FFR Hacked.

**thesunfan** · 09-6-2016, 02:59 PM

Re: FFR Hacked.

my throwaway email got pwned, but similar to devonin, my usernames were not, so meh

**DossarLX ODI** · 09-6-2016, 04:13 PM

Re: FFR Hacked.

I would recommend users to change their passwords to something that is:
1) Reasonably strong. Avoid common dictionary words and try to mix in numbers, symbols, and/or mixed capitalization of letters.
2) A password that is not used anywhere else.
3) Not easily guessed by someone who knows you personally. For example, if your password included something about soccer because you have a personal interest in soccer as a hobby, it can be guessed. This has happened to some friends I know.

Additionally, keep in mind that:
- 61% of the 1.8 million user accounts were already stated to be hacked (i.e. compromised on other sites) in February. One of the easiest ways to have an account compromised is sharing a password amongst different sites that were already breached, so please use different passwords.
- A large majority of that 1.8 million account demographic is inactive and the passwords are probably simple (e.g. dictionary words or "abc123", I have guessed some user account passwords before on this site from being common dictionary words).
- There isn't any evidence from what we know about an attack happening through vbulletin. I did have a talk with Velocity about user security recently and he can chime in here if needed.

**Azpb Djbread** · 09-6-2016, 05:28 PM

Re: FFR Hacked.

Nooo!!!

**m0de** · 09-6-2016, 05:39 PM

Re: FFR Hacked.

Originally posted by DossarLX ODI

I have guessed some user account passwords before on this site from being common dictionary words

I.. Uhh.. What?

Edit: am I the only one slightly concerned about this comment? You being a "game manager/developer" and having access to the back end? I'll take "things I should have never said given my role here" for $500

**rushyrulz** · 09-6-2016, 05:47 PM

Re: FFR Hacked.

^ ^

**G2Wolf** · 09-6-2016, 05:49 PM

Re: FFR Hacked.

Originally posted by DossarLX ODI

I would recommend users to change their passwords to something that is:
1) Reasonably strong. Avoid common dictionary words and try to mix in numbers, symbols, and/or mixed capitalization of letters.
2) A password that is not used anywhere else.
3) Not easily guessed by someone who knows you personally. For example, if your password included something about soccer because you have a personal interest in soccer as a hobby, it can be guessed. This has happened to some friends I know.

Additionally, keep in mind that:
- []61% of the 1.8 million user accounts were already stated to be hacked (i.e. compromised on other sites) in February. One of the easiest ways to have an account compromised is sharing a password amongst different sites that were already breached, so please use different passwords.
- A large majority of that 1.8 million account demographic is inactive and the passwords are probably simple (e.g. dictionary words or "abc123", I have guessed some user account passwords before on this site from being common dictionary words).
- There isn't any evidence from what we know about an attack happening through vbulletin. I did have a talk with Velocity about user security recently and he can chime in here if needed.

Just because someone is on their multiple times does not mean they use the same password on each site, or even use weak passwords. Just the shit luck of being signed up to sites with apparently weak security.

Man, gotta love logging into a site for the first time in over 9 years just because of passwords being hacked now.

**Coolgamer** · 09-6-2016, 06:02 PM

Re: FFR Hacked.

I bought this to the attention of admins months ago, when leakedsource.com indicated that my e-mail showed up in records for flashflashrevolution.com. I didn't go public because I didn't want to panic anyone or alert people that might have bad intentions that the data was loose.

Nobody ever got back to me. I don't know if they didn't receive the info or not, but this is nothing new. The data has been circulating for a long time. Leakedsource has a lot of obscure leaks, so I guess the FFR data dump didn't catch the attention of haveibeenpwned until recently. I let them know about the dataleak on May 24th, according to my e-mail.

According to leaked source, the result was: Flashflashrevolution.com has: 1 result(s) found. This data was leaked on approximately 2015-10-09.

So I'm not certain where haveibeenpwned is pulling Feb 2016 from. Maybe the data was leaked twice?

I use Keepass now and have a separate strong password for everything.

KeePass Password Safe

http://keepass.info/

KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.

**T-Force** · 09-6-2016, 06:03 PM

Re: FFR Hacked.

Bahahahaha, I think I put in the wrong email address when changing something on here because the email I used for it is fine, but after checking, the one presented on my profile is different and was "pwned".

Double score as I don't use that email for anything else.

**walao1992** · 09-6-2016, 06:08 PM

Re: FFR Hacked.

wow looks like i've been PWNED!

**Coolgamer** · 09-6-2016, 06:13 PM

Re: FFR Hacked.

Really, what should happen is admins should force a check to see when passwords were last changed and force people logging in to change them, or just reset everyone's password like was done with other sites.

Ideally, e-mailing everyone about the breach would be nice, but it's likely many accounts have been abandoned by now.

Damage control is critical.

Also, holy hell, I think I'm the longest member on this thread so far. Has it really been since 2003? Almost 13 years...

**Azpb Djbread** · 09-6-2016, 06:56 PM

Re: FFR Hacked.

Question: Who is this person http://www.flashflashrevolution.com/profile/IwasHacked/
And how did he get those stats, 1 point? idk

**Mahou** · 09-6-2016, 07:24 PM

Re: FFR Hacked.

Originally posted by Azpb Djbread

Question: Who is this person http://www.flashflashrevolution.com/profile/IwasHacked/
And how did he get those stats, 1 point? idk

??? ??? ?? ?? ???

**Winrar** · 09-6-2016, 07:46 PM

Re: FFR Hacked.

Ehh, I'm not worried. It's only on this site and I have a different complex password for everything.

**Coolgamer** · 09-6-2016, 08:13 PM

Re: FFR Hacked.

Well, we'll see what happens. I expect a front-page notice regarding the situation, and hopefully a forced round of password resets.

Given how long this site has been around, it's a safe bet that many people used the same password here that they used everywhere else. Probably some of the more recent accounts made the same mistake as well.

This is the reality of the digital age. It's not the first breach I've been caught in. It won't be the last. But I'll certainly be keeping an eye on how staff responds.

**Izzy** · 09-7-2016, 04:54 PM

Re: FFR Hacked.

Guess I'll change my password. I use a password unique to FFR, but it was a stupid password that is probably able to be cracked.

FFR Hacked.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment