Was the forum ever hacked or compromised?

A place where you can chat about anything that isn't to do with games!
User avatar
ReyVGM
Posts: 23
Joined: Sun Jun 08, 2008 12:31 am

Was the forum ever hacked or compromised?

Post by ReyVGM »

I logged in to the forums after many many years of not coming here, and I find that my profile had a spam signature, email and website added to it. I deleted all that now and changed my password, but it seems someone accessed my account and changed that information sometime in the past.

So, was the forum ever compromised or is there a chance my account can get rehacked even though I changed my email and password already?
User avatar
Blinge
Posts: 5369
Joined: Tue Feb 19, 2013 4:05 pm
Location: Villa Straylight

Re: Was the forum ever hacked or compromised?

Post by Blinge »

It's probably like swiss cheese.
Image
1cc List - Youtube - You emptylock my heart
User avatar
ReyVGM
Posts: 23
Joined: Sun Jun 08, 2008 12:31 am

Re: Was the forum ever hacked or compromised?

Post by ReyVGM »

Huh??
User avatar
Mortificator
Posts: 2808
Joined: Tue Jun 19, 2007 1:13 am
Location: A star occupied by the Bydo Empire

Re: Was the forum ever hacked or compromised?

Post by Mortificator »

I never even realized you had an account here. You do great work at vgmuseum.

As far as being compromised, I can't recall any public incidents. BF / system11 would know the forum-side stuff.
RegalSin wrote:You can't even drive across the country Naked anymore
User avatar
ReyVGM
Posts: 23
Joined: Sun Jun 08, 2008 12:31 am

Re: Was the forum ever hacked or compromised?

Post by ReyVGM »

Mortificator wrote:I never even realized you had an account here. You do great work at vgmuseum.

As far as being compromised, I can't recall any public incidents. BF / system11 would know the forum-side stuff.
Thanks, glad you're one of the few that still likes it :P
User avatar
Udderdude
Posts: 6266
Joined: Thu Feb 16, 2006 7:55 am
Location: Canada
Contact:

Re: Was the forum ever hacked or compromised?

Post by Udderdude »

Do you recall using the same password on multiple sites? Is your password easy to guess?

This site may help, too https://haveibeenpwned.com/

Also, I used to look up endings on VGMuseum all the time. Great resource.
User avatar
EmperorIng
Posts: 5064
Joined: Mon Jun 18, 2012 3:22 am
Location: Chicago, IL

Re: Was the forum ever hacked or compromised?

Post by EmperorIng »

ReyVGM wrote: Thanks, glad you're one of the few that still likes it :P
Nah, I browse there all the time to get screen-grabs and meme images for my favorite arcade games.
Image
User avatar
Vanguard
Posts: 967
Joined: Wed Jul 31, 2013 7:32 pm

Re: Was the forum ever hacked or compromised?

Post by Vanguard »

ReyVGM wrote:Thanks, glad you're one of the few that still likes it :P
I like to browse through there every now and again too. Thanks for all the uploads.
User avatar
ReyVGM
Posts: 23
Joined: Sun Jun 08, 2008 12:31 am

Re: Was the forum ever hacked or compromised?

Post by ReyVGM »

Udderdude wrote:Do you recall using the same password on multiple sites? Is your password easy to guess?

This site may help, too https://haveibeenpwned.com/
I did yeah. Since then I've been using a more robust password.

EmperorIng wrote: Nah, I browse there all the time to get screen-grabs and meme images for my favorite arcade games.
Vanguard wrote:
I like to browse through there every now and again too. Thanks for all the uploads.
Udderdude wrote:
Also, I used to look up endings on VGMuseum all the time. Great resource.
Well, thanks for the boost guys. That motivates me into continuing doing screens.
User avatar
BIL
Posts: 18989
Joined: Thu May 10, 2007 12:39 pm
Location: COLONY

Re: Was the forum ever hacked or compromised?

Post by BIL »

Yet another piling in with thanks. :mrgreen: VGMuseum is one of my longtime favourites, was looking up some early Neo Geo endings for my ATTRACT MODE thread just recently.
User avatar
Sumez
Posts: 8019
Joined: Fri Feb 18, 2011 10:11 am
Location: Denmarku
Contact:

Re: Was the forum ever hacked or compromised?

