It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
My ATS Account just got hacked
page: 21share:
a reply to: ArMaP
The website administrator does have access to the website database and can change anything they want in it. With how many accounts got hacked in a short period of time comes across as someone messing with the record level data. With that kind of access, they can mess with anything they want. For now it is just a fun probing test. ATS getting owned by the USSR is hilarious.
Last I know, Darko got the keys. He let someone else in for a while to tidy things up. Been AWOL for a while now. Ghost helped the mods get in with the password/email reset. Is it a new actor?
neither mods or admins have the tools to change members' avatars
The website administrator does have access to the website database and can change anything they want in it. With how many accounts got hacked in a short period of time comes across as someone messing with the record level data. With that kind of access, they can mess with anything they want. For now it is just a fun probing test. ATS getting owned by the USSR is hilarious.
Last I know, Darko got the keys. He let someone else in for a while to tidy things up. Been AWOL for a while now. Ghost helped the mods get in with the password/email reset. Is it a new actor?
edit on 3-10-2024 by kwaka because: added sentence
(post by yuppa removed for a serious terms and conditions violation)
(post by yuppa removed for a serious terms and conditions violation)
originally posted by: kwaka
The website administrator does have access to the website database and can change anything they want in it. With how many accounts got hacked in a short period of time comes across as someone messing with the record level data.
I know that.
I also know that with database access they could have change everyone's avatar with just one command, but we didn't see that.
They could also change the avatar for anyone on a list of members with just one command, but we didn't see that.
They could change anything besides avatar, colours and signature, but they did not.
All of the above point to the hacker(s) only having access to the "account" page and nothing more.
originally posted by: yuppa
originally posted by: ArMaP
originally posted by: yuppa
Former MOD or admin access holder. very short list of those right?
Right, but neither mods or admins have the tools to change members' avatars, which means the way it was done was not via a normal procedure, which means that anyone, former mod/admin or not, could do it, as long as they could hack the account page.
[snip]
As far as I know, only one person had direct access to the database.
And, apparently, you missed one part, that I am going to repeat and bold:
"...which means that anyone, former mod/admin or not, could do it, as long as they could hack the account page"
edit on 10/3/2024 by
elevatedone because: (no reason given)
a reply to: ArMaP
There is only two places the breach could of happened. Either cracking each of the individual members account or cracking the website administration account.
With how it was only active members that where online at the time that got hit, it is much easier and more reasonable that the website administration account got hacked. To hack each of the online members account without website administration privilege would be a much more challenging task.
"...which means that anyone, former mod/admin or not, could do it, as long as they could hack the account page"
There is only two places the breach could of happened. Either cracking each of the individual members account or cracking the website administration account.
With how it was only active members that where online at the time that got hit, it is much easier and more reasonable that the website administration account got hacked. To hack each of the online members account without website administration privilege would be a much more challenging task.
a reply to: ArMaP
Does that mean only how accounts are displayed to logged on members? And not the passwords and email accounts?
For instance: Not logged in viewing of ATS threads don't show avatars or location or mood or signatures. So non-member guests to the site don't notice any difference any way.
Is there a different data base containing the password and email accounts? Because those show on the setting page also.
All of the above point to the hacker(s) only having access to the "account" page and nothing more.
Does that mean only how accounts are displayed to logged on members? And not the passwords and email accounts?
For instance: Not logged in viewing of ATS threads don't show avatars or location or mood or signatures. So non-member guests to the site don't notice any difference any way.
Is there a different data base containing the password and email accounts? Because those show on the setting page also.
edit on 4-10-2024 by
FullHeathen because: (no reason given)
originally posted by: ArMaP
a reply to: lilzazz
It's the same everywhere, as long as there are security flaws.
In this particular case I think it has existed for many years.
Yep! Some hacker named "GHOST" would appear from time to time between (I think) 2019 and 2022. Ghost wasn't malicious. He/She just did things to show how smart he/she was.
a reply to: WeMustCare
Everybody logging off and running away scared, but if the user database were actually breached that wouldn't save you from anything. It'd be too little too late BUT...
I mean did anybody share their SSN or credit info on here? I hope not.
