Administrator Marc Posted April 25, 2021 Administrator Share Posted April 25, 2021 SECURITY ALERT Forum Security Breach Between 1:00AM – 6:00 AM (AEST) on the 25th April 2021, the StereoNET Australia and New Zealand Message Forums were accessed by a person or persons who gained unauthorised administrator access. The hackers hijacked an existing user’s account, gaining administrator access via an exploit (we believe at this time). They proceeded to vandalise the website by deleting many member’s accounts, including all Administrator and Moderator accounts, along with some forums and their posts. Do I need to worry? In short, no. The only identifying information contained in the database is your username, email address, and password (stored with encryption). StereoNET is not aware of what further identifying information that member’s may have had contained within their Private Messages, however from our investigation, this information was neither accessed or downloaded. As a precaution we do suggest you change your password here on StereoNET, and anywhere else you use the same password. UPDATE: We have implemented a forced site wide password reset. UPDATE 2: We have also now implemented Multi-factor Authentication which you can enable in your Account Settings. What were the hackers trying to achieve? From our investigation, it appears the hackers were only interested in making some quick dollars via unsuspecting members with some advertisements for products that appeared too good to be true. They requested payment from unsuspecting members via Paypal and Crypto currencies. It is not believed at this stage that the hackers were successful in obtaining any payments from members. Once our investigation is complete, StereoNET will restore a database backup from prior to the breach. Any threads, posts, or member accounts created in the last 24 hours will not be retained. UPDATE: The server backup has now been restored (from 8:00PM (AEST) 24th April 2021, and the hacked website has been copied and taken offline for further forensic investigation. We continue to work with the security experts, and software authors to determine the exact method of unauthorised access to ensure the integrity of our servers and data going forward. StereoNET employs extensive security measures with both our hardware and software. We take this unauthorised access very seriously and engaged security experts immediately upon becoming aware of this breach. Our investigation is still ongoing, and the forums will remain offline until the extent of the hacking is fully determined. UPDATE: The forums have been restored and are now online. The forums may experience short outage periods throughout Sunday 25th April 2021 while we implement further security measures. Sincerely, Marc Rushton Managing Director Sound Media International Pty Ltd 29 4 Link to comment Share on other sites More sharing options...
Caelum Posted April 25, 2021 Share Posted April 25, 2021 What method of encryption has been/is being used for passwords? Hashes, salts, encryption, etc. What method of access was utilised to gain access? A vulnerability, or was an individual admin account compromised? (IE, will it happen again after the restoration, or has the hole been plugged, and if it has been plugged, how...) Link to comment Share on other sites More sharing options...
Administrator Marc Posted April 25, 2021 Author Administrator Share Posted April 25, 2021 On 25/04/2021 at 11:06 AM, Caelum said: What method of encryption has been/is being used for passwords? Hashes, salts, encryption, etc. What method of access was utilised to gain access? A vulnerability, or was an individual admin account compromised? (IE, will it happen again after the restoration, or has the hole been plugged, and if it has been plugged, how...) We believe at this stage that a vulnerability was exploited to give a Full Member account Administration access. They then used that account to remove all other Admin and Moderator accounts - essentially hijacking the website. I had to hack in from the backend to prevent the unauthorised access. We believe we have implemented some local fixes to prevent this happening again, along with integrating some third-party software and firewall strengthening. In the meantime, IPBoard are also investigating further. As mentioned, investigations are continuing, and I take this very seriously. 7 7 Link to comment Share on other sites More sharing options...
colinm1 Posted April 25, 2021 Share Posted April 25, 2021 just did mine wouldnt let me in with old password ???? seems fixed now i hope Link to comment Share on other sites More sharing options...
