Jump to content

*** SECURITY BREACH ***


Recommended Posts

  • Administrator

SECURITY ALERT

 

Forum Security Breach

 

Between 1:00AM – 6:00 AM (AEST) on the 25th April 2021, the StereoNET Australia and New Zealand Message Forums were accessed by a person or persons who gained unauthorised administrator access. 

 

The hackers hijacked an existing user’s account, gaining administrator access via an exploit (we believe at this time). They proceeded to vandalise the website by deleting many member’s accounts, including all Administrator and Moderator accounts, along with some forums and their posts.

 

Do I need to worry?

In short, no. The only identifying information contained in the database is your username, email address, and password (stored with encryption). StereoNET is not aware of what further identifying information that member’s may have had contained within their Private Messages, however from our investigation, this information was neither accessed or downloaded.

 

As a precaution we do suggest you change your password here on StereoNET, and anywhere else you use the same password.
UPDATE: We have implemented a forced site wide password reset.

UPDATE 2: We have also now implemented Multi-factor Authentication which you can enable in your Account Settings.

 

What were the hackers trying to achieve?

From our investigation, it appears the hackers were only interested in making some quick dollars via unsuspecting members with some advertisements for products that appeared too good to be true. They requested payment from unsuspecting members via Paypal and Crypto currencies. It is not believed at this stage that the hackers were successful in obtaining any payments from members.

 

Once our investigation is complete, StereoNET will restore a database backup from prior to the breach. Any threads, posts, or member accounts created in the last 24 hours will not be retained.

 

UPDATE: The server backup has now been restored (from 8:00PM (AEST) 24th April 2021, and the hacked website has been copied and taken offline for further forensic investigation.

 

We continue to work with the security experts, and software authors to determine the exact method of unauthorised access to ensure the integrity of our servers and data going forward.

 

StereoNET employs extensive security measures with both our hardware and software. We take this unauthorised access very seriously and engaged security experts immediately upon becoming aware of this breach. Our investigation is still ongoing, and the forums will remain offline until the extent of the hacking is fully determined.

 

UPDATE: The forums have been restored and are now online. The forums may experience short outage periods throughout Sunday 25th April 2021 while we implement further security measures.

 

Sincerely,

Marc Rushton
Managing Director
Sound Media International Pty Ltd

  • Like 29
  • Thanks 4
Link to comment
Share on other sites



What method of encryption has been/is being used for passwords? Hashes, salts, encryption, etc. 

 

What method of access was utilised to gain access? A vulnerability, or was an individual admin account compromised? (IE, will it happen again after the restoration, or has the hole been plugged, and if it has been plugged, how...)

Link to comment
Share on other sites

  • Administrator
On 25/04/2021 at 11:06 AM, Caelum said:

What method of encryption has been/is being used for passwords? Hashes, salts, encryption, etc. 

 

What method of access was utilised to gain access? A vulnerability, or was an individual admin account compromised? (IE, will it happen again after the restoration, or has the hole been plugged, and if it has been plugged, how...)

 

We believe at this stage that a vulnerability was exploited to give a Full Member account Administration access. They then used that account to remove all other Admin and Moderator accounts - essentially hijacking the website. I had to hack in from the backend to prevent the unauthorised access.

 

We believe we have implemented some local fixes to prevent this happening again, along with integrating some third-party software and firewall strengthening. In the meantime, IPBoard are also investigating further. As mentioned, investigations are continuing, and I take this very seriously.

  • Like 7
  • Thanks 7
Link to comment
Share on other sites



Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. 


 

Hi cafe67, 

We have detected 5 failed log in attempts to your account from Panania, New South Wales, 2213. 

If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful. You may however want to change your password for greater security, especially if you use the same password on other websites. 

If this was you, you can safely ignore this email and you will be able to sign in again at 25/04/21 10:07 AM. 

 

Link to comment
Share on other sites

36 minutes ago, cafe67 said:

Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. 


 

Hi cafe67, 

We have detected 5 failed log in attempts to your account from Panania, New South Wales, 2213. 

If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful. You may however want to change your password for greater security, especially if you use the same password on other websites. 

If this was you, you can safely ignore this email and you will be able to sign in again at 25/04/21 10:07 AM. 

 

 

36 minutes ago, emesbee said:

Have reset and strengthened my password following the email I received.

 

 

12 minutes ago, soundfan said:

Just changed my password for the first time since joining back in 2005.


Had a similar email though from Fitzroy North so more than likely the hackers are disguising their true location.

 

I would highly recommend for anyone on this website if they are not already doing so to use a password manager capable of generating strong passwords including symbols and numbers.


SNA is capable of accepting up to 72 characters for the password so it's not the worst idea to have a password of a high number of characters including capital letters, numbers and characters.

 

I would also avoid any of the common guessable passwords like kids or pets names etc.

 

I personally use and would recommend 1Password as is very capable with good integration and usability though any good password manager should suffice.

 

Also due to the risk of the information being obtained by the hack which while @Marc has suggested probably is not the case this information may include personal emails so just to be safe I would recommend updating your email address with a strong password as well.

