Boards.ie Attack - What Happened? Please post all questions here.

Overheal

snyper wrote: »

The Times makes money publishing stories.Its what they do.


Am i suprised they published the story despite been asked not to?

No, if they complyed with the requests of everybody they would probably never post an article based on a criminal investigation

Do i believe that the hacker took credit card details of users from boards.ie? Absolutey not... have you ever tried to donate to boards.ie related charities or subscribe? Afaik, they use a third party.

I dont see how they could have stolen CC Details - its all done through Paypal.

copacetic

snyper wrote: »

Do i believe that the hacker took credit card details of users from boards.ie? Absolutey not... have you ever tried to donate to boards.ie related charities or subscribe? Afaik, they use a third party.

Overheal wrote: »

I dont see how they could have stolen CC Details - its all done through Paypal.

The story doesn't say anything like that, it says:

has already used stolen passwords and email addresses to access credit from gambling websites

which means that the password and email address they got from the hack was used to access a users gambling site account. Which based on threads on poker, could have happened, or at least the timing was pretty coincidental.

So the times have a source 'close to the investigation' and have been reading the various threads on boards. Thats all there is really.

Not sure why they shouldn't have printed the story though, very little in it and nothing worse than is in the papers/posted on boards every day of the week.

DeVore

we'll explain why, when its safe to explain why.


EKRUIQ, you talk some nonsense in that post mate.

DeV.

Bonito

EKRIUQ wrote: »

Boards.ie now is not just a community website it also a partly commercial driven website as there's plenty of bills to pay. By releasing the information The Times had I'm sure would do more damage than good to the website as it could damage confidence by the users and members of the website. The owners have to look after the best interest of the site.

Sorry what? As far as I'm concerned the team didn't have to go to the trouble of recovering the accounts etc. They could have said meh go make a new one but didn't. To me that shows how much they value their users!

As for the people who had the same password for every single account including emails etc maybe this was a wake up call that they needed. Although the greatest of lengths and precautions are taken to ensure security online it's like contraception, it's never going to be 100% effective at keeping the little basta'ds out. Vary your passwords and at least then you only lose one account!

Also if you happen to be one of the recovered accounts I'd stop whinging like a baby and appreciate the amount of work the lads are putting in getting everything back to normal!

DeVore wrote: »

we'll explain why, when its safe to explain why.


EKRUIQ, you talk some nonsense in that post mate.

DeV.

+1

jumpguy

As a matter of interest for you guys, I've never recieved the breach notification email (and yes, I'm 100% sure it's not in my spam box.)

Darragh

Thanks jumpguy, there were problems from our end with sending out the emails to that many people at once, so some people didn't get them, unfortunately.

Jonathan

MetroHerald p8 has a bit about it.

Conor

jumpguy wrote: »

As a matter of interest for you guys, I've never recieved the breach notification email (and yes, I'm 100% sure it's not in my spam box.)

Your mail provider (yes, I know it's not a niche one either) is well known to be difficult to deliver legitimate bulk e-mail to.

If we had been using our usual infrastructure to send the mails, we would have had a bit of a better chance. Unfortunately at the time which we sent out the e-mails Ross and I weren't willing to bring the machines back up since we hadn't finished confirming how far into our infrastructure the attack had gone.

seamus

Never underestimate the ethically suspect hoops that journalists will jump through in order to gather information. They have no social conscience when it comes to getting a good story.

Also, as much of an ego boost as it may be, I seriously doubt that was the biggest online crime in the history of the state.

DeVore

Don't take away our dream Seamus!!!!



DeV.

Time Magazine

If it's any consolation lads, Latvia's GDP has dropped by 25% in the last two years

kippy

Time Magazine wrote: »

If it's any consolation lads, Latvia's GDP has dropped by 25% in the last two years

About the same as our own I would guess!

Tar.Aldarion

kippy wrote: »

About the same as our own I would guess!

Coincidence...or a hackers scheme..

/contacts paper

Agent Smith

EKRIUQ wrote: »

Boards.ie now is not just a community website it also a partly commercial driven website as there's plenty of bills to pay. By releasing the information The Times had I'm sure would do more damage than good to the website as it could damage confidence by the users and members of the website. The owners have to look after the best interest of the site.

DeVore wrote: »

we'll explain why, when its safe to explain why.


EKRUIQ, you talk some nonsense in that post mate.

DeV.

Well its true in fairness. People have to get paid, Boards needs an income.

