OSBA Database user passwords cracked

New news and release discussion.
Locked
Andrew
User avatar
Donator
Posts: 570
Joined: Fri Aug 18, 2006 12:10 pm
Location: New Zealand

OSBA Database user passwords cracked

Post by Andrew »

OSBA's database was cracked earlier today by PTCFast2 and another person, in an attempt at stealing R-TYPE and Glendacorps user information.

The cracking effort led by PTCFast2 uncovered at least the passwords of: Grabberslasher's password (however this has changed since), Erik/EBD's password, Zammis's password, and possibly KenOath's.

The Control Panel for OSBA.RTYPE was also hacked into. That site http://osba.r-type.ca/ has been taken offline for an unknown length of time.

I have tested a stolen password, and used it successfully. This leak is very real. PTCFast2 and another person have also launched thier own OSBA clone, thier forum called "OSBetaSpace" is down at the moment, but definately log in and have a chat (http://osbs.mtxstudios.com/index.php) as soon as the forum goes online.

You are all advised to change your passwords if they are currently the same as they were in October 2005. You can thank another person and PTCFast2 for this privacy issue, and for the original leak of the forum database.

To view if your password has been cracked recently, go to http://milw0rm.com/cracker/list.php, and look for your password. (usernames are not visible, so you cannot use this list to find other users passwords).

Posting a link or method on how to do similar attacks will result in an instant warn. BetaArchive will not be affected by this leak as our site includes none of the stolen database (unless of course your password is the same).

Cracking is thought to have began nearly a day ago from this post, and there is a possibility that a more recent database has also leaked.
Last edited by Andrew on Thu Oct 05, 2006 1:03 pm, edited 2 times in total.

___
User avatar
Donator
Posts: 1914
Joined: Sat Aug 19, 2006 12:19 am
Location: New Zealand

Post by ___ »

impossible to crack eh?

moonlit
User avatar
FTP Access
Posts: 514
Joined: Wed Oct 04, 2006 11:02 pm

Post by moonlit »

Aren't the passwords stored as MD5 hashes?

Andrew
User avatar
Donator
Posts: 570
Joined: Fri Aug 18, 2006 12:10 pm
Location: New Zealand

Post by Andrew »

Yes, but they used a brute force md5 hash cracker

moonlit
User avatar
FTP Access
Posts: 514
Joined: Wed Oct 04, 2006 11:02 pm

Post by moonlit »

Ho hum... still, shouldn't be too much of an issue since we all change our passwords regularly...

...right?

___
User avatar
Donator
Posts: 1914
Joined: Sat Aug 19, 2006 12:19 am
Location: New Zealand

Post by ___ »

I DO I DO!

kichimi
User avatar
Donator
Posts: 407
Joined: Tue Aug 22, 2006 3:30 pm
Location: Essex, UK
Contact:

Post by kichimi »

i do, but alot of my passwords are the same as the one i found on that webpage *Gets scared and hides in corner crying*

EDIT: All Changed *continues to cry in corner*
Last edited by kichimi on Thu Oct 05, 2006 8:09 am, edited 1 time in total.
The better candies are in the cage

pr0gram the pr0grammer
Donator
Posts: 698
Joined: Fri Aug 18, 2006 12:05 pm
Location: Or-stray-liagh

Post by pr0gram the pr0grammer »

F--king great, first all the PMs leak, then the passwords get cracked...
Last edited by pr0gram the pr0grammer on Sat Dec 02, 2006 2:48 pm, edited 1 time in total.
pr0gram the pr0grammer
BetaArchive retiree | OSBA Expat

kichimi
User avatar
Donator
Posts: 407
Joined: Tue Aug 22, 2006 3:30 pm
Location: Essex, UK
Contact:

Post by kichimi »

This could have been prevented
The better candies are in the cage

KenOath

Post by KenOath »

pr0gram the pr0grammer wrote:[censored] great, first all the PMs leak, then the passwords get cracked...
Exactly my response, I logged in yesterday & found I had 69 inbox PM's
30odd saved/sent PM's & now I've just found my password on that sight
that Braindrain posted above...

It's a shame that I've gone to the trouble of making iso's , nfo's & rarred
a [censored] load of betas & a bunch of other crap to release when I feel the time was right....
Guess what , it ain't happening for a damn long time now, if at all...
& to think I was wasting my time & money on a server...
If anyone here knows the f-wits responsible, give em the message,
everyone looses...
Must be time for a new hobby already...

