Doomworld's 2FA works, it's not an SMS system and thus doesn't know your phone number. Which you would know if you had ever set up 2FA.

 

While correct, the snark isn't founded, since if you use Authy you do enter your phone number to connect the account - anyone who doesn't know how it works exactly would be fair in beliving their number is stored.

 

See screenshot below, which shows both that you enter a phone number, and also covers the issue where I still cannot enable 2FA.

 

dfe88ca4c1c893daa2239bbec2574530.png

 

Can any DW moderators / maintainers shed some light on why this "account suspension" may be a thing? Last time I commented on it here nothing was said.

0

Share this post

Link to post

Edward850   

Edward850
Posted
59 minutes ago, Dragonfly said:

anyone who doesn't know how it works exactly would be fair in beliving their number is stored.

Only if they somehow thought Doomworld ran Authy. I'm not seeing this leap in logic, sorry.

0

Share this post

Link to post

Chronohunter45   

Chronohunter45
Posted (edited)

I don't post much, and I'm a bit late to the party here, so I'll try to be brief:

 

@Linguica

I certainly hope you do not take it to heart that this occurred. As other veteran members have pointed out, the passwords were all hashed bcrypt, and the rest of the information is easily obtainable if you know where to look. Spam lists are the greatest concern here.I doubt we will see the 34k account passwords appended to the end of the next iteration of rockyou.txt, unless you've really pissed someone off and they're using a certain stoner feline application supported by a hive of a boat load of GTX3090's. That seems like a very expensive electricity bill for the sake of pwning good ole doomworld.

 

More than likely, this was the result of something you couldn't have predicted, and the possible vectors are numerous with ground that you couldn't possibly cover all by yourself. Doomworld is not some international company with a bug bounty program and Horizon 3 backing it up. The incident has already occurred, and I would just focus on consolidation of evidence for a root cause analysis to develop a lessons learned of sorts to better prevent something like this from happening again in the future - if there was even anything that could have been done.

 

This website has been the home of many of us for more than 2 decades - quite impressive for a site dedicated to a game released in 1993. We've mourned members together, seen the birth of legendary source ports together (have you seen what these maniacs are doing with SNES/32X/Saturn/3DO doom?!), laughed at memes together, and some members have even shared a certain plush's company together. I'm surprised you haven't asked for help funding this site, as countless members would throw money at you like Fry from Futurama without hesitation. I sincerely doubt anyone here would hold any light of negativity towards you as a result of this - anyone who does, well that just seems like some twitter attention grabbing tier shit to me.

 

PM me if think my brain could be picked for some forensic insight, but you're a smart enough guy that I doubt you need any help from a moron like me.

 

Don't beat yourself up. Life is too short to carry guilt that isn't truly yours.

 

 

7 hours ago, LogicDeLuxe said:

I got an email from haveibeenpwned.com notifying me about that:

(domain of my email address removed from quote)
 

 

HaveIBeenPwned is great in this regard, and I highly recommend it to everyone.

 

On 10/17/2022 at 5:34 PM, Ralphis said:

No Netscape, no shield. Got ya, Doomworld. 

Based.

 

Also, half expected the lingerie pic, and completely forgot about the cat one.

 

On 10/21/2022 at 4:18 PM, Mr Masker said:

If they hack into Doomworld can they see my 2000 hours on HDoom.

 

Asking for a friend.

No, but they can see how many times you played cyberdreams.

 

 

Edited by Chronohunter45
I suck at context expansion. Something something bourbon something something.
9

Share this post

Link to post
  • 4 months later...

taufan99   

taufan99
Posted
4 minutes ago, Biodegradable said:

Goddamn it, Red, I was in the middle of writing that myself!

 

Anyways, let's all enjoy a good laugh at their expense. LOL

You're just a gametic late. ;)

 

Anyway, good riddance of so-called "hackers".

3

Share this post

Link to post

Murdoch   

Murdoch
Posted
2 hours ago, Biodegradable said:

Goddamn it, Red, I was in the middle of writing that myself!

 

Anyways, let's all enjoy a good laugh at their expense. LOL

 

Allow me to laugh EVEN HARDER!

HA!

3

Share this post

Link to post

Ludi   

Ludi
Posted

Yeah that'll happen when you have no social skills, dreams, goals, or any positive traits whatsoever. 

 

Do ya think the FBI had to wade through a sea of empty coke cans and instant noodle cups to reach his "battle station"?

3

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...