Author Topic: Oops, FA Got Hacked (Again)  (Read 9022 times)

Folseh

  • *
  • Posts: 34
  • E-points: +3/-0
  • Uninitiated Rube
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #40 on: May 25, 2016, 09:41:42 am »
Whoever has a copy of the FA database put up a Tor hidden service at http://fapassap77jfeffk.onion. (If you're a non-freak, you can try it at https://fapassap77jfeffk.onion.to/)

This lets you see what email address you registered for FA with, the last known email you used for FA, and whether your password is unique or not (this implies the attacker has already cracked all the password hashes they have, and tested them)

MOD EDIT: clipped the everloving motherfuck out of the quoted images

Make of that what you will.

Well I do know the FA admins DID try to make everyone on the moderating team use the FA email domain for security reasons, the reason the folks didnt want to use it...
"Why should we, when even YOU guys don't use it"
and thus your info shows "of course they dont use it"
« Last Edit: May 25, 2016, 08:48:05 pm by Pi »

rodox_video

  • Posts like Kage drinks
  • ****
  • Posts: 640
  • E-points: +61/-14
  • HURF DURF DUH BLUH
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #41 on: May 25, 2016, 09:53:55 am »
There's really not enough data available to even speculate who the hacker(s) might be, and that's a damn shame. Evidence does point to more than one person being involved though.

I don't think we can even rule out the original team behind 12/16. Remember, that group didn't just go after FA through the XSS stuff - they hacked Watch Your Step (and partially dumped it's db) first.

Any indication that the .onion site shares any hosting/resources with that big FA gallery dump?
Zeriara is part of a series on Whores.

ProvincialTwit

  • Abuse Dept.
  • Admin
  • Postcount killed Trogdor
  • *****
  • Posts: 833
  • E-points: +79/-35
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #42 on: May 25, 2016, 08:44:35 pm »
I hope nobody tries to 'hack' viv.  I mean seriously we'll get charged extra by the hosting provider.  They can just, like, have all our shit.

Zzyzx

  • Posts: 8
  • E-points: +1/-0
  • How Do I Security?
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #43 on: May 27, 2016, 11:58:30 am »
I hope nobody tries to 'hack' viv.  I mean seriously we'll get charged extra by the hosting provider.  They can just, like, have all our shit.
But I thought viv was protected with double rot13 encryption. I mean, that's several magnitudes of complexity that FA can't even get close to.

Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 844
  • E-points: +44/-12
  • \(_o)/
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #44 on: June 03, 2016, 04:05:29 am »
Users are starting to complain that they've been waiting 10 days for a reply to their account recovery email.

https://twitter.com/ZennyBleats/status/738392949436780544


A journal posted on the site today introduced "updates" to the account recovery tool. The journal also states they have gone through "5,000+" emails since this started. On May 29th Piche claimed they had gone through 4,000+ so that would imply their claims of answering nearly a thousand per day has slowed down throughout this week.

To his credit, Dragoneer has been quiet on Twitter other than to tweet about new macro/fat art he got and to tell people he's workin' on it (it being emails).

camellia sinensis

  • Winner: Worst Username on Viv 2011
  • **
  • Posts: 126
  • E-points: +36/-4
  • Drink me
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #45 on: June 04, 2016, 02:16:15 am »
Poor 'Neer, actually having to do work. Something he's not used to at all I'm sure.

nrr

  • Sean Piche Fan Club
  • Cabalistic Fuckhead
  • **
  • Posts: 125
  • E-points: +8/-3
  • OMG SO CUTE ^__^
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #46 on: June 04, 2016, 02:16:25 am »
Meanwhile, there's a leaderboard for most popular passwords across FA at http://ponywolf.net/fa_top100pw.html now.
im glad the "I saw a furry IRL" thread is so good at bringing goons together

YOUR PARTICIPLES AREN'T THE ONLY THINGS DANGLING

Zzyzx

  • Posts: 8
  • E-points: +1/-0
  • How Do I Security?
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #47 on: June 12, 2016, 08:14:56 pm »
Meanwhile, there's a leaderboard for most popular passwords across FA at http://ponywolf.net/fa_top100pw.html now.
I think those are from an older FA hack.

Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 844
  • E-points: +44/-12
  • \(_o)/
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #48 on: October 01, 2016, 01:07:29 am »
Several months later and the hackers have dropped the trouble ticket databases and suspensions database (which is different than the ban database apparently) for us to enjoy.

http://intelminer.com/FA/

The trouble ticket system goes back to the very first trouble ticket filed and contains nearly 200,000 tickets. This release includes people's personal information, as FA has used the trouble ticket system to resolve age locks for years. A simple search for "license" hits on several tickets submitted fairly recently where people have sent in screenshots of their drivers license, birth certificates, and many other bits of personal information.

rodox_video

  • Posts like Kage drinks
  • ****
  • Posts: 640
  • E-points: +61/-14
  • HURF DURF DUH BLUH
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #49 on: October 10, 2016, 08:30:00 pm »
Quote
Alt for TheQuantumHelix, who was posting the Zaush bestiality picture. 41505 1/17/2014 3:45 SSJ3Mewtwo Bright-Lights-Cast-Shadows 8099 926937 This acount is connected with another account that has been permabanned.
uhhhhhh
Quote
User posted the same Zaush bestiality photo. 41505 1/17/2014 3:43 SSJ3Mewtwo TheQuantumHelix 8098 727168 This account has been permanently suspended for posting bestiality photography and being derogatory towards site staff.
UHHHHHHHHHH
Quote
UHHHHHHHHHHHHHHH
Zeriara is part of a series on Whores.

camellia sinensis

  • Winner: Worst Username on Viv 2011
  • **
  • Posts: 126
  • E-points: +36/-4
  • Drink me
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #50 on: October 10, 2016, 09:04:05 pm »
wait what

rodox_video

  • Posts like Kage drinks
  • ****
  • Posts: 640
  • E-points: +61/-14
  • HURF DURF DUH BLUH
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #51 on: October 10, 2016, 09:05:48 pm »
i think i'd remember this, even if it was a terrible fakeass shoop
Zeriara is part of a series on Whores.

Murderous Pacifist

  • *
  • Posts: 64
  • E-points: +2/-4
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #52 on: October 13, 2016, 06:07:42 am »
This is from http://intelminer.com/FA/

Quote
This archive is the entire hash list of every password from the Furaffinity dump

I don't know anything about hacking or coding. Is this saying every person's password is fully and openly displayed here, or just the first and last letters like the first go around?

Several months later and the hackers have dropped the trouble ticket databases and suspensions database (which is different than the ban database apparently) for us to enjoy.

Anyone know why these came out over 4 months after the initial bombshell? Seems strange that they wouldn't release everything at once or close together.

Conan

  • Postcount killed Trogdor
  • *****
  • Posts: 844
  • E-points: +44/-12
  • \(_o)/
    • View Profile
Re: Oops, FA Got Hacked (Again)
« Reply #53 on: October 14, 2016, 04:29:43 am »
This is from http://intelminer.com/FA/

Quote
This archive is the entire hash list of every password from the Furaffinity dump

I don't know anything about hacking or coding. Is this saying every person's password is fully and openly displayed here, or just the first and last letters like the first go around?

Several months later and the hackers have dropped the trouble ticket databases and suspensions database (which is different than the ban database apparently) for us to enjoy.

Anyone know why these came out over 4 months after the initial bombshell? Seems strange that they wouldn't release everything at once or close together.

A hashed password is a password that has been encrypted. When you log into FA, it encrypts whatever you typed in against the salt and compares the outcome to the one stored in the database. If they match, it logs you in.

Not a computer security expert but I'll try my best here: A "Salt" is essentially what the encryption uses to encrypt. Most sites nowdays will create a seperate salt per user, but this is FA we're talking about so of course they didn't do that. That makes it easy to simply start encrypting random passwords and words (a "dictionary attack") against the salt and seeing if there are any matches in the database. Individual user salts would require you to run that kind of attack per user, which takes way more time and processing power.

Someone claiming to be the hacker said on 8ch.net that they are releasing slowly so FA can't get over the breach. Reminding users every few months that the site was hacked, as well as causing chaos online among people who haven't been paying attention and think it's a new hack, seems like a effective way to do that.

Pi

  • POOR IMPULSE CONTROL
  • Cabalistic Fuckhead
  • Posts like Kage drinks
  • ****
  • Posts: 657
  • E-points: +54/-12
  • <blink>yes hello</blink>
    • View Profile
    • Clan Spum userpage
Re: Oops, FA Got Hacked (Again)
« Reply #54 on: October 14, 2016, 09:55:01 pm »
A hashed password is a password that has been encrypted. When you log into FA, it encrypts whatever you typed in against the salt and compares the outcome to the one stored in the database. If they match, it logs you in.
basically right but you keep saying encrypted where you mean hashed
"we did farts.  now we do sperm.  we are cutting edge." Theo DeRaadt