“Several” Accounts Compromised, and Threat Isn’t Over
Many months after a forum database had fallen into the wrong hands, Sonic Retro forum administrators are again warning their thousands of users that their personal accounts are in danger of being compromised.
The announcement–and subsequent urge for forumers to change passwords on the website–came last week amid disclosure that the credentials of “several members,” including some notable names in the community and those with advanced standing on the forum, were hijacked.
“This has not stopped becoming an issue,” Sonic Retro forum head Tweaker said in the announcement, adding that members in higher standing face the greatest risk. “It’s strongly advised that if you have not changed your password as of the database compromise that you do so immediately.”
Tweaker directly blamed several members of the alternate forum PoundStuff, or #stuff, for the continuing threat. Several members who were banned from Sonic Retro had continued to thrive at #stuff, though its web portal no longer exists.
Still, the initial warning branched off into Sonic Retro’s strongest advisory yet: anyone promoting the illicit activity of #stuff or its members–even outside the confines of Sonic Retro–would no longer be welcome at the widely popular research and discussion hub.
“If you actively encourage or do anything short of condemn this kind of ridiculous, detrimental conduct, then consider your membership here utterly null and void,” Tweaker warned on Wednesday. “We don’t need our own members trying to start shit against us now. [....] We’re not going to tolerate this bullshit any more from this point forward.”
The warning has re-ignited some tension left over from follies of this past Summer, when among other things, the Retro forum had been temporarily wiped, followed by an entire site hijacking. A subsequent community effort has recovered most of Sonic Retro’s thousands of wiki images, once thought to be lost. That aside, the bottom line is that if you are a member of Sonic Retro, you are being urged to change your forum password before it falls into the wrong hands.
Loading ...
I’m not a member of Retro, so my accounts will be safe. But if the server’s not providing enough security, I think the forum needs to move to another one, more that can better protect the passwords to further prevent those vendetta-crazed crooks from hacking the site.
This is old stuff, sir.
To clarify because of JOURNALISM, there’s no real risk unless you’re stupid enough to have an obvious password: “sonic” “shadow” admin” “abcde” “12345″ etc. The “hackers” are just using an old hash of the forum and running MD5 hashes for common passwords. Any matches, bam.
Solution: Don’t use stupid passwords. You’re just asking for trouble.
I’m not going to dispute the age of the story–what perplexed me was why the follow-up warning was issued now more than 3 months after the threat was a bit more imminent.
It does make me wonder if the tactics to crack the passwords are becoming a bit more aggressive than I or Ryuzaki may know.
-T
Tristan, did you even bother to read the rest of that topic beyond the first post?
You know, the ones that explained that poundstuff folded?
And as such, there’s nothing to worry about? Or, as Ryuzaki said, they’re running rainbow tables on weak passwords?
For pete’s sake.
Haha, ScarredSun. That implies Tristian has a shred of journalistic integrity.
SS: Well, that was a one half-sentence edit.
That noted, it doesn’t sound like you guys are lifting the warning, or giving the all clear to user accounts, correct? Just because the web portal is gone doesn’t mean the people who defected there and potentially have the database no longer have bad intentions, and I think every Retro admin could agree with that sentiment. Better safe than sorry, right?
-T
Yo Tristan, I’m really happy for you, I’mma let you finish but Sonic Boom is one of the best hacks of all time. One of the best hacks of all time!
…
Yeah, I sent a tip about that and I didn’t get a reply, yet you’d report on fangames and Megamix?