|
|
24-08-2019, 08:52
|
#1
|
Registered User
Join Date: Oct 2011
Posts: 3,607
|
CF Passwords Hacked?
Just a heads-up-
I’ve recently received a few junk emails that include my CF password in the title. Preview of the body says something like “your computer has been infected by my malw...”
While I used this simple password for a couple different things long ago, it has been used exclusively for CF for many, many years.
Here is useful link to help you figure out if your passwords have been hacked.
https://haveibeenpwned.com/Passwords
It checks the password you enter against the various hacked password lists available for purchase on the dark web.
|
|
|
24-08-2019, 09:17
|
#2
|
Registered User
Join Date: Mar 2006
Location: Winnipeg
Boat: None at this time
Posts: 8,462
|
Re: CF Passwords Hacked?
So you actually entered your passwords into that site? Wouldn't it be prudent just to change your password?
|
|
|
24-08-2019, 09:29
|
#3
|
Registered User
Join Date: Oct 2011
Posts: 3,607
|
Re: CF Passwords Hacked?
You have probably been hacked and didn’t even know it.
The purpose of the site is to provide people a way to find out if they have been hacked in the past. Given the fact that some acknowledged data breaches have affect hundreds of millions of people, chances are you are one of them.
Give it a try. You might not like what you find out.
If you dig in there the site tells you specifically NOT to enter any current passwords you are using. It’s a legit site. Not a scam.
Of course change your password. I don’t really care about CF so never bothered changing the simple one I had been using.
|
|
|
24-08-2019, 09:38
|
#4
|
Registered User
Join Date: Mar 2006
Location: Winnipeg
Boat: None at this time
Posts: 8,462
|
Re: CF Passwords Hacked?
Okay. Great.
I noticed that Firefox has a notification that CF is not a secure site so it behooves us all not to use the CF password for anything else. Of course we shouldn't be using passwords or user names for more than one site anyway.
Hopefully CF will upgrade the site.
|
|
|
24-08-2019, 09:39
|
#5
|
Registered User
Join Date: May 2011
Location: Lake Ont
Posts: 8,580
|
Re: CF Passwords Hacked?
Almost a year back, I received one of those extortion emails that happened to include one of my passwords. Fortunately, I use multiple passwords: hard ones that are never stored and are unique for each important site, and a simpler throwaway password I use for logging into sites with very low security implications - like CF.
The extortion email used the throwaway one, so I can't be sure what site it leaked out of. Anyway, I just made up a new throwaway password and changed it on all those low-consequence sites. From the OP's experience, maybe it was CF.
Moral - manage passwords carefully, and don't also use important passwords for trivial sites whose concern or need for security is low.
|
|
|
24-08-2019, 09:39
|
#6
|
Registered User
Join Date: Dec 2016
Posts: 9
|
Re: CF Passwords Hacked?
When you click that link, the request to https://haveibeenpwned.com/ may include the referer field, which indicates the last page the user was on. In this case cruisersforum.com. Providing your cruisersforum.com password at that point would be a bad idea. It's a legitimate service but don't provide any passwords that you currently use. Just change your password.
|
|
|
24-08-2019, 09:42
|
#7
|
Registered User
Join Date: Aug 2018
Posts: 500
|
Re: CF Passwords Hacked?
We would hope that CF do not store passwords in cleartext and that in tech terms, they are hashed and salted. Assuming they are, then the only way the 'bad guys" can get that password is to capture it as you are entering it - ie on your computer. That would mean your pc/laptop is infected and has an exploit on it.
If CF are storing passwords un-hashed, then all bets are off.
|
|
|
24-08-2019, 09:48
|
#8
|
Registered User
Join Date: May 2011
Location: Lake Ont
Posts: 8,580
|
Re: CF Passwords Hacked?
Quote:
Originally Posted by B23iL23
We would hope that CF do not store passwords in cleartext and that in tech terms, they are hashed and salted. Assuming they are, then the only way the 'bad guys" can get that password is to capture it as you are entering it - ie on your computer. That would mean your pc/laptop is infected and has an exploit on it.
