Author Topic: Encrypted password stolen  (Read 4177 times)

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 962
    • View Profile
Encrypted password stolen
« on: January 30, 2020, 06:26:57 PM »
My password checkup extension (Avast) has just advised me my shipspotting password (only used on this site) has been stolen but still in encrypted form (at the moment). Therefore I've just changed it. Curious/ advice to members.
On submitting this message to site, got error 28 from storage engine. Try again. Submitted again and then message said I'd already submitted.  Is there are"gremlin /attack" in storage engine.

Subsequently on checking with Avast I received this message 15 minutes later :- We
« Last Edit: January 30, 2020, 06:49:55 PM by ChasB46 »

Offline davidships

  • Webmaster
  • Top Poster
  • *****
  • Posts: 2,344
    • View Profile
Re: Encrypted password stolen
« Reply #1 on: January 31, 2020, 12:39:00 AM »
IT informed, and I will follow up Friday

On the main matter: no, we front-end Admin have never been advised of any breach of password security over the last few years, despite clear evidence of security problems back in 2017-2018.

This may be related: http://forum.shipspotting.com/index.php/topic,16787.0.html
There were issues with alleged major site security failures in 12/2018
and there is the long thread on problems that started in mid-2018:
http://forum.shipspotting.com/index.php/topic,16204.195.html

If true, a total of 107,943 accounts looks like the total of all past and present accounts at the time of the alleged breach [currently 106,944].  Not sure that they are saying that it was discovered in March 2019, or that they discovered recently that a breach happened then.

I do not think that the posting error 28 is likely related - advised earlier
http://forum.shipspotting.com/index.php/topic,16768.msg89479.html#msg89479
« Last Edit: January 31, 2020, 12:44:08 AM by davidships »

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 962
    • View Profile
Re: Encrypted password stolen
« Reply #2 on: January 31, 2020, 07:59:32 PM »
Further to previous message I have just installed Malwarebytes Premium ( free trial) and it blocked my access to Shipspotting with message .."Website blocked due to a Trojan. Your Malwarebytes Premium trial blocked this website because it may contain a Trojan.

Further check with https://rankchart.org/site/shipspotting.com . This says "During the last check (January 31, 2020) shipspotting.com has an invalid SSL certificate. 
So  SSL cert. could be cause of Trojan message.
« Last Edit: January 31, 2020, 08:13:38 PM by ChasB46 »

Offline davidships

  • Webmaster
  • Top Poster
  • *****
  • Posts: 2,344
    • View Profile
Re: Encrypted password stolen
« Reply #3 on: January 31, 2020, 08:38:32 PM »
Thank you Charles for the update.
Still no word from IT, I'm afraid, despite requests and drawing attention to this thread.
Would members who have additional insight into this please email me at [email protected]

Extensive speculation here may be counter-productive.
We have been promised an site upgrade, especially of security aspects this year, but nothing detailed, I'm afraid.

David

Offline smithy166

  • Oceangoing OOW (STCW II/1)
  • Quite a regular
  • **
  • Posts: 65
  • In a hole.
    • View Profile
Re: Encrypted password stolen
« Reply #4 on: February 01, 2020, 04:19:05 PM »
As an FYI to all, incl. Webmasters and management : https://breachaware.com/breaches/780bbaf3-d79f-4d81-b7de-4ff9039e13b0

"In early March 2019, the ship enthusiast website ShipSpotting was compromised leaking over 100,000 user email addresses and unsalted MD5 passwords. The validity of the breach has been independently verified."

A total of 106,642 user accounts have been compromised, with the hack taking place on or around the 5th of march 2019.

I'd suggest everyone change their passwords on both shipspotting and any other site that uses the same/similar password as the one they use for shipspotting, and the webmasters & site owners force reset all users passwords.

Further, due to the size of the breach, the site owners may be required to report the matter to the ICO.
« Last Edit: February 01, 2020, 08:37:58 PM by smithy166 »
Enough torque to restart a dead planet! OOW with an unlimited CoC looking for work. :)

Offline davidships

  • Webmaster
  • Top Poster
  • *****
  • Posts: 2,344
    • View Profile
Re: Encrypted password stolen
« Reply #5 on: February 01, 2020, 07:06:53 PM »
Not a word still from server-side Admin.
I am emailing the site-owner directly.

Whether wholesale changes of changes of passwords are wise/necessary I do not know.
In particular, whether alleged site vulnerabilities make the entry of new passwords of value nor not.  As it happens, I asked IT yesterday how "all members" can be contacted.

I'll keep pressing.  I'm reluctant to make any specific recommendations on something where my knowledge level is so low.

@smithyy166 - I will reply to your email shortly.