Post by Sumez »

Yeah, I recall some years ago a mail went out to all forum members requesting changing their passwords here and on every website using the same password.

Since then I've used my "shitty" password that I employ anywhere I know someone will probably be able to see it in plain text. Places where getting hacked would mostly be inconsequential :)
User avatar
Bratwurst
Posts: 273
Joined: Mon Jul 31, 2017 3:09 am

Re: Was the forum ever hacked or compromised?

Post by Bratwurst »

ReyVGM wrote:Well, thanks for the boost guys. That motivates me into continuing doing screens.
Personal opinion: VGMuseum is a cornerstone of video game archaeology on the internet. It's wonderful that you're still updating the site.
User avatar
Shelcoof
Posts: 1520
Joined: Mon Nov 03, 2008 9:36 pm
Location: Canada

Re: Was the forum ever hacked or compromised?

Post by Shelcoof »

Wasn't there one time where shmups did get hacked a few years back?

I swear it happened at least once :roll:
ZellSF
Posts: 2642
Joined: Mon Apr 09, 2012 11:12 pm

Re: Was the forum ever hacked or compromised?

Post by ZellSF »

I have no idea why people re-use passwords. There are much more convenient ways to deal with passwords, that won't hurt you, or others.
ReyVGM wrote:I did yeah. Since then I've been using a more robust password.
The quality of your password doesn't really matter (to an extent), whether or not you re-use it does.
User avatar
__SKYe
Posts: 701
Joined: Tue Feb 16, 2016 1:51 am
Location: Portugal

Re: Was the forum ever hacked or compromised?

Post by __SKYe »

ZellSF wrote:The quality of your password doesn't really matter (to an extent), whether or not you re-use it does.
It does matter if you care about the account it protects. Using different passwords for every account is only useful to prevent the damage from spreading.
As for passwords themselves, it matters little what they are, provided they are long; 14+ characters does the trick.
ZellSF
Posts: 2642
Joined: Mon Apr 09, 2012 11:12 pm

Re: Was the forum ever hacked or compromised?

Post by ZellSF »

I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.

That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.

I think telling people to use long passwords is dangerous too; it promotes patterns.

Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.
User avatar
Ji-L87
Posts: 651
Joined: Tue Feb 28, 2012 8:39 pm
Location: Sweden
Contact:

Re: Was the forum ever hacked or compromised?

Post by Ji-L87 »

ZellSF wrote:I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.

That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.

I think telling people to use long passwords is dangerous too; it promotes patterns.

Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.
Getting a password manager was probably one of the better things I did last year. There so many out there and it seems almost hard to pick a "bad" one.
Things like apps and browser extensions are pretty much guaranteed which means that I finally removed all my personal saved passwords from my computer at work.

Speaking of passwords, I've learned that when you're able to (and not forced into creating a weird mish-mash of letters, numbers and special characters) it can be a good idea to use a short sentence sentence or a group of words, including spaces if allowed. Disregarding how this can actually create long and "strong" passwords, I find it much easier to remember than more normal passwords.

But again, with a password manager the only password you really need to remember is the master password for that service :mrgreen: Although, if nothing else, it feels good to at least remember a few passwords so that they don't end up like all the phone numbers I used to know but now have forgotten, despite calling them often...

Edit:
Things like reusing passwords becomes especially scary these days when your Microsoft/Outlook account can be used to log into your computer and not just your email.
CHECKPOINT!
User avatar
__SKYe
Posts: 701
Joined: Tue Feb 16, 2016 1:51 am
Location: Portugal

Re: Was the forum ever hacked or compromised?

Post by __SKYe »

ZellSF wrote:I've seen people who re-use passwords get their accounts compromised often, I have actually never seen anyone, even people with the most simplistic passwords, get their passwords brute forced.

That's not saying it doesn't happen, but the notion that telling people that they should choose complicated passwords as the most important security measure needs to die.