___
User avatar
Donator
Posts: 1914
Joined: Sat Aug 19, 2006 12:19 am
Location: New Zealand

Post by ___ »

this is a sad day. maybe a few new betas could help make people forget all this crap and get on with the beta world

Vista Ultimate R2
User avatar
FTP Access
Posts: 2393
Joined: Wed Aug 30, 2006 10:06 pm

Post by Vista Ultimate R2 »

Glad I wasn't around in those days - I use the same password for everything (not that you know who I am so it's not like you could go and log into my email account or ebay or anything, I suppose).
Image

tails92

Post by tails92 »

These two crackers have done a sad thing that serves no purpose except to degrade the beta community.
These crackers are stupid people, really.

merty
User avatar
FTP Access
Posts: 386
Joined: Sun Aug 27, 2006 11:03 am
Location: Australia

Post by merty »

It was very shameful of those two to do that.
and making the scene of Beta's much worse.
Last edited by merty on Thu Oct 05, 2006 10:44 am, edited 1 time in total.

kichimi
User avatar
Donator
Posts: 407
Joined: Tue Aug 22, 2006 3:30 pm
Location: Essex, UK
Contact:

Post by kichimi »

Do you rekon they feel guilty? what drove them to do this?
The better candies are in the cage

Andrew
User avatar
Donator
Posts: 570
Joined: Fri Aug 18, 2006 12:10 pm
Location: New Zealand

Post by Andrew »

I put KenOath's info on milworm to check if they really could crack anything, as he was the only friend I had out of list they gave. I'm not sure which hash is his, so I can't email milworm and ask for it to get removed. kichimi, if you mean about puttign KenOath's info on milworm, then definately, he has good reason to take me down because of this, I was real stupid, and I've caused a lot of problems, I've been watching this thread for a few hous now, I hope he is still wanting to talk to me.

PTCFast2 gave me the code to get his password (his specifically), along with the other people in the list, which he still has and may use. I guess I'll be in the same court as those two - I'd rather announce this this than shut-up and let them fall for something I've done which seems to be the way things are going.

To reconfirm I put KenOath's info on milworm.

CoreDuo
FTP Access
Posts: 43
Joined: Fri Aug 18, 2006 5:05 pm

Post by CoreDuo »

i was no where to be found in October 2005 so as far as this goes i'm fine. It's just sad that idiots go through the trouble of doing. I have the feeling that the database shouldn't have been leaked to prevent this chaos

koll2786

Post by koll2786 »

f**king lies, i didn't hack any password of anyones so please dont post bulls**t. In fact I only found out ebds pass because a msn cintact told me so. In fact why would i want to steal people's passwords????. I have no use for them. I admit a wrong duing posting his password in msn to ptcfast2 and braindrain. But I don't think ptcfasts2 intent of hacking passwords is meant to scare people. And surely he wasnt going to hack kenoath because he didn't say anything to me about kenoath.

Admin Edit: Please star out swearing in future.
Last edited by koll2786 on Thu Oct 05, 2006 1:08 pm, edited 1 time in total.

Andrew
User avatar
Donator
Posts: 570
Joined: Fri Aug 18, 2006 12:10 pm
Location: New Zealand

Post by Andrew »

Thanks for correcting that Koll, an as of yet unknown person, and PTCFast2 stole the passwords. Koll relayed one of them, leading to an assumption that the other person was Koll. Again, this was my mistake, and I am very sorry for coming to this conclusion. I agree with Gravynaster64, the leak has caused a lot of problems.

KenOath

Post by KenOath »

I really don't care that my password was posted on milworm, nobody here
knows what password go's with what name anyway so it's not an issue...
It's the fact that someone would go to the trouble of hacking my account
& share the info with others that has pissed me off...

Andy
User avatar
Administrator
Posts: 12629
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Post by Andy »

I think its pathetic to be honest.

If your password has possibly been posted and you use the same on on BetaArchive can I please ask that you change it, even if its just one digit/letter. This may help to avoid anyone that wants to spam the forum.

koll2786

Post by koll2786 »

noones passwords have been posted not at least to my knowledge, as far as I can understand. I don't know what I haven't heard. My advice is if you want your account deleted or changed email me at aspx@cogeco.ca. I am sorry for my action's and I am taking necessary steps to prevent from any more password leakage. As far as I am concerned the only one who had his password leaked by members is Erik Somerdyk. I have emailed him my part of the story, and as He may now be aware my old password was leaked too.

kichimi
User avatar
Donator
Posts: 407
Joined: Tue Aug 22, 2006 3:30 pm
Location: Essex, UK
Contact:

Post by kichimi »

Andy wrote:I think its pathetic to be honest.
I agree, this is stupid
The better candies are in the cage

koll2786

Lock this topic now ;)

Post by koll2786 »

If anymore problems arrise, let it be known that OSBetaSpace does not use the leaked osba database anymore and that it was destroyed. Let it be said shard does not condone this and that Liebo and Grabberslasher may or may not be to friendly about using the database too. As far as it goes the only person who had thier password leak was EBD, mine was a stupid /msg nickserv. The other person who did the leak of ebds password also would like to make known that he is not targeting anybody but was only targetting erik as erik did something very nasty to him and he thought this would be a perfect way to get back at him. So mods you can close this topic now, and members of osba change your passwords and if something goes wrong do not assume that it was OSBetaSpaces as we assure that the database has been destroyed.

Andy
User avatar
Administrator
Posts: 12629
Joined: Fri Aug 18, 2006 11:47 am
Location: United Kingdom
Contact:

Post by Andy »

Topic locked. Topic has gone far enough and request for lock was made.

Locked