Page 1 of 8 1234 ... LastLast
Results 1 to 25 of 198
  1. #1
    Join Date
    Oct 2005
    Location
    Surrey BC
    Posts
    1,343

    WHT hacked DB for sale



    + NOW WE'RE MAKING RECORDS, NOW WE'RE MAKING TAPES

  2. #2
    Well, this is... somewhat disturbing.
    Uptime Monitor - Minimize your downtime by being the first to know about it!

    Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.

  3. #3
    Join Date
    Dec 2007
    Location
    Isle of Man
    Posts
    3,068
    Quote Originally Posted by Andei View Post
    Well, this is... somewhat disturbing.
    Indeed it is.

  4. #4
    Join Date
    Oct 2003
    Posts
    9,264
    Very interesting. Needs an upvote or three, and maybe an official statement from Penton would be nice.

  5. #5
    Join Date
    Oct 2005
    Location
    Surrey BC
    Posts
    1,343
    Luckily the email I used for this was specific to forum use only.


    + NOW WE'RE MAKING RECORDS, NOW WE'RE MAKING TAPES

  6. #6
    Join Date
    Apr 2006
    Location
    Yorkshire UK
    Posts
    417
    Also on Softpedia reported over 8 hours ago
    Inventive Hosting UK | USA |SG | NL|Trading Since 2004
    Shared Web Hosting - CloudLinux - Daily and weekly Backups
    Fully Managed KVM VPS Packages and Fully Managed Dedicated Servers
    UK Based 24/7/365 Support - 30 Day Money Back Guarantee

  7. #7
    Join Date
    Mar 2009
    Location
    Here Today - Gone to Maui
    Posts
    9,962
    Not good at all. Yipes!
    ProlimeHost - Dedicated Server Hosting & KVM SSD VPS
    Three Datacenter Locations: Los Angeles, Denver & Singapore
    SuperMicro Hardware | Multiple Bandwidth Providers | 24/7 On-site Engineers

  8. #8
    Join Date
    Jan 2010
    Location
    South Carolina
    Posts
    224
    Disturbing...
    ░▒▓▒░ USHost247 - Shared , Reseller, & Domain Services ░▒▓▒░
    ░▒▓▒░ cPanel, Softaculous, White-Labeled Reseller & Off Site Backups ░▒▓▒░

  9. #9
    Join Date
    Jan 2006
    Location
    Cincinnati, Ohio
    Posts
    187
    I wonder how long they have had access?
    Joshua Combs

  10. #10
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Well... I don't think it should have to be said but... change your passwords.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  11. #11
    Join Date
    Jan 2006
    Location
    Cincinnati, Ohio
    Posts
    187
    What if they still have access? I am going to wait to change this password, but have already done so on other places that I have replicated use of the same password.
    Joshua Combs

  12. #12
    Join Date
    Dec 2012
    Location
    New Zealand
    Posts
    128
    Would be good to have an official statement verifying whether or not this is legitimate (and if it is, a mass forced password reset)....

  13. #13
    Join Date
    Feb 2012
    Location
    New York, NY
    Posts
    568
    Quote Originally Posted by USHost247-ChrisGrigg View Post
    Disturbing...
    Disturbing would be the fact that Penton corporate has such lax security and apparently doesn't place a high priority on the security of the user information of the 1.7 million WHT/HotScripts/MacUser users whose data was breached since they don't even bother to apply software updates to their sites in a timely manner and are running versions of software that are known to have multiple vulnerabilities. Example: TheWHIR, the HotScripts blog, and the Mac-user forums blog, are all running WordPress 4.3.1 which has a ton of critical vulnerabilities (see: thewhir.com/readme.html). Based on their inability to apply updates to their WordPress installs, it wouldn't be surprising if they are also several patches behind in applying VBulletin updates.

  14. #14
    Knowing that most people re-use their passwords, this is indeed problematic for many. Even more disturbing is to find this out from external sources rather than WHT themselves.
    With that said, change your passwords to one you won't re-use anywhere else. Make that a habit, not an exception.
    MightWeb - Web Hosting, Reseller Hosting, Virtual Servers & Dedicated Servers.
    KVM VPS's - RAID 10 Pure SSD - Windows & Linux - Managed services available
    Reseller Hosting with WHMCS | Pure SSD | Premium Network | SpamExperts
    DDoS Protection, R1Soft Hourly Backups, LiteSpeed, 30 Day Money-Back Guarantee

  15. #15
    Join Date
    Nov 2003
    Location
    USA
    Posts
    877
    No answer from Penton?
    WHMCS Services / City Tecks
    WHMCS Development | Blesta / WISECP Developer

  16. #16
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,134
    I'm curious to see if this is even real, or if this is recent.
    Honestly, I'm not surprised at Penton's silence. Don't take that as them being fishy though, or not doing anything. Proper investigation must be launched, and this isn't something you want to speculate on.
    Give it time, I'm sure Mat is on it and someone from Penton will get in here and respond when they know what's what.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  17. #17
    Join Date
    Jun 2007
    Location
    Estonia
    Posts
    70
    Bad things happened before, happened now and will happen in future. Just curious when it actually happened.
    EstNOC - providing hosting services since 2009!
    Dedicated server and VPS hosting in Estonia, Finland, Sweden, Norway, Russia, Poland, Germany, Netherlands, Czech Republic, Romania, Hungary, Italy, Spain, Switzerland, Japan and Philippines.