I think telling people to use long passwords is dangerous too; it promotes patterns.
I said nothing about complicated passwords. Just string a few (uncommon) words together, possibly from different languages, and you'll get a fairly long password that won't fall to brute force or dictionary attacks. As for patterns, just generate the passwords according to some rule that only you know.
ZellSF wrote:Seriously, password managers aren't complicated, people need to stop with these stupid half-measures.
Password managers are fine, and if you use one then the long randomly generated passwords are what you want (for those being managed, not for the password manager itself), but I disagree that anything else is an half-measure.
Ji-L87 wrote:Speaking of passwords, I've learned that when you're able to (and not forced into creating a weird mish-mash of letters, numbers and special characters) it can be a good idea to use a short sentence sentence or a group of words, including spaces if allowed. Disregarding how this can actually create long and "strong" passwords, I find it much easier to remember than more normal passwords.
Right, the most important factor is length (again, avoiding common words helps against dictionary attacks). If the password is not long enough then it doesn't matter what it is made of, as it can easily be brute forced. If you make a long and complicated password, then you won't be able to remember it and will have to jot it down somewhere; this is where password managers are very handy.
ZellSF
Posts: 2642
Joined: Mon Apr 09, 2012 11:12 pm

Re: Was the forum ever hacked or compromised?

Post by ZellSF »

__SKYe wrote: As for patterns, just generate the passwords according to some rule that only you know.
When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.

That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.
__SKYe wrote: but I disagree that anything else is an half-measure.
You haven't mentioned anything else that could be a full measure.
User avatar
__SKYe
Posts: 701
Joined: Tue Feb 16, 2016 1:51 am
Location: Portugal

Re: Was the forum ever hacked or compromised?

Post by __SKYe »

ZellSF wrote:When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.

That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.
And for that to happen several websites that you have an account on would have to have been hacked, and they had to store the passwords in plain text. And someone would have to care enough to target you specifically. :)

I'm not claiming it is bullet proof, nor that it is the best solution, but I don't think that using a password manager is the only way to have, quite honestly, very good security. Not everyone wants to use a password manager.

You could even write your passwords on a piece of paper and take it with you on your wallet, tape it on your computer, etc. Unless you're actually worried that someone will mug you or break into your house to steal them, those are also some very good measures.

In my opinion, as long as you don't use short passwords, use common words and/or personal information (eg. important dates, names, etc) and don't reuse them, you're golden.
ZellSF
Posts: 2642
Joined: Mon Apr 09, 2012 11:12 pm

Re: Was the forum ever hacked or compromised?

Post by ZellSF »

__SKYe wrote:
ZellSF wrote:When you have some of those passwords, reverse engineering the rule that "only you know" can be simple. Most people doing this will end up with a password pattern that's harder to remember, easier to brute force or both.

That's not saying it can't be an improvement, but the current trend of giving that as a "solution" for passwords is bad.
And for that to happen several websites that you have an account on would have to have been hacked, and they had to store the passwords in plain text. And someone would have to care enough to target you specifically. :)
The first criteria is basically always met. Most people have been part of several database breaches.

The second criteria is often met, and even when they're not stored as plain text usually brute force-able. For someone implying you need 14+ characters to avoid online brute forcing (where several mitigation factors step in), your confidence in how hard it will be to brute force an offline database is weird.

You'll have to be targeted specifically (-ish, anyway), sure, but that also applies to the logic of needing a long password in the first place. No one is brute forcing even an 8 character complicated password against an online service, unless it's against a person of interest.
User avatar
6t8k
Posts: 496
Joined: Wed Aug 14, 2019 2:44 pm

Re: Was the forum ever hacked or compromised?

Post by 6t8k »

For sites that require a password, use a password manager, with long and randomly-generated passwords and different for each site. They're easy to use. There's really no excuse.

People might have their reasons to not use one, but then don't complain :P

They're not the be-all-end-all solution; nothing is ever 100% secure. You can only asymptotically draw near, with the low hanging fruit bringing sizable improvements with them already. It's all about increasing costs for an attacker.
User avatar
__SKYe
Posts: 701
Joined: Tue Feb 16, 2016 1:51 am
Location: Portugal

Re: Was the forum ever hacked or compromised?

Post by __SKYe »

ZellSF wrote:]The first criteria is basically always met. Most people have been part of several database breaches.

The second criteria is often met, and even when they're not stored as plain text usually brute force-able. For someone implying you need 14+ characters to avoid online brute forcing (where several mitigation factors step in), your confidence in how hard it will be to brute force an offline database is weird.
Good point, I admit I wasn't thinking of that.
ZellSF wrote:You'll have to be targeted specifically (-ish, anyway), sure, but that also applies to the logic of needing a long password in the first place. No one is brute forcing even an 8 character complicated password against an online service, unless it's against a person of interest.
There is such a thing as low-hanging fruit. :)
6t8k wrote:People might have their reasons to not use one, but then don't complain :P
Did I complain? :)
I'm just saying that, if you're fine with memorizing all the passwords, then a password manager isn't much better aside from the potential pattern problem Zell posted before, provided someone's that worried about an attacker targeting them specifically.
User avatar
6t8k
Posts: 496
Joined: Wed Aug 14, 2019 2:44 pm

Re: Was the forum ever hacked or compromised?

Post by 6t8k »

__SKYe: I was just generally speaking :)

Using passwords with at least 8 characters length would be old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable (likewise, shorter ones will be crackable with less and less effort). And that is assuming an attacker can't crack it faster because it's not random, and/or because he can sensibly use rainbow tables because the passwords weren't stored in the database in a secure fashion. @ZellSF: passwords very rarely get attacked in a targeted way; by far most account compromises happen as a consequence of attackers just shoving whole leaked databases into a GPU array in the cloud and passwords just begin falling out, the weakest ones first.

"OK, if I remember/write down 12 characters now, then my password will simply be compromised tomorrow because computers became faster. There's no threshold anyway"
Keep in mind security increases exponentially, not linearly, when making your password longer.

When using a password manager, since you don't have to remember it, always use the longest password possible on any given site (I do).
For example, when using a randomly generated password of 32 characters in length, no digital computer will ever be able to crack it due to fundamental physics limitations, provided the hash function used to store it in the database was not complete rubbish. (there is still no 100% security because there are other ways of compromising an account besides cracking the password)
User avatar
__SKYe
Posts: 701
Joined: Tue Feb 16, 2016 1:51 am
Location: Portugal

Re: Was the forum ever hacked or compromised?

Post by __SKYe »

6t8k wrote:__SKYe: I was just generally speaking :)

Using passwords with at least 8 characters length is old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable (likewise, shorter ones will be crackable with less and less effort).
Yeah, that's old indeed. But the advice to use randomized passwords is somewhat misleading, though. Above a certain length it doesn't really matter what the password contains, and if you string together, say, 3~4 four words of 5 characters each, separated by any punctuation of your choice, you'll easily get into the 17~20s characters without much effort and it still remains easy to remember.
I understand the aversion to doing this for, and having to remember, many passwords, though. :)
6t8k wrote:And that is assuming an attacker can't crack it faster because it's not random, and/or because he can sensibly use rainbow tables because the passwords weren't stored in the database in a secure fashion.
Yup, nothing can be done about this other than hoping that you get notified about the breach before any nefarious individual actually accesses your account, so you can change your password.
6t8k wrote:"OK, if I remember/write down 12 characters now, then my password will simply be compromised tomorrow because computers became faster. There's no threshold anyway"
Keep in mind security increases exponentially, not linearly, when making your password longer.
That's another thing that isn't common knowledge; the difference that a few characters can make in making passwords secure.
6t8k wrote:When using a password manager, since you don't have to remember it, always use the longest password possible on any given site (I do).
For example, when using a randomly generated password of 32 characters in length, no digital computer will ever be able to crack it due to fundamental physics limitations, provided the hash function used to store it in the database was not complete rubbish. (there is still no 100% security because there are other ways of compromising an account besides cracking the password)
I'm aware and agree with what you wrote. Just to reiterate, I'm not against password managers at all. I simply think that, realistically speaking, their best asset (and I suppose, selling point) is that you only have to remember a single password, greatly simplifying the task of having different passwords for every website (which is quite important, mind you). Since you can use the maximum length allowed for any given website, they are technically more secure, but beyond a certain length, you get exceedingly diminishing returns.

