Thursday, November 22nd 2012

Please Reset Your TechPowerUp Forums Password

Earlier today (22/11), TechPowerUp servers were hacked. The attacker gained access to the forums user database, the one which stores user information. Details such as usernames, hashed and salted passwords fell into the wrong hands. Thanks to GPGPU, the passwords are as good as compromised. We have undertaken a security review, and are mandating a password change for all users. Your old password will not work, click on "forgot password" link and follow the instructions to reset it. If you use the same password (as your old TPU password) elsewhere (other sites), change it to something completely different. We sincerely apologize for the inconvenience, and promise to improve our security infrastructure.

If you no longer have access to the email account you used to register, please email w1zzard@techpowerup.com and mention your username, old e-mail, new e-mail and IP address you typically use to post on the forums.
Add your own comment

221 Comments on Please Reset Your TechPowerUp Forums Password

#1
stinger608
Dedicated TPU Cruncher & Folder
Password all taken care of. Good job Admin's for quickly getting on top of this.
Posted on Reply
#2
W1zzard
by: Norton
Did they just get to the user/password data or did they get access to the PM system too???
They only got the user table. So username, password, email address.

PMs were not accessed
Posted on Reply
#3
qubit
Overclocked quantum bit
You know what seems especially odd about this hack to me? It happened just as you launched a new website. I'm sure it's got something to do with it. What, I don't know.
Posted on Reply
#4
trickson
OH, I have such a headache
Man I hate hackers they are as low as you can get. Pedophiles of the internet!
Posted on Reply
#5
manofthem
by: W1zzard
They only got the user table. So username, password, email address.

PMs were not accessed
Good thing I changed my email password right away too!

by: qubit
You know what seems especially odd about this hack to me? It happened just as you launched a new website. I'm sure it's got something to do with it. What, I don't know.
Lots of people are online shopping since it's a holiday, maybe that
Posted on Reply
#6
Kreij
Senior Monkey Moderator
by: btarunr
Yeah, Sony and NVIDIA taught us how not to speak to our readers about the situation.
You could have had a massive cover up for a week and then let one of the mods "leak" the info. Just think of the additional site traffic, flaming and potential massive increase in infractions !! :laugh:

Any site can get hacked including banks and military networks if the hacker is persistent enough. That's why I tend to not get too critical of the big boys when something like this happens ... unless they are not encrypting and/or salting critical user info.
Posted on Reply
#7
Daimus
Thanks for the quick deleting of my dumb thread Kreij!:toast:
Thanks btarunr for the infomation.
Posted on Reply
#8
btarunr
Editor & Senior Moderator
by: qubit
You know what seems especially odd about this hack to me? It happened just as you launched a new website. I'm sure it's got something to do with it. What, I don't know.
A conspiracy to strip TPU of vBulletin and implement Disqus all over? Maybe you're onto something.
Posted on Reply
#9
qubit
Overclocked quantum bit
by: btarunr
A conspiracy to strip TPU of vBulletin and implement Disqus all over? Maybe you're onto something.
You might be taking the mickey, but the coincidence is a little odd, don't you think? It's not unreasonable to question it.

EDIT: motive? Just to make tpu look bad, because these hackers are mean f*ckers and like to spoil people's fun. Either that, or there's something deeper that we don't know about.
Posted on Reply
#10
Kreij
Senior Monkey Moderator
by: Daimus
Thanks for the quick deleting of my dumb thread Kreij!:toast:
Thanks btarunr for the infomation.
I didn't delete it as I don't have mod access to that section, I just posted a link to this thread.
Don't worry, though, when something happens on the site and people freak out, they tend to comment before reading other threads. Happens all the time.

You should have seen comments and feedback after W1zz posted the fake takedown notice. rofl
Posted on Reply
#11
RejZoR
Don't want the Disqus...
Posted on Reply
#12
trickson
OH, I have such a headache
by: W1zzard
They only got the user table. So username, password, email address.

PMs were not accessed
So even emails? F**K! I bet they spam the sh*t out of us. So no way to tell us just who did this? Is there any way to bring criminal charges against them for this?

I feel violated raped almost!
Posted on Reply
#13
catnipkiller
Yeah i had to reset me pass as i wouldn't let me log in. Don't know if it was changed by some1 or it was just reset. Shitty hackers.
Posted on Reply
#14
W1zzard
by: qubit
You might be taking the mickey, but the coincidence is a little odd, don't you think? It's not unreasonable to question it.

EDIT: motive? Just to make tpu look bad, because these hackers are mean f*ckers and like to spoil people's fun. Either that, or there's something deeper that we don't know about.
i know the attack vector and it was not npu .. /conspiracy
Posted on Reply
#15
qubit
Overclocked quantum bit
by: W1zzard
i know the attack vector and it was not npu .. /conspiracy
Just some ****** (insert your own expletive) out to spoil our fun then. Hate people like that.
Posted on Reply
#16
[Ion]
WCG Team Assistant
W1zzard, thank you for being awesome and getting this for me so fast! :respect:
Posted on Reply
#17
Kreij
Senior Monkey Moderator
by: trickson
So even emails? F**K! I bet they spam the sh*t out of us.
If you shop online, half the companies you use probably sell their e-mail lists at some point, or at least give them to 3rd party "partners" (who never had an agreement with you not to sell them).
I doubt you will see a huge increase in spam.

Your username is public knowledge (as it's in every post you make) and your password has now been reset, so I wouldn't sweat it too much unless you use the same password all over the internet (which has always been a bad idea).
Posted on Reply
#18
trickson
OH, I have such a headache
by: Kreij
If you shop online, half the companies you use probably sell their e-mail lists at some point, or at least give them to 3rd party "partners" (who never had an agreement with you not to sell them).
I doubt you will see a huge increase in spam.

Your username is public knowledge (as it's in every post you make) and your password has now been reset, so I wouldn't sweat it too much unless you use the same password all over the internet (which has always been a bad idea).
No I have a different password for every thing I do. I have so many I have a list of them all and cross them off when they get changed. Thank you for this. It has made me feel much more at ease.
Posted on Reply
#19
cdawall
where the hell are my stars
It was Alec§taar.
Posted on Reply
#20
Fourstaff
Somehow I feel completely safe even if some of my data got stolen. Perhaps I have too much trust in Wiz's abilities (not necessarily a bad thing)
Posted on Reply
#21
KainXS
that guy did have alot of boiled up hatred for newtekie and most other users like solaris(mainly newtekie) and all the admins and mod but he was banned long long ago

couldn't see it being him . . . . . . . . . u jokin
Posted on Reply
#22
D007
Ahh I was wondering what happened. That would explain it XD.
It's pathetic people have nothing better to do than be scumbags..

PS: I sure hope no one is using their old password again.. That would be a bad idea.
Make it something new.
Posted on Reply
#23
trickson
OH, I have such a headache
Is this also affecting the TPU GN forum? I mean should I change my password there as well? And will implement the same security over there as well?
Posted on Reply
#24
erocker
by: trickson
Is this also affecting the TPU GN forum? I mean should I change my password there as well? And will implement the same security over there as well?
No.
Posted on Reply
#25
trickson
OH, I have such a headache
by: erocker
No.
Thank You. :respect:
Posted on Reply
Add your own comment