  18. #18
    Join Date
    May 2013
    Location
    Dhaka
    Posts
    43
    waiting to see a response from penton!!
    ☆☆ Soft Domain Host☆☆
    ►►Software, Domain and Hosting Server Provider◄◄
    ►►VPS, Dedicated Server [Locations: USA, Asia]. ERP, E-commerce & Custom Software Developer◄◄

  19. #19
    Join Date
    Feb 2012
    Location
    New York, NY
    Posts
    568
    Quote Originally Posted by whmcsguru View Post
    I'm curious to see if this is even real, or if this is recent.
    Honestly, I'm not surprised at Penton's silence. Don't take that as them being fishy though, or not doing anything. Proper investigation must be launched, and this isn't something you want to speculate on.
    Give it time, I'm sure Mat is on it and someone from Penton will get in here and respond when they know what's what.
    I'm sure Penton is waiting for their lawyers' approval before issuing a statement so any statement will probably be made after the weekend.

    I question however whether anyone from Penton is "on it" given the fact that their company security is extremely lax and any breach of user information is entirely their fault for not keeping their systems updated. All 3 of the (allegedly) hacked sites are running outdated WordPress installs that contain vulnerabilities. Plus, WHT is running an outdated version of VBulletin 4. The Penton corporate site is the biggest offender and is running WordPress 3.91 (yes, 3.91 which was released in May 2014) which contains a known 0day exploit and numerous XSS vulnerabilities. There is absolutely no excuse for not applying security patches in a timely manner. This wouldn't be the first data breach Penton has suffered due to lax security (in 2009 a data breach occurred when a Penton employee lost a laptop containing customer credit card data https://www.oag.state.md.us/idtheft/...ITU-168274.pdf ).

    TLDR; It's ironic that a company like Penton whose research division conducts IT industry security surveys can't even keep its own systems up to date.

  20. #20
    Join Date
    Feb 2002
    Location
    Indiana
    Posts
    422
    Sad that an official email or thread posted by one of the admins here. You don't need a lawyer to post a message to tell everyone to change their passwords.

    Just another company worried more about protecting their own butt then worrying about it's users. Which obviously they don't care as they are still using MD5 hashing which in today's cracking abilities should just go ahead and not hash it at all.

    Shame on you WHT.

  21. #21
    Join Date
    Oct 2015
    Posts
    64
    Nothing much can be expected..They should the first to inform or at least mail people that account is hacked.

  22. #22
    Join Date
    Mar 2014
    Location
    su -
    Posts
    6,284
    Incidents like this can happen. I would expect an official announcement stating that the matter is under investigation and that all should change their passwords immediately. Not having a statement is unexpected and surprising.
    █||||[ MechanicWeb.com - Shared Hosting | Reseller Hosting | KVM VPS | Dedicated Server ]
    █||||[ NVMe SSD | cPanel | DirectAdmin | LiteSpeed | CloudLinux | MailChannels | Since 2008 ]

  23. #23
    Is it even under investigation though?

    An email to at-least let people know there is a possibility that a hacked DB is for sale would be nice... even if it is a false alarm.

  24. #24
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Last time WHT was hacked I don't remember notifications/emails/etc... I know WHT is owned by Penton now - but I wouldn't expect the behavior to change.

    Honestly I'd be very surprised if I heard about this anywhere else but here. I almost expected this thread to disappear.

    I guess it's good that the attackers only snagged a copy of the database rather than defacing it / destroying it / damaging the data - or maybe they tried and failed. I know last time WHT was hacked I lost something like 1,500 posts.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  25. #25
    Join Date
    Apr 2013
    Location
    Data center
    Posts
    541
    Quote Originally Posted by MikeDVB View Post
    Last time WHT was hacked I don't remember notifications/emails/etc... I know WHT is owned by Penton now - but I wouldn't expect the behavior to change.

    Honestly I'd be very surprised if I heard about this anywhere else but here. I almost expected this thread to disappear.

    I guess it's good that the attackers only snagged a copy of the database rather than defacing it / destroying it / damaging the data - or maybe they tried and failed. I know last time WHT was hacked I lost something like 1,500 posts.

    There we go! Exactly my thoughts.

    I see a few people above trying to pet WHT. Please don't try to. You know at the back of your mind that its entirely their fault - and even if it is, they show no professionalism what so ever.

Page 1 of 8 1234 ... LastLast

Similar Threads

  1. Very interested on the status of WHT hacked db restore, Any one else?
    By Manageandsupport_com in forum WHT Announcements, Feedback and Questions
    Replies: 16
    Last Post: 04-06-2009, 07:23 PM
  2. US and Canada Telephone Area Code DB for sale!
    By Douglas in forum Other Offers & Requests
    Replies: 2
    Last Post: 06-09-2006, 02:27 PM
  3. site + large DB for sale with some traffic + others
    By DNGeeks in forum Other Offers & Requests
    Replies: 7
    Last Post: 10-15-2004, 10:29 AM
  4. 30+ Domains for sale - Discounts for WHT users
    By deepensky90 in forum Other Offers & Requests
    Replies: 9
    Last Post: 05-26-2003, 08:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •