• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Compromised Accounts

FrgMstr

FrgMstr

Just Plain Mean
Staff member
2FA
Joined
May 18, 1997
Messages
58,009
I have had three people come to me in the last seven days to report that their account had been hi-jacked/compromised.

It seems that all of these accounts shared passwords between HardForum and the EVGA forums. We do know that EVGA forums were hacked, but they did not verify if passwords had been accessed.

From what I can tell over the last few months, EVGA most likely exposed members passwords. If you shared a PW with those forums and here, I would HIGHLY suggest you change your password and turn on 2FA in your HardForum control panel.

As always, you can use the REPORT POST feature if you want an admin to look into a particular account and see if there is anything odd about it.
 
Ranma said:
So is that why they closed the forums and moved everything to their Reddit sub?
Click to expand...
Wow, I had no idea they did this--sad. What's interesting is that their forum had 2FA and a lot of moderation for posts. Surprising that they had issues as there's always better cyber targets out there.
 
SamirD said:
Wow, I had no idea they did this--sad. What's interesting is that their forum had 2FA and a lot of moderation for posts. Surprising that they had issues as there's always better cyber targets out there.
Click to expand...
Many of evga’s security “fixes” came after the hack. Their forum from what I read was running pretty outdated software with known vulnerabilities. Hindsight is 20/20.

And I’ll add- I’ve never seen concrete proof of this. I have just heard this various times over the years. I was not privy to their software versions etc or how their security was ran.
 
Last edited:
Do you have a notification system for users logging in from new IPs? If so, can you leverage that to send temporary PIN to their primary emails when such case occurs?
 
anabioz said:
Do you have a notification system for users logging in from new IPs? If so, can you leverage that to send temporary PIN to their primary emails when such case occurs?
Click to expand...

As a practical matter users on this forum are probably 10,000x more likely to be bouncing around VPNs than the average consumer of web content. I fear that would be unworkable.
 
anabioz said:
Do you have a notification system for users logging in from new IPs? If so, can you leverage that to send temporary PIN to their primary emails when such case occurs?
Click to expand...

Joust said:
As a practical matter users on this forum are probably 10,000x more likely to be bouncing around VPNs than the average consumer of web content. I fear that would be unworkable.
Click to expand...

Exactly.

We really have to dig in with a human look on the account to judge if anything is "off."
 
Dreamerbydesign said:
Many of evga’s security “fixes” came after the hack. Their forum from what I read was running pretty outdated software with known vulnerabilities. Hindsight is 20/20.
Click to expand...
I have no 100% proof of this. Keep in mind that I have been running a forum for over 25 years. I think all the compromised accounts lead back to EVGA's forum hack. I have no proof, but I have enough input from members here that have verified that they used the same PW on EVGA that they do/did here.
 
Oh, that probably explains why I've had a rash of password reset attempts on a certain email address over the last few weeks.

Unfortunately for them I use random passwords. But I do worry about the reset attempts as a sign they were trying for identity theft.
 
Advil said:
Oh, that probably explains why I've had a rash of password reset attempts on a certain email address over the last few weeks.

Unfortunately for them I use random passwords. But I do worry about the reset attempts as a sign they were trying for identity theft.
Click to expand...
Good to know. Thanks for sharing. Always feel free to kick me an email to kyle@hardocp.com, if you see anything odd happening.
 
FrgMstr said:
I have no 100% proof of this. Keep in mind that I have been running a forum for over 25 years. I think all the compromised accounts lead back to EVGA's forum hack. I have no proof, but I have enough input from members here that have verified that they used the same PW on EVGA that they do/did here.
Click to expand...
Understandable and I have no proof either, just what’s been said for years on various outlets, which may be wrong also. It’s speculation. The one common thread does seem to be shared passwords.
 
anabioz said:
Do you have a notification system for users logging in from new IPs? If so, can you leverage that to send temporary PIN to their primary emails when such case occurs?
Click to expand...
I don't think that's default in xenforo (the platform here), but there might be an addon for it. I think I've only seen this on one or two forums of the hundreds I have user accounts on.
 