If CF are storing passwords un-hashed, then all bets are off.
|
It could also just be hacked wifi points if you log into CF while travelling, since CF isn't using SSL (https) . (No excuses CF, it should be secured)
|
|
|
24-08-2019, 10:01
|
#9
|
Registered User
Join Date: Jul 2019
Posts: 36
|
Re: CF Passwords Hacked?
Folks, if you are receiving that type of spam, change your passwords. Chances are you re-used an old one that was found in a dump online, and people are credential stuffing with them.
You can use https://haveibeenpwned.com/ to enter your email and/or your password to see if an email address you have used on sites before has been leaked, or your password has been found in a dump.
Please note that this does not mean cruisersforum has been hacked; although possible but I'd imagine the staff being aware and doing the responsible thing
Also it's perfectly safe to enter your email or password on HaveIBeenPwned - the site is ran by a rather famous security researcher as a free service to the internet community at large, and will only tell you if your email address has been found in data leaked through hacks of various sites.
|
|
|
24-08-2019, 10:02
|
#10
|
Registered User
Join Date: Jul 2019
Posts: 36
|
Re: CF Passwords Hacked?
Quote:
Originally Posted by andrewparker
When you click that link, the request to https://haveibeenpwned.com/ may include the referer field, which indicates the last page the user was on. In this case cruisersforum.com. Providing your cruisersforum.com password at that point would be a bad idea. It's a legitimate service but don't provide any passwords that you currently use. Just change your password.
|
That's... a little paranoid. And I'm in IT security for a living so that's saying something (we're a paranoid lot by nature)
|
|
|
24-08-2019, 10:21
|
#11
|
Registered User
Join Date: Aug 2018
Posts: 500
|
Re: CF Passwords Hacked?
True. Just noticed that. Means browser connection is wide open. Not good CF.
Quote:
Originally Posted by Lake-Effect
It could also just be hacked wifi points if you log into CF while travelling, since CF isn't using SSL (https) . (No excuses CF, it should be secured)
|
|
|
|
24-08-2019, 17:04
|
#12
|
Registered User
Join Date: Nov 2013
Location: Port Moresby,Papua New Guinea
Boat: FP Belize Maestro 43 and OPBs
Posts: 12,891
|
Re: CF Passwords Hacked?
Quote:
Originally Posted by Delancey
Just a heads-up-
I’ve recently received a few junk emails that include my CF password in the title. Preview of the body says something like “your computer has been infected by my malw...”
While I used this simple password for a couple different things long ago, it has been used exclusively for CF for many, many years.
|
Those junk emails are prevalent on the internet and are using old compromised password lists. I'm aware of people receiving them who have not used the stated password for many years. That is likely to be the case here.
|
|
|
24-08-2019, 17:27
|
#13
|
Registered User
Join Date: Feb 2017
Location: Sea of Cortez
Boat: Passport 41
Posts: 213
|
Re: CF Passwords Hacked?
CF is not https. Any secrets you send to it are obvious to anything between you and CF servers. Password managers are your friend.
|
|
|
25-08-2019, 08:15
|
#14
|
Registered User
Join Date: May 2011
Location: Lake Ont
Posts: 8,580
|
Re: CF Passwords Hacked?
Quote:
Originally Posted by kev_rm
CF is not https. Any secrets you send to it are obvious to anything between you and CF servers. Password managers are your friend.
|
If a site's login page is not https, the password still travels in the clear, even if you have a pw manager.
|
|
|
25-08-2019, 08:53
|
#15
|
Registered User
Join Date: Mar 2006
Location: Winnipeg
Boat: None at this time
Posts: 8,462
|
Re: CF Passwords Hacked?
Quote:
Originally Posted by Lake-Effect
If a site's login page is not https, the password still travels in the clear, even if you have a pw manager.
|
True, however, a good password manager makes it easy to have separate passwords for each of the sites that you have to log in to. That way if your password for CF is hacked it doesn't lead anywhere other than your email address.
|
|
|
|
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Advertise Here
Recent Discussions |
|
|
|
|
|
|
|
|
|
|
|
|
Vendor Spotlight |
|
|
|
|