  • Like 4
Link to comment
Share on other sites



45 minutes ago, cafe67 said:

Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. 


 

Hi cafe67, 

We have detected 5 failed log in attempts to your account from Panania, New South Wales, 2213. 

If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful. You may however want to change your password for greater security, especially if you use the same password on other websites. 

If this was you, you can safely ignore this email and you will be able to sign in again at 25/04/21 10:07 AM. 

 

 

But it starts with a 'P'!

  • Haha 1
Link to comment
Share on other sites

How do I change my password? I went to Settings > Security & Privacy but is says 'To access this area, please re-authenticate.'

How do I do re-authenticate? 

 

image.png.8e1947813cd4aad75685d5c7abdedaf8.png

Edited by Jeddie
Link to comment
Share on other sites

1 hour ago, cafe67 said:

Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. 


 

Hi cafe67, 

We have detected 5 failed log in attempts to your account from Panania, New South Wales, 2213. 

If this wasn't you, someone else may be trying to access your account. These log in attempts were unsuccessful. You may however want to change your password for greater security, especially if you use the same password on other websites. 

If this was you, you can safely ignore this email and you will be able to sign in again at 25/04/21 10:07 AM. 

 

I had the same, except mine had 5 failed attempts from Sunbury, Victoria.

 

Reset now.

Link to comment
Share on other sites

26 minutes ago, Jeddie said:

How do I change my password? I went to Settings > Security & Privacy but is says 'To access this area, please re-authenticate.'

How do I do re-authenticate? 

 

image.png.8e1947813cd4aad75685d5c7abdedaf8.png

Check your email, you probably will have an email sent out with a link in there to re-authenticate and reset password.

Link to comment
Share on other sites



1 hour ago, cafe67 said:

Redid password, but roundabout the same time , I got this email from stereonet - Panania is a long way from Perth. 

 

 

 

I have a fixed IP address from Aussie Broadband and for that reason the rest of the worlds thinks I'm in Sydney or Brisbane. (I'm in Perth.)

 

 

  • Like 1
  • Love 1
Link to comment
Share on other sites

51 minutes ago, Martykt said:

 

 


Had a similar email though from Fitzroy North so more than likely the hackers are disguising their true location.

 

I would highly recommend for anyone on this website if they are not already doing so to use a password manager capable of generating strong passwords including symbols and numbers.


SNA is capable of accepting up to 72 characters for the password so it's not the worst idea to have a password of a high number of characters including capital letters, numbers and characters.

 

I would also avoid any of the common guessable passwords like kids or pets names etc.

 

I personally use and would recommend 1Password as is very capable with good integration and usability though any good password manager should suffice.

 

Also due to the risk of the information being obtained by the hack which while @Marc has suggested probably is not the case this information may include personal emails so just to be safe I would recommend updating your email address with a strong password as well.


‘this is good advice. 1Password is great software. Apple users should know that iOS and MacOS do this for free, too

  • Like 1
Link to comment
Share on other sites

17 minutes ago, Marc said:

 

This can now be activated under the Security & Privacy section of your Account Settings.


Don’t know if this is at my end but your avi is blank for me, @Marc

 

EDIT: only on iPad, not on phone

 

EDIT 2: it’s back

Edited by RankStranger
Link to comment
Share on other sites

I followed the password reset link sent to my email, but it looks like my profile is completely gone  and some information is incorrect - not sure if anyone else experienced the same issue?

I also notice that my "old" account on my mobile phone is still ok (as I have not signed out on my mob yet) - this means there are two of me accessing SNA at the same time - it sounds like the security bug is still there?

Link to comment
Share on other sites



Guest Eggcup the Dafter

I did not see any enforced password reset. Adding that here in case it's important (I changed my password anyway)

Link to comment
Share on other sites

  • Administrator
1 minute ago, Eggcup the Dafter said:

I did not see any enforced password reset. Adding that here in case it's important (I changed my password anyway)

 

Sending to 160,000+ members, it takes hours to send them all out.

Could also be in your junk mail folder.

Link to comment
Share on other sites

  • Administrator
4 minutes ago, spotify said:

I followed the password reset link sent to my email, but it looks like my profile is completely gone  and some information is incorrect - not sure if anyone else experienced the same issue?

I also notice that my "old" account on my mobile phone is still ok (as I have not signed out on my mob yet) - this means there are two of me accessing SNA at the same time - it sounds like the security bug is still there?

 

You had two accounts - one with one email address and one with another (or potentially a 2nd account linked to a social media login).
You would have eventually received two password reset emails. You just happened to get the @spotify one first. 

 

I've merged your two accounts for you.

  • Like 1
Link to comment
Share on other sites

Hi Marc,

I have lost access to my account when I reset password today.


My account was wildragon but now presented with other name attached below.

 

Please let me know what to do as I have current listing and I'm worried. Thanks

Jay

796EBEFE-B40A-496B-9503-B968AE9EE6A3.thumb.png.1293bd3d98ec6cc43b069504e8e20f7d.png

Link to comment
Share on other sites



Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...
To Top