Worried someone gonna see your username on some tiny forum and throw you in the pit of despair?
Anybody waking up missing a kidney? Anybody care to share how they've been harmed? Anyone?
Man people freak out over silly things sometimes. But I get it, the internet and tech is scary if you're not fully educated.
Your personal data is already out there everywhere and can be misused at any time by bad actors.
I feel like logging off and leaving ATS is akin to using that chain link fence to stop mosquitos.
Oh and for the record, nobody has had their posts altered or edited, as I've seen rumors floating around.
Man nothing happened except a couple people got their avatar temporarily pranked.
Everybody logging off and running away scared, but if the user database were actually breached that wouldn't save you from anything. It'd be too little too late BUT...
I mean did anybody share their SSN or credit info on here? I hope not.
Worried someone gonna see your username on some tiny forum and throw you in the pit of despair?
Anybody waking up missing a kidney? Anybody care to share how they've been harmed? Anyone?
Man people freak out over silly things sometimes. But I get it, the internet and tech is scary if you're not fully educated.
Your personal data is already out there everywhere and can be misused at any time by bad actors.
I feel like logging off and leaving ATS is akin to using that chain link fence to stop mosquitos.
Oh and for the record, nobody has had their posts altered or edited, as I've seen rumors floating around.
Man nothing happened except a couple people got their avatar temporarily pranked.
edit on 4-10-2024 by AlroyFarms because: (no reason given)
originally posted by: FullHeathen
Does that mean only how accounts are displayed to logged on members? And not the passwords and email accounts?
Sorry, I don't understand what you mean.
a reply to: ArMaP
Is there a different data base that contains the member email addresses and ATS login passwords?
It would make sense for there to be one since it would be used for sign-up purposes. And the auto email function isn't working, hence no new members.
The only thing being changed by hacker is visual display addons: (avatar, location, mood, signature)
Is there a different data base that contains the member email addresses and ATS login passwords?
It would make sense for there to be one since it would be used for sign-up purposes. And the auto email function isn't working, hence no new members.
The only thing being changed by hacker is visual display addons: (avatar, location, mood, signature)
new topics
-
Happy Birthday OZZY
Music: 2 minutes ago -
Chinese national busted in LA sending weapons to NK
World War Three: 29 minutes ago -
South Korea declares martial law for first time in 50 years over North Korea threat
Other Current Events: 2 hours ago -
Alien warfare predicted for December 3 2024
Aliens and UFOs: 6 hours ago
top topics
-
Alien warfare predicted for December 3 2024
Aliens and UFOs: 6 hours ago, 13 flags -
Statements of Intent from Incoming Trump Administration Members - 2025 to 2029.
2024 Elections: 16 hours ago, 9 flags -
Could Biden pardon every illegal alien
Social Issues and Civil Unrest: 17 hours ago, 8 flags -
South Korea declares martial law for first time in 50 years over North Korea threat
Other Current Events: 2 hours ago, 8 flags -
Stop the Presses! Turkey Soup.
Food and Cooking: 17 hours ago, 5 flags -
Chinese national busted in LA sending weapons to NK
World War Three: 29 minutes ago, 0 flags -
Happy Birthday OZZY
Music: 2 minutes ago, 0 flags
active topics
-
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3468 • : WeMustCare -
Alien warfare predicted for December 3 2024
Aliens and UFOs • 32 • : grey580 -
Happy Birthday OZZY
Music • 0 • : gortex -
Could Biden pardon every illegal alien
Social Issues and Civil Unrest • 24 • : WeMustCare -
Biden pardons his son Hunter despite previous pledges not to
Mainstream News • 128 • : angelchemuel -
Assad flees to moscow
World War Three • 48 • : cherokeetroy -
Never say Never?
Science & Technology • 47 • : Oldcarpy2 -
South Korea declares martial law for first time in 50 years over North Korea threat
Other Current Events • 19 • : onestonemonkey -
Chinese national busted in LA sending weapons to NK
World War Three • 0 • : Ravenwatcher -
I thought Trump was the existential threat?
World War Three • 186 • : cherokeetroy