Was Anandtech hacked?

[dualsmp]

I checked https://leakedsource.com and it came up with a result for Anandtech. I searched the forums but couldn't find any mention of it.

Anandtech.com has: 1 result(s) found. This data was hacked on approximately 2016-03-15 00:00:00 username, Possible plaintext password, hash, email, register_date, last_login, birthday, ipaddress, salt,

Is this a false alarm? I don't remember any warning about anything here on the forums.

Locking this up. Please see the following thread for more details: http://forums.anandtech.com/showthread.php?t=2477224
-Ryan Smith

 

[dualsmp]

I suggest people check their username or email on the site mentioned above. It looks like at some point Anandtech was compromised.

 

[Krazy4Real]

Wouldn't surprise me given how old the software here is. I'm really curious to hear from someone about this.

 

[allisolm]

Was Anandtech hacked?

Not as far as I know. Checked the moderator sections and no mention there. No PMs either. So, if anything happened, it was not shared with the moderators.

 

[Red Squirrel]

Interesting I checked my username and email and both show up. A lot of other sites too...

Think Hardforum got hacked at one point too. Though it's hard to tell how that site works, is it just scraping the members sections of forums, or is it actually based on actual database dumps?

 

[dualsmp]

Interesting I checked my username and email and both show up. A lot of other sites too...

Think Hardforum got hacked at one point too. Though it's hard to tell how that site works, is it just scraping the members sections of forums, or is it actually based on actual database dumps?

From their description actual database dumps.

LeakedSource is a search-engine capable of searching over 1.9 billion leaked records -- an aggregation of data from hundreds of disparate sources. We have been able to accumulate this data over a relatively short period of time through a combination of deep-web scavenging and rumor-chasing. Occasionally these efforts lead to major discoveries (e.g. Myspace.com, LinkedIn.com), but we really aren't too picky. If we come across a leaked database from a company that most people haven't heard of, we will incorporate it into our master database just the same.

 

[Dude111]

I dunno if I would advise putting your username,etc in that site!! (Just in case)

 

[dualsmp]

I dunno if I would advise putting your username,etc in that site!! (Just in case)

This isn't a haX0r site, they are providing information to let you know where to make password changes on sites you might frequent. Also, think of it this way.. Any random yahoo can type in your username anyways.

You can delete all your email results from the database once you determine what sites were exposed. It takes like 2 minutes to delete and they are gone. You have to be in control of the email though because they send a confirmation request. If you go to the FAQ the delete link is at the very bottom.

 

[Gonad the Barbarian]

Hacker steals 45 million accounts from hundreds of car, tech, sports forums
Looks like everything was hacked.

 

[Red Squirrel]

I dunno if I would advise putting your username,etc in that site!! (Just in case)

Yeah I was kind skeptical too, but figured there's not really much they could potentially do with just a username. Did not put my main email.

Shows how important it is to keep forum software up to date though, seems a lot of forum software has all sorts of exploits that allow these types of leaks to happen in first place.

 

[thecoolnessrune]

Yeah, the latest version of the 3.x branch is what, 5 years old? Forum systems don't really keep up with modern security threats. i wouldn't be surprised at all if a vBulletin Security gap was exploited (again).

 

[Krazy4Real]

Many of the forums ran versions of vBulletin software dating back to 2007. Most were running software versions that were easily exploitable by hackers with known vulnerabilities. A blog post from security reporter Brian Krebs from 2013 showed that older versions of the vBulletin forums that were vulnerable could be easily searched with readily-available attack tools.

Maybe they can finally get this forum upgraded. At least off of an alpha version maybe??????

 

[brianmanahan]

our usernames show up in the anandtech hack...

 

[SOFTengCOMPelec]

If I give my IP address to that website in opening post, it says:

Anandtech.com has: 1 result(s) found. This data was hacked on approximately 2016-03-15 00:00:00 What is in this database?

So maybe it was really attacked.

Anyone else willing to try just giving it your IP address as a search term ?

(Hopefully stating the obvious, it WILL get your IP address anyway, when you access the site (unless using proxies or something).

I did initially search for my anandtech username (which it found), so I'm NOT 100% sure, if they cheated or not.

 

[dualsmp]

If I give my IP address to that website in opening post, it says:



So maybe it was really attacked.

Anyone else willing to try just giving it your IP address as a search term ?

(Hopefully stating the obvious, it WILL get your IP address anyway, when you access the site (unless using proxies or something).

I did initially search for my anandtech username (which it found), so I'm NOT 100% sure, if they cheated or not.

Check post #9

http://forums.anandtech.com/showpost.php?p=38296602&postcount=9

The ZDNet article mentions leakedsource.com by name and links to it. It is a legit site.

The Anandtech database has been hacked, it is in the wild.

 

[SOFTengCOMPelec]

Check post #9

http://forums.anandtech.com/showpost.php?p=38296602&postcount=9

The ZDNet article mentions leakedsource.com by name and links to it. It is a legit site.

The Anandtech database has been hacked, it is in the wild.

Thanks, I did not pay too much attention to post #9, when I read through the entire thread.

I'm a bit disappointed that I'm NOT hearing this from anandtech forums, themselves. Some people might share the passwords etc, with other sites, and want to take action.
EDIT: But I guess if they did not know about it. They can't tell us about it.