Uma onda de ataques a sites fechados de torrents vem acontecendo nas ultimas semanas. Estes sites possuem centenas de membros, e compartilham entre si diversos tipos de arquivos. A intenção destes ataques é de furtar dados de usuários. Dê uma olhada nas mensagens que os administradores de dois destes sites divulgaram entre seus usuários:
| System | 2012-10-02 18:17:17 |
| Hello all members! Yesterday, as many of you know already, ILT had a serious malfunction that had us down for over 8 hours. First, allow me to apologize on behalf of ILT to all our members and assure you that this had nothing to do with the recent attack on the BT Community or any other poking and prodding around by unwanted parties.. We suffered the loss of some equipment in which we mentioned was aging at the beginning of the year... With the donations that were collected from our great community earlier this season, we had the backup equipment needed to make the repairs and get back online! We would like to thank all our members for hanging in there with us. A special thanks goes out to all you members that are able to help the site financially. Without your help, ILT would be nothing.. Please donate if you're able and help keep the future of ILT looking bright! VonZipper08 ~sysop~ | |
It has been determined that your username was part of the information released by the hack group "Afghan Hacker".
Of the claimed 50,000 hacked accounts most of the information when examined was found to be erroneous, dead or nonexistent accounts, inaccurate passwords and duplicate data.Once that was striped out and compared to existing accounts only a small number of members were actually affected.
As a result of all this and looking at the information provided the site determined that rather then approach you all individually via email it was better to reset all user passwords and put a policy in place to enforce a more secure login here to cover all members.
For those of you affected rests assure your accounts are safe. If you have friends that were on the list pleasehave them password recover their accounts via existing email or join irc for further assistance.
We'd also like to request that all those who do receive this message, if you share this username or password across several accounts online that you change it elsewhere to preserve your personal security.
Thx 
RevolutionTT Staff
RevolutionTT Staff
Site expected dowtime
Our data center will be doing some routine maintenance on Monday Oct 1 so we will experience a few hours of downtime during it. We apologies in advance for any disruptions.
On 2012-09-18 at 22:00 GMT RTT Staff was notified that it was a potential target of the hacker group“Afghanistan Hackers”
As soon as our Sysops became aware of this issue the site and tracker were taken offline as a precautionary measure.
At this time there is no reason to believe the site, tracker, or any RTT servers were compromised. A thorough investigation was launched and we have determined that the site is secured and was not hacked. There are some theories, one of them and the most logical being there may have been a XSS (Cross site scripting) vulnerability that was being utilized against RTT users before HTTPS browsing was forced on the tracker some years ago.
Of the accounts listed many were duplicated in the list, had no passwords, were old passwords and even disabled/inactive accounts. We do know very few accounts were accessed and the accounts in question have already been looked at and addressed as needed.
Passwords are NOT stored in clear text and never have been.
Your account is secure. Your IP address(es) are secure. Your e-mail address is secure.
No information was leaked from RTT directly.
We understand some accounts were accessed due in part to passwords that have not been changed in a very long time. Any changes in the past 24 hours have been rolled back and our Sysops will be actively monitoring activity on the tracker.
With this incident what does this mean for our users?
All users are being required to change their passwords. Please use the password recovery feature to receive a new password. Please use a password that is unique to RTT. Please be patient in getting the password reset email as alot of people will be doing this! This "attack" may have targeted other websites. It is recommended that you do not use the same password that you use on RTT on other websites.
Users on the 'list' have had their passkeys reset as well, to stop use by unauthorized users. You will need to update your passkey on any existing torrents or simply re-download the torrent file.
Any invites that were sent out recently are null and void. If you invited someone you will need to re-invite them.
If you notice the following please notify staff immediately via IRC
* Invitee list contains users you did not invite
* Your ratio contains irregularities
If you have any further questions or concerns please let us know and we will help you, please be patient as there are a lot of users asking for help regarding this incident. Our staff is made of volunteers and we help out in our spare time. If you do not get an answer on IRC please use the Contact Staff button on the Staff page and we will reply as soon as we can.
Long live the Revolution!!
-RTT Staff
**UPDATE**
We've notify all users who's nicks appeared in the release whether the actual info was valid on the account or not. We encourage all those who receive this pm that if you use that information across more then one online venue to change it to avoid an issues outside of revo.
Nenhum comentário:
Postar um comentário