Jump to content

Bohemia Interactive forums hacked


Recommended Posts

Hi all,


Today a lot of us for sure recieved the same email as me: Security update from BIS. In this email they explain that the database of their forum (and maybe more?) got hacked and stolen.


Meaning that now some hacker out there has a full list of names, emails & encrypted passwords of all members from the BIS forum. Many of you will now say, who cares, my password is strong & complicated, and BIS saved them encrypted, so noone can read or use this password. WRONG!


With a weak encryption scheme it is even possible to use your password on a other website that uses the same scheme, without ever having to decrypt your password. (likelihood this will happen is small though)


So in this news-post i want to bring your attention to the following items:

- What you should do

- Why I am posting this here too

- What normally happens to such lists and how likely it is your password will be hacked



What you should do:

Obviously change all accounts that had the same password


Why I am posting this here too:

Ahoy didnt got hacked, so surly i don't need to change anything here right ?? WRONG: With the BIS password some hacker might get access to, lets say your skydrive, where you just happen to have stored a document with the password you used on AW. Or this hacker get enough private details about you to guess your password here is the name of yout cat....


So do change your AW forums password, especially when it is the same as the BIS studio password !!! AND DO IT NOW! Even if it is totally different it will be good to do this every month or so.






The following is informational guess-work based on inside knowledge, and the result of watching many DEFCON videos. The below is not 100% how it will go, but the probability that it will go exactly like below scetched scenario is however apperant. The below is a proper example how in a average situation will explain how important it is to change all your passwords that are the same as the stolen one. Also the below is not to make you scared, however change those passwords scotty !!!


(Worst case scenario being that the hackers get access to something like paypal or ebay accounts, or even access your cloud where you maybe store your online banking details ?? )


What normally happens to such lists and how likely it is your password will be hacked:

Some background information on what normally happens with such lists, where they go and how they get distributed, and finally how likely it is that the encription will be broken, and other people will get your password, and eventually controll over your details and accounts.


Who does such hacks ?

- Nowadays most hackers that are after such databases are (semi)professional, commercial driven hackers (the worst kind)


What will they do now:

This BIS-list is now marked as 'zero day' and more often then not will be offered to be sold to: Organized crime like maffia (yes i am serious here), assorted scamming groups, dodgy advertising compagnies (that will sell it on to the competition of BIS, or anyone else with intrest). It is also normal such list to be sold multiple times, and also after changing hands once, to be sold onward to 3th 4th and 5th parties. Price of the list going down every day it gets older and changes hands more often.


Then what:

So the first one or two weeks or so, this list is owned by many people already, all with commercial intrest. They will have professinal equipment and knowledge to hack the passwords (even when salted etc) and in the first 12 hours roughly 30% of the list will be unencrypted !!!! And remember these people payed money for this information and thus WILL use it to try earn their investment back.


Going public:

Normally after a week or 2 the first copy of the list will be distributed in the hacker forums (they keep copies of such lists everywhere) And this is where all the amateur and hobbyists will have a go at hacking the list. They might or might not use this information, however are not less dangerous. Since they are the hobbyists they have all the time in the world to play around, and to be creative about what they will do with this information. These are the people that will take the time to find out if your email adress was also used for registering on forums, or facebook, and that will try if the password still works...


Probability your password will be eventually hacked:

I would say is around 95% sure. So really, go change your passwords..... !!!!!

Link to comment
Share on other sites

Your making it out to be that they have everyone's passwords already. It's one thing to download a db, it's a whole other task to decrypt a salted md5 hash. With a db as big as theirs, you'd be looking at a year long task for a single computer, your right about selling though, they will target specific accounts first if nothing comes from that they will most likely sell off the list, so someone else can pick away at a few accounts, though by then passwords would have been changed more and then it will be sold again an again, yet I'm still very much doubting anyone will have the time to just decrypt all of them.

Link to comment
Share on other sites

Nathan your right to certain extend. They have to hack the encryption first, and lets just hope BIS was using something strong, with a salt... But even then, you might be supprised, just trust me.


Salt is not everything, but salt and mayo makes for great french fries :D

ps: come to think of it, since the forums are not up yet, lets hope the database didnt got deleted, the BIS forums ara my main source of good info on arma..... :S

Link to comment
Share on other sites

Hide yo kids hide yo wife... but most importantly, remember that this is day 2 after the hacking. Not day 0 as people may be led to believe. The data will be considerably less valuable by now, and will more than likely have already been used to steal all of your girlfriends/boyfriends and loved pets.

Link to comment
Share on other sites

  • 2 weeks later...

hahaha thanks that i changed my password, so now i can do it again: http://ubuntuforums.org/announce.html?t=806582



Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

What we know

  • Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
Progress report
  • 2013-07-20 2011UTC: Reports of defacement
  • 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Forum Statistics

    Total Topics
    Total Posts
  • Create New...