SamirD said:
I don't think that's default in xenforo (the platform here), but there might be an addon for it. I think I've only seen this on one or two forums of the hundreds I have user accounts on.
Click to expand...
There is not. Ping me from the email on the account or just use the contact button. I can easily nuke it.
 
Do the affected accounts have MFA active? I've had no hijacks over the years with MFA & random passwords (when possible). Just a curiosity to know if said accounts aren't using recommended security settings.
 
MrGuvernment said:
Or stop reusing passwords across multiple sites and get a password manager and use unique passwords on every site, problem solved.
Click to expand...
MFA should always be the next step after that since it pretty much makes it the password + one time code/key/bio-print/etc.
 
Darunion said:
*goes ahead and turns on 2FA*
Click to expand...
I just did as well, not sure why I hesitated on that before - it took about a minute and was painless.

Thinking about safety buying and selling between members here: is there a way to see the if another user has MFA active on their account?
 
SamuelL421 said:
I just did as well, not sure why I hesitated on that before - it took about a minute and was painless.

Thinking about safety buying and selling between members here: is there a way to see the if another user has MFA active on their account?
Click to expand...
No there is not. That said, if you ask via PM, I will tell you.
 
I've certainly just activated MFA for my account.
Seems easy with KeePassXC and its "TOTP" thing that's built in.
 
1337Goat said:
I've certainly just activated MFA for my account.
Seems easy with KeePassXC and its "TOTP" thing that's built in.
Click to expand...
Yep, not too hard at all.

Just had another compromised account this morning......
 
SamuelL421 said:
I just did as well, not sure why I hesitated on that before - it took about a minute and was painless.

Thinking about safety buying and selling between members here: is there a way to see the if another user has MFA active on their account?
Click to expand...
I lost it in my fs threads and yes if you ask a mod they will confirm.
 
My account has also been compromised. I cannot log in on my pc now as someone has set up 2fa
 
  • Like
Reactions: Niner
like this
FrgMstr said:
Yea, a shame we have not offered that for over 10 years....

I use it. Everyone should.
Click to expand...
Ya, and if you force it on , then you will get all those other people complaining about what a pain in the butt it is, and then those same people get compromised and complain they cant get their account back and why cant XYZ company do something.........
 
MrGuvernment said:
Ya, and if you force it on , then you will get all those other people complaining about what a pain in the butt it is, and then those same people get compromised and complain they cant get their account back and why cant XYZ company do something.........
Click to expand...
Not really an option....sadly.
 
FrgMstr said:
Not really an option....sadly.
Click to expand...
It COULD be an option.

This IS a tech forum. I sent you that message about user acquisition ... But I also mentioned the 80% loss as well.

Perhaps we should have standards that demand that our members here know even the most basic aspect of computer security in the modern age.
Why should we play stupid when it comes to security? Everyone else does. But do YOU?

But even if we did want to be lenient for most of the forum - Surely it should be that at least the buy/sell area of this forum be 2FA only.

And here is the thing: I really don't like 2FA. I've always found it annoying and for me, unnecessary for the most part. But I'm getting a strange feeling about the power of billions of dollars of GPUs and the capacity to crack passwords. As well as all the other databases that have been leaked.

I'd prefer to be future-proof ahead of time, even if the sheep dislike being lead away from the slaughterhouse.
 
1337Goat said:
I've certainly just activated MFA for my account.
Seems easy with KeePassXC and its "TOTP" thing that's built in.
Click to expand...
One thing I would recommend: do NOT store passwords and TOTP seeds in the same password manager.

Mind you, technically password and TOTP (generated from a seed) can be equivalent to "something you know" type of authN. If I have the "seed", I can generate the TOTP. So a word of advice, segregate it.

For TOTP I recommend "Authy" ( https://www.authy.com/ )
 
anabioz said:
One thing I would recommend: do NOT store passwords and TOTP seeds in the same password manager.

Mind you, technically password and TOTP (generated from a seed) can be equivalent to "something you know" type of authN. If I have the "seed", I can generate the TOTP. So a word of advice, segregate it.

For TOTP I recommend "Authy" ( https://www.authy.com/ )
Click to expand...
I would actually recommend open-source GPL software only.
 
You must log in or register to reply here.
Back
Top