Movie Forums (http://www.movieforums.com/community/index.php)
-   Movie Forums Site Stuff (http://www.movieforums.com/community/forumdisplay.php?f=7)
-   -   This forum leaked my details on to the dark web through a data breach (http://www.movieforums.com/community/showthread.php?t=67897)

MovieOne 03-29-23 04:02 AM

This forum leaked my details on to the dark web through a data breach
 
My email was stolen, got my ip and password.

Beware.....

cricket 03-29-23 07:23 AM

https://media2.giphy.com/media/lFkmPOzU6ECY0/giphy.gif

Allaby 03-29-23 07:57 AM

Re: This forum leaked my details on to the dark web through a data bre
 
If your data got leaked, how do you know it was from this website?

Citizen Rules 03-29-23 09:38 PM

Originally Posted by MovieOne (Post 2380471)
My email was stolen, got my ip and password.

Beware.....
Those damn ip stealers;)

Yoda 03-29-23 10:38 PM

Re: This forum leaked my details on to the dark web through a data bre
 
All our passwords are encrypted. IP addresses, for those who don't know, are available to any site you visit.

That said, I certainly wouldn't encourage anyone to store any crucial personal information on a random forum account.

Mesmerized 03-29-23 10:59 PM

Originally Posted by MovieOne (Post 2380471)
My email was stolen, got my ip and password.

Beware.....
You waited 7 years to tell us this?

MovieOne 03-29-23 11:41 PM

Re: This forum leaked my details on to the dark web through a data bre
 
Norton security only just notified me through it's dark web monitoring, and it linked the activity back to the forum. So it literally gave this forum link as the source of the leak. I honestly forgot I even had an account here till now.

Don't shoot the messenger, blame Norton Anti virus software if you think it's so crazy.

The question I have really is who would be stealing people's email on here and putting it on the dark web. That should concern anyone with an account. Just saying.

MovieOne 03-29-23 11:50 PM

Re: This forum leaked my details on to the dark web through a data bre
 
I should clarify that It's not verified if they obtained the password at all, it only suggests that my password could be at risk, due to my email being leaked. having a password at risk I was treating the same as compromised data. That's why I mentioned the password and IP linked to the email as exposed.

Mesmerized 03-30-23 12:40 AM

Re: This forum leaked my details on to the dark web through a data bre
 
These messages you're getting from your anti-virus software could be just an advertising gimmick to get you to upgrade your service. If it hasn't caused you any real damage to your email accounts or to your computer, I would probably just ignore it.

SpelingError 03-30-23 12:43 AM

Originally Posted by Yoda (Post 2380657)
All our passwords are encrypted. IP addresses, for those who don't know, are available to any site you visit.

That said, I certainly wouldn't encourage anyone to store any crucial personal information on a random forum account.
Perhaps, or maybe you have secret ties to the dark web and you're trying to corrupt us all.

Mesmerized 03-30-23 12:47 AM

Re: This forum leaked my details on to the dark web through a data bre
 
I have the free version of Avast on my computer and I get pop-ups all the time warning me about stuff. I ignore it mainly because I don't visit many sites with my computer and also I don't have anything worth stealing anyway.

Yoda 03-30-23 12:51 AM

Re: This forum leaked my details on to the dark web through a data bre
 
Re: emails. There's a lot of email harvesting, a lot of script kiddies use bots searching for vulnerabilities and just sort of collect things for...well, for no real reason that I can see, since you can harvest emails almost anywhere and there's nothing particularly valuable about the ones here. A lot of this stuff, as insane as it sounds, people do just to do. Maybe it feels cool, I dunno.

As for passwords, yeah, no worries there: they're definitely encrypted. I have full access to the database and I don't even get to see what they are. That said, people should 100% not be using any password for a forum that's being used for anything remotely important. I realize people do this anyway sometimes, but they really shouldn't.

Someone having your email address--a thing basically none of us really keep private in any meaningful sense anyway--is basically the worst thing you can/should hope to "lose" here.

Yoda 03-30-23 12:52 AM

Originally Posted by SpelingError (Post 2380675)
Perhaps, or maybe you have secret ties to the dark web and you're trying to corrupt us all.
That does sound like me.

Incidentally, the phrase "dark web" has become increasingly meaningless. I've seen things referred to with that term which are...well, just websites. But I guess it sounds scary, so there's that.

Holden Pike 03-30-23 03:08 AM

1 Attachment(s)

MovieOne 03-30-23 03:17 AM

Originally Posted by Yoda (Post 2380677)
Re: emails. There's a lot of email harvesting, a lot of script kiddies use bots searching for vulnerabilities and just sort of collect things for...well, for no real reason that I can see, since you can harvest emails almost anywhere and there's nothing particularly valuable about the ones here. A lot of this stuff, as insane as it sounds, people do just to do. Maybe it feels cool, I dunno.

As for passwords, yeah, no worries there: they're definitely encrypted. I have full access to the database and I don't even get to see what they are. That said, people should 100% not be using any password for a forum that's being used for anything remotely important. I realize people do this anyway sometimes, but they really shouldn't.