Wimbo Posted April 25, 2021 Share Posted April 25, 2021 Just signed in under new password Link to comment Share on other sites More sharing options...
cafe67 Posted April 25, 2021 Share Posted April 25, 2021 Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. Hi cafe67, We have detected 5 failed log in attempts to your account from Panania, New South Wales, 2213. If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful. You may however want to change your password for greater security, especially if you use the same password on other websites. If this was you, you can safely ignore this email and you will be able to sign in again at 25/04/21 10:07 AM. Link to comment Share on other sites More sharing options...
emesbee Posted April 25, 2021 Share Posted April 25, 2021 Have reset and strengthened my password following the email I received. Link to comment Share on other sites More sharing options...
soundfan Posted April 25, 2021 Share Posted April 25, 2021 (edited) Just changed my password for the first time since joining back in 2005. Edited April 25, 2021 by soundfan Link to comment Share on other sites More sharing options...
mbd Posted April 25, 2021 Share Posted April 25, 2021 Thanks for the prompt and descriptive actions taken to counter this. Much appreciated! 3 Link to comment Share on other sites More sharing options...
Martykt Posted April 25, 2021 Share Posted April 25, 2021 36 minutes ago, cafe67 said: Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. Hi cafe67, We have detected 5 failed log in attempts to your account from Panania, New South Wales, 2213. If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful. You may however want to change your password for greater security, especially if you use the same password on other websites. If this was you, you can safely ignore this email and you will be able to sign in again at 25/04/21 10:07 AM. 36 minutes ago, emesbee said: Have reset and strengthened my password following the email I received. 12 minutes ago, soundfan said: Just changed my password for the first time since joining back in 2005. Had a similar email though from Fitzroy North so more than likely the hackers are disguising their true location. I would highly recommend for anyone on this website if they are not already doing so to use a password manager capable of generating strong passwords including symbols and numbers. SNA is capable of accepting up to 72 characters for the password so it's not the worst idea to have a password of a high number of characters including capital letters, numbers and characters. I would also avoid any of the common guessable passwords like kids or pets names etc. I personally use and would recommend 1Password as is very capable with good integration and usability though any good password manager should suffice. Also due to the risk of the information being obtained by the hack which while @Marc has suggested probably is not the case this information may include personal emails so just to be safe I would recommend updating your email address with a strong password as well. 4 Link to comment Share on other sites More sharing options...
LogicprObe Posted April 25, 2021 Share Posted April 25, 2021 45 minutes ago, cafe67 said: Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. Hi cafe67, We have detected 5 failed log in attempts to your account from Panania, New South Wales, 2213. If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful. You may however want to change your password for greater security, especially if you use the same password on other websites. If this was you, you can safely ignore this email and you will be able to sign in again at 25/04/21 10:07 AM. But it starts with a 'P'! 1 Link to comment Share on other sites More sharing options...
Jeddie Posted April 25, 2021 Share Posted April 25, 2021 (edited) How do I change my password? I went to Settings > Security & Privacy but is says 'To access this area, please re-authenticate.' How do I do re-authenticate? Edited April 25, 2021 by Jeddie Link to comment Share on other sites More sharing options...
cafe67 Posted April 25, 2021 Share Posted April 25, 2021 8 minutes ago, LogicprObe said: But it starts with a 'P'! At first it I thought it said Panama , I was thinking “bloody hell” Link to comment Share on other sites More sharing options...
Stereophilus Posted April 25, 2021 Share Posted April 25, 2021 1 hour ago, cafe67 said: Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. Hi cafe67, We have detected 5 failed log in attempts to your account from Panania, New South Wales, 2213. If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful. You may however want to change your password for greater security, especially if you use the same password on other websites. If this was you, you can safely ignore this email and you will be able to sign in again at 25/04/21 10:07 AM. I had the same, except mine had 5 failed attempts from Sunbury, Victoria. Reset now. Link to comment Share on other sites More sharing options...
Martykt Posted April 25, 2021 Share Posted April 25, 2021 26 minutes ago, Jeddie said: How do I change my password? I went to Settings > Security & Privacy but is says 'To access this area, please re-authenticate.' How do I do re-authenticate? Check your email, you probably will have an email sent out with a link in there to re-authenticate and reset password. Link to comment Share on other sites More sharing options...
