Jump to content

HardwareZone Forum hit by security breach

Stooky

By Stooky,
in Lite & EZ

 Share

Recommended Posts

Stooky

Stooky

6th Gear
JUST IN: HardwareZone Forum hit by security breach, 685,000 registered user profiles affected, police report lodged

 

Here is the statement from SPH Magazines, which owns the HardwareZone Forum site, in full: "Arising from a suspicious posting on HardwareZone (HWZ) Forum website on 18 February, an investigation was immediately launched to ascertain whether a security breach on the HardwareZone (HWZ) Forum site occurred. The investigation found that:

 

A Senior Moderator’s account had been compromised by an unidentified hacker and used to view approximately 685,000 registered user profiles since September 2017.

 

The hacker used the compromised credentials to impersonate the Senior Moderator to retrieve user profile data which comprised name, email address and user ID, and possible optional data fields.

 

The HWZ database does not contain NRIC numbers, telephone numbers and addresses as these were purged in line with the Personal Data Protection Commission (PDPC) Guidelines in July 2015.

 

As a matter of precaution, forum users were advised to change their forum account password. SPH Magazines, which owns the HWZ site, has also engaged security consultants to conduct a thorough review of the system.

 

A police report has been lodged and PDPC has been informed. SPH Magazines and HWZ sincerely apologise to HWZ users for this breach of security. We remain committed to protecting all personal data shared with us."

 


 

MCF got tio bo? Also under SPH, right? 

↡ Advertisement
  • Praise 4
Link to post
Share on other sites
DACH

DACH

Supersonic

MCF moderators, please look into this and take necessary precautions, if possible.

 

@pchou @kobayashigt @babyblade 

 

Thank you.

  • Praise 1
Link to post
Share on other sites
Kusje

Kusje

Supersonic

This forum got all our critical info... Better start to delete the info before something happens...

Uh. What critical info did you give them?

 

They have my email address, IP address and password (which is the same as my email).

 

Hopefully they at least salted the password so hackers can't just download it Willy nilly.... But even if they did have my password, they wouldn't be able to access my email account as it is protected with 2fa.

I remember someone said SSL would be implemented here but till now no sound no action.

What's ssl?
Link to post
Share on other sites
Unltd

Unltd

5th Gear
(edited)

MCF did implement ssl, just not fully. They implemented it only for profile

 

Need to correct the above, they didn’t implement properly for profile as well, when they said implemented and I visited profile pages, can see the https, now it’s gone. I think errr... need improvement la... quickly and properly done...

Edited by Unltd
Link to post
Share on other sites
Xers007

Xers007

Supercharged

Uh. What critical info did you give them?

 

They have my email address, IP address and password (which is the same as my email).

 

Hopefully they at least salted the password so hackers can't just download it Willy nilly.... But even if they did have my password, they wouldn't be able to access my email account as it is protected with 2fa.

What's ssl?

Full name, address, mobile number and car number plate.
Link to post
Share on other sites
Unltd

Unltd

5th Gear

I worry for those with yellow p, i remember having to give full and verifiable personal data to get it, didn’t dare to have it on cause was worried about security.

  • Praise 1
Link to post
Share on other sites
Kopites

Kopites

Supersonic
(edited)

Full name, address, mobile number and car number plate.

I did not sign as premium member.

 

Free gift come with a risk. My opinion only. Don't flame me.

Edited by Kopites
  • Praise 3
Link to post
Share on other sites
Tianmo

Tianmo

Hypersonic

If HWZ was hit in Sept 2017, and news only surface now, i am not going to be surprise that MCF is already hit, just a matter of will this news surface or not.  [laugh]  [laugh]  [laugh]

  • Praise 2
Link to post
Share on other sites
Vid

Vid

Hypersonic

I worry for those with yellow p, i remember having to give full and verifiable personal data to get it, didn’t dare to have it on cause was worried about security.

 

Actually got ssl or not is not the major issue. Usually hacks happen at server level. It is how secured a server is. There is hardly any information passed between user and website for MCF. Even in plain text, it will take a hacker a long time to accumulate a lot of user logins.

  • Praise 1
Link to post
Share on other sites
Xers007

Xers007

Supercharged
(edited)

I did not sign as premium member.

 

Free gift come with a risk. My opinion only. Don't flame me.

There is much more info they will have as some folks use their service.

If HWZ was hit in Sept 2017, and news only surface now, i am not going to be surprise that MCF is already hit, just a matter of will this news surface or not. [laugh][laugh][laugh]

You no worries lah... No hacker dare touch you... Edited by Xers007
  • Praise 1
Link to post
Share on other sites
Unltd

Unltd

5th Gear

Actually got ssl or not is not the major issue. Usually hacks happen at server level. It is how secured a server is. There is hardly any information passed between user and website for MCF. Even in plain text, it will take a hacker a long time to accumulate a lot of user logins.

Yup, I am assuming the servers are properly secured so there should be little to no vector attack vulnerability, so intrusion will be from site. So pen test, code review and vulnerability assessment is the way to go. Pen test being one of the most important especially by good qualified white hats.

Link to post
Share on other sites
Tianmo

Tianmo

Hypersonic

There is much more info they will have as some folks use their service.

You no worries lah... No hacker dare touch you...

 

 

they hack my account also dont gain anything mah. At most they get to see all the little demons and devils only, who want sia.  [:p]  [laugh]  [laugh]

 

Mayb @radx acct nong nong time ago tio hack liao.  [:p]

↡ Advertisement
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...