WA-based DB Dump

M

Messugga

Honorary Master
Joined
Sep 4, 2007
Messages
13,051
Reaction score
3,203
Location
Pretoria
So this is perhaps technically not the correct forum to post in, but you guys might be able to run with it a bit more than I have time for.

So it seems one of SA's torrent sites, hosted on Web Africa, got hacked. Whoever did it did a DB dump and saved the data, along with all the scripts and host information in a text file and stuck it here.

Usernames, email accounts and password hashes are included.

I have notified GetACoder of the file located on their servers and I gave WA a call and warned them to maybe look into any security holes on their side.

The reason I went looking for my email online, is because I received a phishing email a bit earlier on my gmail account. It pointed to a compromised server in Brazil with a PHP page requesting your Gmail username and password. All very script-kiddie level stuff. What bothers me is that Google's spam filter didn't catch it, which means that this is probably something relatively new.

Just thought I'd let you guys know in case your email account is on there and you use the same password everywhere or you receive phishing mails.
 
Interesting. It's most probably a security hole in the software or a brute force somehow, since "zeek" has a MD5 hash of 7c595c4ea2befbd6f9d0658506207438 which equals "Stacey"

No salt and the probability of him using that as his MySQL username/password might also contribute to this, however, I won't put it past WA's "engineers" to leave open their systems
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X