Sander H. Posted April 25, 2021 Share Posted April 25, 2021 1 hour ago, cafe67 said: Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. I have a fixed IP address from Aussie Broadband and for that reason the rest of the worlds thinks I'm in Sydney or Brisbane. (I'm in Perth.) 1 1 Link to comment Share on other sites More sharing options...
RankStranger Posted April 25, 2021 Share Posted April 25, 2021 51 minutes ago, Martykt said: Had a similar email though from Fitzroy North so more than likely the hackers are disguising their true location. I would highly recommend for anyone on this website if they are not already doing so to use a password manager capable of generating strong passwords including symbols and numbers. SNA is capable of accepting up to 72 characters for the password so it's not the worst idea to have a password of a high number of characters including capital letters, numbers and characters. I would also avoid any of the common guessable passwords like kids or pets names etc. I personally use and would recommend 1Password as is very capable with good integration and usability though any good password manager should suffice. Also due to the risk of the information being obtained by the hack which while @Marc has suggested probably is not the case this information may include personal emails so just to be safe I would recommend updating your email address with a strong password as well. ‘this is good advice. 1Password is great software. Apple users should know that iOS and MacOS do this for free, too 1 Link to comment Share on other sites More sharing options...
Ralph Posted April 25, 2021 Share Posted April 25, 2021 Marc, Thanks for your diligence in following this through. Muchly appreciated. 1 1 Link to comment Share on other sites More sharing options...
RankStranger Posted April 25, 2021 Share Posted April 25, 2021 (edited) 17 minutes ago, Marc said: This can now be activated under the Security & Privacy section of your Account Settings. Don’t know if this is at my end but your avi is blank for me, @Marc EDIT: only on iPad, not on phone EDIT 2: it’s back Edited April 25, 2021 by RankStranger Link to comment Share on other sites More sharing options...
spottie Posted April 25, 2021 Share Posted April 25, 2021 I followed the password reset link sent to my email, but it looks like my profile is completely gone and some information is incorrect - not sure if anyone else experienced the same issue? I also notice that my "old" account on my mobile phone is still ok (as I have not signed out on my mob yet) - this means there are two of me accessing SNA at the same time - it sounds like the security bug is still there? Link to comment Share on other sites More sharing options...
Guest Eggcup the Dafter Posted April 25, 2021 Share Posted April 25, 2021 I did not see any enforced password reset. Adding that here in case it's important (I changed my password anyway) Link to comment Share on other sites More sharing options...
Administrator Marc Posted April 25, 2021 Author Administrator Share Posted April 25, 2021 1 minute ago, Eggcup the Dafter said: I did not see any enforced password reset. Adding that here in case it's important (I changed my password anyway) Sending to 160,000+ members, it takes hours to send them all out. Could also be in your junk mail folder. Link to comment Share on other sites More sharing options...
Administrator Marc Posted April 25, 2021 Author Administrator Share Posted April 25, 2021 4 minutes ago, spotify said: I followed the password reset link sent to my email, but it looks like my profile is completely gone and some information is incorrect - not sure if anyone else experienced the same issue? I also notice that my "old" account on my mobile phone is still ok (as I have not signed out on my mob yet) - this means there are two of me accessing SNA at the same time - it sounds like the security bug is still there? You had two accounts - one with one email address and one with another (or potentially a 2nd account linked to a social media login). You would have eventually received two password reset emails. You just happened to get the @spotify one first. I've merged your two accounts for you. 1 Link to comment Share on other sites More sharing options...
robbee Posted April 25, 2021 Share Posted April 25, 2021 Link to comment Share on other sites More sharing options...
wildragon Posted April 25, 2021 Share Posted April 25, 2021 Hi Marc, I have lost access to my account when I reset password today. My account was wildragon but now presented with other name attached below. Please let me know what to do as I have current listing and I'm worried. Thanks Jay Link to comment Share on other sites More sharing options...
Recommended Posts