David

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 962
    • View Profile
Re: Encrypted password stolen
« Reply #6 on: February 01, 2020, 07:42:33 PM »
Its not so much the passwords as any sensible person uses a different one for individual sites. However the "Hoovering" of email addresses by the dark web only leads to masses of spam in our email inboxes.
Can I recommend https://www.avast.com/hackcheck/  to users to see if their email addresses have been compromised. Its free. Similar to https://haveibeenpwned.com/  but more comprehensive results.

Offline DEREK SANDS

  • Top Poster
  • *****
  • Posts: 15,324
  • taken in Holland 2014
    • View Profile
Re: Encrypted password stolen
« Reply #7 on: February 01, 2020, 08:10:03 PM »
Well I tried to alter my password but to no avail!

I am considering deleting my account now if nothing is done as I cannot secure my account

Offline smithy166

  • Oceangoing OOW (STCW II/1)
  • Quite a regular
  • **
  • Posts: 65
  • In a hole.
    • View Profile
Re: Encrypted password stolen
« Reply #8 on: February 01, 2020, 08:32:12 PM »
Not a word still from server-side Admin.
I am emailing the site-owner directly.

Whether wholesale changes of changes of passwords are wise/necessary I do not know.
In particular, whether alleged site vulnerabilities make the entry of new passwords of value nor not.  As it happens, I asked IT yesterday how "all members" can be contacted.

I'll keep pressing.  I'm reluctant to make any specific recommendations on something where my knowledge level is so low.

@smithyy166 - I will reply to your email shortly.

David

Noted David - I'll keep an eye on my inbox.

Personally, in this situation, I'd say resetting everyones password is a very, VERY good idea. From what's been reported, ShipSpotting.com encrypts passwords with MD5, without a salt. This basically means that the encryption is pretty easy to break; less than 10 seconds on an old fashioned clunky laptop. See (https://medium.com/@svanas/why-an-unsalted-md5-hash-is-bad-practice-6a0d7d017856)
[Note - Their advice about using a password manager of some sort is a SUPER good idea]...

This means it's sadly only a matter of time before the passwords are broken into. I doubt they'd be used on here though; they'd either be used to try and get into someone's social media, paypal/banking etc., or the passwords would be ignored altogether and the e-mail addresses dumped into a spam-mailer. I would suggest the moderators, admins etc. change their passwords if they can.

What can everyone do? Well, until the site owner/IT get back to David, there's not a *huge* amount anyone can do about shipspotting.com, BUT you can;
  • Use a password manager (Most antiviruses come with one, if not there's some good free ones around for chrome, firefox, android etc. )
  • Never use the same password twice, ESPECIALLY not for banking, paypal etc.,
  • Change your password here (if that's working...),
  • Change your password on any other site that uses the same e-mail address that you use for shipspotting, ESPECIALLY if the password is the same.
  • Use two factor authentication whenever you can,
  • Don't using words from the dictionary in your passwords - Replace "o" with "0", "s" with "5" etc,
  • Follow the advice here -> https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/
« Last Edit: February 01, 2020, 08:43:03 PM by smithy166 »
Enough torque to restart a dead planet! OOW with an unlimited CoC looking for work. :)

Offline DEREK SANDS

  • Top Poster
  • *****
  • Posts: 15,324
  • taken in Holland 2014
    • View Profile
Re: Encrypted password stolen
« Reply #9 on: February 02, 2020, 11:31:19 AM »
Well somehow despite it saying It was not approved my password has changed to the new one I entered

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 962
    • View Profile
Re: Encrypted password stolen
« Reply #10 on: February 02, 2020, 01:17:11 PM »
Derek, I think the password not changed message but actually changed is related to the error 28 Shipspotting system fault. Whatever is changed on server whether it be updating a message, password etc. its changed at the time but system does not know its changed it. Left hand/right hand on the server.

Case in point ..this reply to you got the message although it was published immediately

Database Error: Got error 28 from storage engine
File: /www/www/smf1/Sources/Subs-Post.php
Line: 1410

and now I will get another of same.
« Last Edit: February 02, 2020, 02:01:29 PM by ChasB46 »

Offline DEREK SANDS

  • Top Poster
  • *****
  • Posts: 15,324
  • taken in Holland 2014
    • View Profile
Re: Encrypted password stolen
« Reply #11 on: February 02, 2020, 06:06:33 PM »
Thanks Chas all understood........I think  ;D

Offline ChasB46

  • Top Poster
  • *****
  • Posts: 962
    • View Profile
Re: Encrypted password stolen
« Reply #12 on: February 02, 2020, 06:35:31 PM »
Derek, yes a bit garbled but trying not to write an essay.Perhaps punctuation would have helped!

Offline davidships

  • Webmaster
  • Top Poster
  • *****
  • Posts: 2,344
    • View Profile
Re: Encrypted password stolen
« Reply #13 on: February 05, 2020, 12:08:57 AM »
I have now heard from the site-owner, who is working on the issues.
We will let you know as soon as there is anything definitive to say.

David

 

SMF spam blocked by CleanTalk