Someone having your email address--a thing basically none of us really keep private in any meaningful sense anyway--is basically the worst thing you can/should hope to "lose" here.
This email I'm referring to I've had it since forever, but all through that time I been using the email, I never had norton notify me of that before. There is no way to know if it is some marketing trick, but I don't think that would be ethical to pull that kind of stunt on customers, so I take their word for it that they did find something wrong. I've never had them pull dumb crap like that on me before. I'm sure there is programs out there that definitely scam their customers, but I don't think Norton security is one of them.

The reason it might be a security issue for this forum is that people may not want their email floating around the net attracting who knows what junk mail for what purposes. It's basically an electronic address which not everyone can just change when they want to. I didn't really think about this issue when I joined forums years ago, and if I was to join anything now, I would mostly use throw away emails.

So although it doesn't seem that serious, someone is exploiting something, and it's still private data. Technically it is a data breach, but you don't seem to be treating it as something serious, maybe because you can't do much about it? If that is the case there should be some type of heavy warning on the site saying "Your email may be exposed to third parties" as when you really think about it, it does sound scary, and it is in a way.

I'm glad you were not childish enough to delete the thread and censor the entire thing. I know many forums that would just get rid of any discussion about threats, so good job there.

John McClane 03-30-23 08:54 AM

First, how did Norton notify you?

Second, Norton, or someone pretending to be Norton, is trying to scare you.

Third, it’s a high probability the info was already on the dark web before you signed up here.

Yoda 03-30-23 10:26 AM

Originally Posted by MovieOne (Post 2380700)
you don't seem to be treating it as something serious, maybe because you can't do much about it?
It's for a few reasons.

The first I alluded to earlier: it's usually not targeted. I've actually seen these sites before: people trawl the internet for little exploits or zero day patches or whatever and dump meaningless data on some forum (it's often just a website, in case "dark web" is freaking anyone out) and it just sits there, because it has little to no value to anyone. I saw one where this happened specifically because you had to do it to earn "points" that allowed you to download other files. It was crazy how banal and rote the whole thing was.

The second reason is that the plausible worst case scenario is basically as you described: hypothetically someone could sign you up for some junk mail, but that's almost certainly true for just about everyone here already. If you've signed up for even a few things, the odds that your email has been or will be exposed at some point approaches 1.

The third reason is that, thankfully, the downsides are minimal. The value of an individual email is worth a vanishingly small amount now. I published my own email on here publicly for many years, and as far as I can tell there was close to no downside from that. In fact, I get less spam now than when I started, by a wide margin.

There is one edge case that is quite serious, though, which I mentioned before and will mention again below:

Originally Posted by MovieOne (Post 2380700)
I'm glad you were not childish enough to delete the thread and censor the entire thing. I know many forums that would just get rid of any discussion about threats, so good job there.
Yeah, certainly, I like to address these things head-on. I guess I would've preferred being contacted personally first, or even having this framed as a question before a dramatic accusation, particularly since there's no detail with which to potentially investigate. But no big deal.

Frankly I like to use the opportunity to remind people of best practices: don't use the same password on a forum that you use on any sensitive sites, don't store anything here that's sensitive or important, etc.

The #1 issue with data breaches is usually not the data itself, but the ways people can triangulate the data to gain access to something else, and that only happens if people are careless. Keeping your email secret is basically impossible, but stratifying passwords properly and the like is pretty easy, and fends off nearly all of the worst things that can result.

WHITBISSELL! 03-30-23 11:51 AM

I'm having a colonoscopy this coming Monday and I'll ask them to take pictures. Then I'll post them in an email under a tantalizing subject header like, "There's gold in them thar hills" or "Bitcoin wallet passphrase". I got your DARK web.


Citizen Rules 03-30-23 12:42 PM

Originally Posted by John McClane (Post 2380718)
First, how did Norton notify you?

Second, Norton, or someone pretending to be Norton, is trying to scare you...
That's very possible. The other day my wife's laptop had a pop up virus warning from Microsoft saying Warning Windows is at risk...Ha her computer runs Linux!..It was a spoof message from some infected web site designed to cause a frightened person to take immediate action thereby giving some useful information to naughty bots.

OP...if your message was for real then many other members here would've also been warned of a breach from their Norton anti virus, you're the first person to mention it. I wouldn't worry about it. Glad I don't use anti virus, I remember those as being pains in the ass.

Stirchley 03-31-23 01:39 PM

Interesting to me that the OP had posted exactly twice in the 7+ years he’s been a member of this forum. And, suddenly, his email address has been stolen.

I’ve posted almost 34,000 times in the 5+ years I’ve been a member here & never had a security issue.

Just saying. :)


All times are GMT -3. The time now is 08:15 AM.

Powered by: vBulletin, Copyright, ©2000 - 2024, Jelsoft Enterprises Ltd.
User Alert System provided by Advanced User Tagging v3.3.0 (Lite) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Copyright © Movie Forums