OSBA Database user passwords cracked

[Andrew]

OSBA's database was cracked earlier today by PTCFast2 and another person, in an attempt at stealing R-TYPE and Glendacorps user information.

The cracking effort led by PTCFast2 uncovered at least the passwords of: Grabberslasher's password (however this has changed since), Erik/EBD's password, Zammis's password, and possibly KenOath's.

The Control Panel for OSBA.RTYPE was also hacked into. That site http://osba.r-type.ca/ has been taken offline for an unknown length of time.

I have tested a stolen password, and used it successfully. This leak is very real. PTCFast2 and another person have also launched thier own OSBA clone, thier forum called "OSBetaSpace" is down at the moment, but definately log in and have a chat (http://osbs.mtxstudios.com/index.php) as soon as the forum goes online.

You are all advised to change your passwords if they are currently the same as they were in October 2005. You can thank another person and PTCFast2 for this privacy issue, and for the original leak of the forum database.

To view if your password has been cracked recently, go to http://milw0rm.com/cracker/list.php, and look for your password. (usernames are not visible, so you cannot use this list to find other users passwords).

Posting a link or method on how to do similar attacks will result in an instant warn. BetaArchive will not be affected by this leak as our site includes none of the stolen database (unless of course your password is the same).

Cracking is thought to have began nearly a day ago from this post, and there is a possibility that a more recent database has also leaked.

[___]

impossible to crack eh?

[moonlit]

Aren't the passwords stored as MD5 hashes?

[Andrew]

Yes, but they used a brute force md5 hash cracker

[moonlit]

Ho hum... still, shouldn't be too much of an issue since we all change our passwords regularly...

...right?

[___]

I DO I DO!

[kichimi]

i do, but alot of my passwords are the same as the one i found on that webpage *Gets scared and hides in corner crying*

EDIT: All Changed *continues to cry in corner*

[pr0gram the pr0grammer]

F--king great, first all the PMs leak, then the passwords get cracked...

[kichimi]

This could have been prevented

[KenOath]

[censored] great, first all the PMs leak, then the passwords get cracked...

Exactly my response, I logged in yesterday & found I had 69 inbox PM's
30odd saved/sent PM's & now I've just found my password on that sight
that Braindrain posted above...

It's a shame that I've gone to the trouble of making iso's , nfo's & rarred
a [censored] load of betas & a bunch of other crap to release when I feel the time was right....
Guess what , it ain't happening for a damn long time now, if at all...
& to think I was wasting my time & money on a server...
If anyone here knows the f-wits responsible, give em the message,
everyone looses...
Must be time for a new hobby already...

[___]

this is a sad day. maybe a few new betas could help make people forget all this crap and get on with the beta world

[Vista Ultimate R2]

Glad I wasn't around in those days - I use the same password for everything (not that you know who I am so it's not like you could go and log into my email account or ebay or anything, I suppose).

[tails92]

These two crackers have done a sad thing that serves no purpose except to degrade the beta community.
These crackers are stupid people, really.

[merty]

It was very shameful of those two to do that.
and making the scene of Beta's much worse.

[kichimi]

Do you rekon they feel guilty? what drove them to do this?

[Andrew]

I put KenOath's info on milworm to check if they really could crack anything, as he was the only friend I had out of list they gave. I'm not sure which hash is his, so I can't email milworm and ask for it to get removed. kichimi, if you mean about puttign KenOath's info on milworm, then definately, he has good reason to take me down because of this, I was real stupid, and I've caused a lot of problems, I've been watching this thread for a few hous now, I hope he is still wanting to talk to me.

PTCFast2 gave me the code to get his password (his specifically), along with the other people in the list, which he still has and may use. I guess I'll be in the same court as those two - I'd rather announce this this than shut-up and let them fall for something I've done which seems to be the way things are going.

To reconfirm I put KenOath's info on milworm.

[CoreDuo]

i was no where to be found in October 2005 so as far as this goes i'm fine. It's just sad that idiots go through the trouble of doing. I have the feeling that the database shouldn't have been leaked to prevent this chaos

[koll2786]

f**king lies, i didn't hack any password of anyones so please dont post bulls**t. In fact I only found out ebds pass because a msn cintact told me so. In fact why would i want to steal people's passwords????. I have no use for them. I admit a wrong duing posting his password in msn to ptcfast2 and braindrain. But I don't think ptcfasts2 intent of hacking passwords is meant to scare people. And surely he wasnt going to hack kenoath because he didn't say anything to me about kenoath.

Admin Edit: Please star out swearing in future.

[Andrew]

Thanks for correcting that Koll, an as of yet unknown person, and PTCFast2 stole the passwords. Koll relayed one of them, leading to an assumption that the other person was Koll. Again, this was my mistake, and I am very sorry for coming to this conclusion. I agree with Gravynaster64, the leak has caused a lot of problems.

[KenOath]

I really don't care that my password was posted on milworm, nobody here
knows what password go's with what name anyway so it's not an issue...
It's the fact that someone would go to the trouble of hacking my account
& share the info with others that has pissed me off...

[Andy]

I think its pathetic to be honest.

If your password has possibly been posted and you use the same on on BetaArchive can I please ask that you change it, even if its just one digit/letter. This may help to avoid anyone that wants to spam the forum.

[koll2786]

noones passwords have been posted not at least to my knowledge, as far as I can understand. I don't know what I haven't heard. My advice is if you want your account deleted or changed email me at aspx@cogeco.ca. I am sorry for my action's and I am taking necessary steps to prevent from any more password leakage. As far as I am concerned the only one who had his password leaked by members is Erik Somerdyk. I have emailed him my part of the story, and as He may now be aware my old password was leaked too.

[kichimi]

I think its pathetic to be honest.

I agree, this is stupid

[koll2786]

If anymore problems arrise, let it be known that OSBetaSpace does not use the leaked osba database anymore and that it was destroyed. Let it be said shard does not condone this and that Liebo and Grabberslasher may or may not be to friendly about using the database too. As far as it goes the only person who had thier password leak was EBD, mine was a stupid /msg nickserv. The other person who did the leak of ebds password also would like to make known that he is not targeting anybody but was only targetting erik as erik did something very nasty to him and he thought this would be a perfect way to get back at him. So mods you can close this topic now, and members of osba change your passwords and if something goes wrong do not assume that it was OSBetaSpaces as we assure that the database has been destroyed.

[Andy]

Topic locked. Topic has gone far enough and request for lock was made.