Thursday, November 22nd 2012

Please Reset Your TechPowerUp Forums Password

Earlier today (22/11), TechPowerUp servers were hacked. The attacker gained access to the forums user database, the one which stores user information. Details such as usernames, hashed and salted passwords fell into the wrong hands. Thanks to GPGPU, the passwords are as good as compromised. We have undertaken a security review, and are mandating a password change for all users. Your old password will not work, click on "forgot password" link and follow the instructions to reset it. If you use the same password (as your old TPU password) elsewhere (other sites), change it to something completely different. We sincerely apologize for the inconvenience, and promise to improve our security infrastructure.

If you no longer have access to the email account you used to register, please email w1zzard@techpowerup.com and mention your username, old e-mail, new e-mail and IP address you typically use to post on the forums.
Add your own comment

221 Comments on Please Reset Your TechPowerUp Forums Password

#1
qubit
Overclocked quantum bit
by: HiSpeed
You misunderstood my question.
When a forum is hacked like that, it seems for me an elementary thing to prevent all the users by e-mail, because a lot of them are not aware...
Ok, I see. Good suggestion and I see that W1zz has already taken you up on it.
Posted on Reply
#2
tomkaten
Damn hacker(s), I had to create a special account for TPU in my password hasher :)

Thanks for letting us know so quickly, though.
Posted on Reply
#3
plywood99
by: plywood99
PW reset, thank you for the heads up on this.
Now to ask a few questions...

1) Wizz, I know what Hashed and Salted means, but maybe you could enlighten us a bit more?
What methods were used? A properly salted and hashed password table will be pretty much useless to hackers correct?

2) You mention "upgrading" to banking grade security. What grade was the security that got hacked then? Grade school basic programming?

3) Why is it that sites always wait till they are hacked then say ZOMG we better upgrade. Would it be best to wait till after I jump from an airplane to make sure I have a proper parachute?

Not trying to flame mind you, but this is quite a pisser...
Looked over my original post and it seems a bit harsh, so my apologies on that.
However I very much would like a reply to those questions.
I don't post much but I'm a long time member who reads this site everyday.
Posted on Reply
#4
Spotswood
by: plywood99
Looked over my original post and it seems a bit harsh, so my apologies on that.
However I very much would like a reply to those questions.
I don't post much but I'm a long time member who reads this site everyday.
Not harsh enough, IMHO. :banghead:

What steps were taken so this doesn't happen again?
Posted on Reply
#5
.:{KC}:.
Done! Thanks for your help!
Posted on Reply
#6
Solidstate89
Well that certainly explains why I couldn't log in.

Times like these I'm quite happy I use LastPass. Good luck bruteforcing my old password you chucklefuck hackers. :laugh:
Posted on Reply
#7
chaotic_uk
by: Morgoth
no
the issue is back in 2007 i blocked tpu emails afhter geting all those enjoying subscribe emails, i couldt figure out how to make that stop on the forum side so i just blocked tpu
ok thx ;) .


i had already reset my password then got the email about this lol
Posted on Reply
#8
m1919
Took a long while before the password reset would actually work for me.
Posted on Reply
#9
Fierce Guppy
Oh, good.

The techpowerup email/password handling service is working again. I've just gotten a bevy of emails from previous attempts over the past two hours to get a new password sent using the same email address.
Posted on Reply
#10
IRQ Conflict
Well, that was a bit of messing around. Took a while but I finally got my emails. Didn't think the reset was working so I tried three times. Patience I need, yes. Thank-you w1zzard and gang. It's all sorted now.
Posted on Reply
#11
Athlonite
Thanks for the heads up Admins I hope the slimy little bastards get butt raped by an heard of bull elephants arrested by navy seals put on a sub taken down to 2500ft and emailed out of the torpedo tubes
Posted on Reply
#12
Baum
PW changed ^^
I have used the same password far away from this site, and as long as no one knows me in person there is no connection to my other site that means i don't need to change every password right?

anything on my profile is secured with different password + and i don't had the same for the email used here.

just to stay safe
Posted on Reply
#13
Norton
WCG-TPU Team Captain
I guess there's a side benefit to getting hacked- haven't seen this many members logged onto the site in at least 6 months.

Conspiracy theory would say that W1zz hacked his own site :twitch:

or

It's just a case of Weddings and Funerals

Welcome Back to All members (new and old)!!! :toast:
Posted on Reply
#14
Kreij
Senior Monkey Moderator
by: Norton
Conspiracy theory would say that W1zz hacked his own site
W1zz : Let's tell the users the site was hacked so we get more traffic.
Bta : Okay, I'll get the popcorn.

lol

by: Baum
I have used the same password far away from this site, and as long as no one knows me in person there is no connection to my other site that means i don't need to change every password right?
It's up to you, but I would change it just to be sure.
Posted on Reply
#15
Thefumigator
Its the first time something like this happens to me. password changed.
Was TPU hacked before? sheesh
Posted on Reply
#16
W1zzard
by: Thefumigator
Was TPU hacked before?
nope
Posted on Reply
#17
qubit
Overclocked quantum bit
by: W1zzard
nope
So, over 8 years online without an incident like this. Good record, I'd say. :toast:
Posted on Reply
#18
lyndonguitar
I play games
maybe lets celebrate, its the first ever hack, lets make this a special day for the site and start a friendly hacking competition/event or something every year lol
Posted on Reply
#19
Nelly
Thanks for letting us know, probally sounds daft saying that, but Scan the retailer here in the UK got hacked in 2007, and never bothered to tell anyone, then they got hacked again about two weeks ago, and never bothered to tell anyone again.

It was only when people received emails with their passwords in the title, they was sussed out, how great is that, when they have our bank details and ordering info, secret question etc lol.

Link >> http://forums.hexus.net/scan-care-hexus/265549-security-breach-scan-consider-least-changing-passwords.html
Posted on Reply
#20
HiSpeed
by: Nelly
Scan the retailer here in the UK got hacked in 2007, and never bothered to tell anyone, then they got hacked again about two weeks ago, and never bothered to tell anyone again.
That's a very good advertizing for them. :D
Posted on Reply
#21
Thefumigator
by: HiSpeed
That's a very good advertizing for them. :D
makes me think about the big retailers like amazon and newegg and the like... do they ever get hacked and how often... I mean, look at paypal...
Posted on Reply
#22
XeoNoX
by: mtosev
forum not up to date and someone found a security hole and hacked the forum?
i would agree in most cases and its a common problem, why TPU didnt patch known exploits to protect its users and its reputation is beyond me.
Posted on Reply
#23
XeoNoX
btw b/c of this security breach i'm VERY surprised TPU didn't recommend users change their passwords to other webiste/services that use the same username/password as it will be a matter of time before the attacker(s) get to it.
Posted on Reply
#24
W1zzard
by: XeoNoX
i would agree in most cases and its a common problem, why TPU didnt patch known exploits to protect its users and its reputation is beyond me.
The hack did not happen due to a vBulletin security issue.

Which known exploits are you talking about?
Posted on Reply
Add your own comment