The days of running boards being a hobby is gone, Like the days when boards members were only people who worked in IT and Played Quake.


Anyway, I'm sure it didnt help having "Boards.ie Hacked" on the cover of the Hearld Metro the next morning...

Buford T Justice

Hi

I sent an email to hello@boards.ie on the 8th feb, and I sent a pm to Darragh last week and I got no reply

Just wondering guys, can you help me?

coldwood92

Well done to the team of boards

The Boarder Man

Gah - what the?

I've just received a PM from the Boards team now and it's the first I've ever heard of this. What happened to the email to all members "composed" on the 22nd of January???

(I've checked and did receive a thread update email on the 25th so no problem with my email).

Basq

The Boarder Man wrote: »

I've just received a PM from the Boards team now and it's the first I've ever heard of this. What happened to the email to all members "composed" on the 22nd of January???

It went into a couple of people's "Spam" folder... myself included!

The Boarder Man

basquille wrote: »

It went into a couple of people's "Spam" folder... myself included!

Not likely. The email account I use for Boards goes to two different mail providers. One of them is over zealous so I check the Spam folder regularly, the other doesn't filter much at all and it's not there either. Possibly got caught in a server side filter???

Sherifu

The Boarder Man wrote: »

Not likely. The email account I use for Boards goes to two different mail providers. One of them is over zealous so I check the Spam folder regularly, the other doesn't filter much at all and it's not there either. Possibly got caught in a server side filter???

It's a known issue I think.

.BrianJM

I too, received a PM but my only thought was that some some people, who hadn't heeded the password advice, had been 'hacked' and that the PMs were a gentle reminder to those who didn't take the matter seriously.

~~~

[I was also one of the many who did not receive an email but it wasn't really needed. The bold red message at the top of the front page was good enough.]

DeVore

Correct, this is a gentle reminder. If you have already changed your passwords on other sites, then you can ignore this message.


The Gardai have been excellent working with us, when the whole thing is over I hope to be able to bring you all up to speed as its a fairly odd story and its still unravelling but for now, bear with us.

There is no real news except to remind you that you should change your passwords on other sites if they were the same as the password you used for Boards before the hack and you havent changed them since. Phew.


DeV.

Spiritoftheseventies

DeVore wrote: »

Correct, this is a gentle reminder. If you have already changed your passwords on other sites, then you can ignore this message.


The Gardai have been excellent working with us, when the whole thing is over I hope to be able to bring you all up to speed as its a fairly odd story and its still unravelling but for now, bear with us.

There is no real news except to remind you that you should change your passwords on other sites if they were the same as the password you used for Boards before the hack and you havent changed them since. Phew.


DeV.

Sorry just to ask not exactly sure what my original password I used on Boards.ie. But how serious is the threat would you say. Are these hackers still at large?

DeVore

The information was compromised, that genie rarely goes back in its lamp. If you wanted to be safe why not take 5 minutes and change your passwords on any important sites you use, its a good idea either way.


DeV.

Spiritoftheseventies

DeVore wrote: »

The information was compromised, that genie rarely goes back in its lamp. If you wanted to be safe why not take 5 minutes and change your passwords on any important sites you use, its a good idea either way.


DeV.

Thats fair enough but cant understand why we cant have access to our original passwords. Surely they were stored.Appreciate that Boards took the trouble to notify us about this though

Bonito

Changed my password earlier. When I clicked save I got a pop up asking me to confrim which user I was changing passwords for. I only have one account, though.

Conor

Spiritoftheseventies wrote: »

Thats fair enough but cant understand why we cant have access to our original passwords. Surely they were stored.Appreciate that Boards took the trouble to notify us about this though

We blanked all the passwords on the day of the attack.

While they still are in some backups, it takes hours to restore from backups and then we'd have to crack the hashed version of your password to give it to you in a form recognisable to you. If your password was strong, that could take quite a while too.

The Boarder Man

Sherifu wrote: »

It's a known issue I think.

Sorry to bang on about this; but if it was a known issue in January why wasn't another email or PM sent out then?

Sherifu

The Boarder Man wrote: »

Sorry to bang on about this; but if it was a known issue in January why wasn't another email or PM sent out then?

I can't answer that(if there was an answer about it I missed it). I'd appreciate an explanation about it too...

Daemos

Boarder Man, could you answer something for me. How can this be the first time you've heard about it if you had to reset your password when the site came back online to get access to your account back?