Anyway, I've been rambling for quite a bit. Don't let me deter anyone into using a password manager; they are useful. :)
Bassa-Bassa
Posts: 1159
Joined: Tue Mar 12, 2019 5:18 pm

Re: Was the forum ever hacked or compromised?

Post by Bassa-Bassa »

And what's a good password manager these days, while you're at it?
User avatar
__SKYe
Posts: 701
Joined: Tue Feb 16, 2016 1:51 am
Location: Portugal

Re: Was the forum ever hacked or compromised?

Post by __SKYe »

I like KeePassXC, which is open source and runs on win/linux/mac. I primarily chose it because it is OSS and runs on Linux. :)
There are no official mobile versions, though there is a similar app for Android (KeePass2Android) based on KeePass. It doesn't support automatic cloud syncing, though you can simply store the encrypted passwords file in your cloud service of choice. There are alternatives, such as LastPass (free+paid upgrade) , BitWarden (free+paid upgrade) and 1password, but I've no experience with them so I'll leave it to others to chime in.
ZellSF
Posts: 2642
Joined: Mon Apr 09, 2012 11:12 pm

Re: Was the forum ever hacked or compromised?

Post by ZellSF »

6t8k wrote:Using passwords with at least 8 characters length would be old advice by the way. Here (archive), researchers recommended using at least 12 characters. And that was in 2010. Computing power grows all the time, so with time, longer and longer passwords are economically crackable
That applies to offline cracking only. Computing power doesn't really help you against server side rate limiting, it might help you with captchas in some way though.

Sure, picking a longer password might help you, but only if you're the sort of person who re-uses passwords and then only if the server that's compromised have properly stored the passwords.

But you shouldn't be re-using passwords and you shouldn't be relying on the server to store them properly in case of a compromise.

So I still see telling people to use long passwords for online services as a stupid half-measure that will only give them a false sense of security.
__SKYe wrote:Yup, nothing can be done about this other than hoping that you get notified about the breach before any nefarious individual actually accesses your account, so you can change your password.
The standard is invalidating your password if it has been compromised.
Bassa-Bassa wrote:And what's a good password manager these days, while you're at it?
I can't recommend what I do for most people (a combination of Firefox's built in password manager and KeePass).

I think any of the most popular ones are fine. Lastpass is the first that comes to mind.
User avatar
ReyVGM
Posts: 23
Joined: Sun Jun 08, 2008 12:31 am

Re: Was the forum ever hacked or compromised?

Post by ReyVGM »

BIL wrote:Yet another piling in with thanks. :mrgreen: VGMuseum is one of my longtime favourites, was looking up some early Neo Geo endings for my ATTRACT MODE thread just recently.
Thanks, glad it was helpful to you. I love screenshots, specially of 2D games.
Bratwurst wrote:
ReyVGM wrote:Well, thanks for the boost guys. That motivates me into continuing doing screens.
Personal opinion: VGMuseum is a cornerstone of video game archaeology on the internet. It's wonderful that you're still updating the site.
For 20 years :O
ZellSF wrote:I have no idea why people re-use passwords. There are much more convenient ways to deal with passwords, that won't hurt you, or others.
.
It's difficult to remember a bunch of different passwords.
6t8k wrote:For sites that require a password, use a password manager, with long and randomly-generated passwords and different for each site. They're easy to use. There's really no excuse.

.
I've never heard of that, what does it do exactly? What's the name of a good (free) one?
ZellSF
Posts: 2642
Joined: Mon Apr 09, 2012 11:12 pm

Re: Was the forum ever hacked or compromised?

Post by ZellSF »

ReyVGM wrote:
6t8k wrote:For sites that require a password, use a password manager, with long and randomly-generated passwords and different for each site. They're easy to use. There's really no excuse.
I've never heard of that, what does it do exactly? What's the name of a good (free) one?
A password manager is a program that remembers passwords for you. All you ever type is your master password, and you let the password manager generate passwords for all other sites that it will automatically use if the password manager is unlocked with the master password.

I think Googling "Password manager" will serve you better, here's the first article I found:
https://www.howtogeek.com/141500/why-yo ... t-started/
(there's a small inaccuracy there: Firefox can generate passwords now).
Post Reply