Thursday, November 22nd 2012

Please Reset Your TechPowerUp Forums Password

by
btarunr
 Discuss (221 Comments)
Earlier today (22/11), TechPowerUp servers were hacked. The attacker gained access to the forums user database, the one which stores user information. Details such as usernames, hashed and salted passwords fell into the wrong hands. Thanks to GPGPU, the passwords are as good as compromised. We have undertaken a security review, and are mandating a password change for all users. Your old password will not work, click on "forgot password" link and follow the instructions to reset it. If you use the same password (as your old TPU password) elsewhere (other sites), change it to something completely different. We sincerely apologize for the inconvenience, and promise to improve our security infrastructure.

If you no longer have access to the email account you used to register, please email w1zzard@techpowerup.com and mention your username, old e-mail, new e-mail and IP address you typically use to post on the forums.
Add your own comment

221 Comments on Please Reset Your TechPowerUp Forums Password

#151
qubit
Overclocked quantum bit
HiSpeedYou misunderstood my question.
When a forum is hacked like that, it seems for me an elementary thing to prevent all the users by e-mail, because a lot of them are not aware...
Ok, I see. Good suggestion and I see that W1zz has already taken you up on it.
Posted on Reply
#152
tomkaten
Damn hacker(s), I had to create a special account for TPU in my password hasher :)

Thanks for letting us know so quickly, though.
Posted on Reply
#153
plywood99
plywood99PW reset, thank you for the heads up on this.
Now to ask a few questions...

1) Wizz, I know what Hashed and Salted means, but maybe you could enlighten us a bit more?
What methods were used? A properly salted and hashed password table will be pretty much useless to hackers correct?

2) You mention "upgrading" to banking grade security. What grade was the security that got hacked then? Grade school basic programming?

3) Why is it that sites always wait till they are hacked then say ZOMG we better upgrade. Would it be best to wait till after I jump from an airplane to make sure I have a proper parachute?

Not trying to flame mind you, but this is quite a pisser...
Looked over my original post and it seems a bit harsh, so my apologies on that.
However I very much would like a reply to those questions.
I don't post much but I'm a long time member who reads this site everyday.
Posted on Reply
#154
Spotswood
plywood99Looked over my original post and it seems a bit harsh, so my apologies on that.
However I very much would like a reply to those questions.
I don't post much but I'm a long time member who reads this site everyday.
Not harsh enough, IMHO. :banghead:

What steps were taken so this doesn't happen again?
Posted on Reply
#156
Solidstate89
Well that certainly explains why I couldn't log in.

Times like these I'm quite happy I use LastPass. Good luck bruteforcing my old password you chucklefuck hackers. :laugh:
Posted on Reply
#157
chaotic_uk
Morgothno
the issue is back in 2007 i blocked tpu emails afhter geting all those enjoying subscribe emails, i couldt figure out how to make that stop on the forum side so i just blocked tpu
ok thx ;) .


i had already reset my password then got the email about this lol
Posted on Reply
#158
m1919
Took a long while before the password reset would actually work for me.
Posted on Reply
#159
Fierce Guppy
Oh, good.

The techpowerup email/password handling service is working again. I've just gotten a bevy of emails from previous attempts over the past two hours to get a new password sent using the same email address.
Posted on Reply
#160
IRQ Conflict
Well, that was a bit of messing around. Took a while but I finally got my emails. Didn't think the reset was working so I tried three times. Patience I need, yes. Thank-you w1zzard and gang. It's all sorted now.
Posted on Reply
#161
Athlonite
Thanks for the heads up Admins I hope the slimy little bastards get butt raped by an heard of bull elephants arrested by navy seals put on a sub taken down to 2500ft and emailed out of the torpedo tubes
Posted on Reply
#162
Baum
PW changed ^^
I have used the same password far away from this site, and as long as no one knows me in person there is no connection to my other site that means i don't need to change every password right?

anything on my profile is secured with different password + and i don't had the same for the email used here.

just to stay safe
Posted on Reply
#163
Norton
Moderator - Returning from the Darkness
I guess there's a side benefit to getting hacked- haven't seen this many members logged onto the site in at least 6 months.

Conspiracy theory would say that W1zz hacked his own site :twitch:

or

It's just a case of Weddings and Funerals

Welcome Back to All members (new and old)!!! :toast:
Posted on Reply
#164
Kreij
Senior Monkey Moderator
NortonConspiracy theory would say that W1zz hacked his own site
W1zz : Let's tell the users the site was hacked so we get more traffic.
Bta : Okay, I'll get the popcorn.

lol
BaumI have used the same password far away from this site, and as long as no one knows me in person there is no connection to my other site that means i don't need to change every password right?
It's up to you, but I would change it just to be sure.
Posted on Reply
#165
Thefumigator
Its the first time something like this happens to me. password changed.
Was TPU hacked before? sheesh
Posted on Reply
#166
W1zzard
ThefumigatorWas TPU hacked before?
nope
Posted on Reply
#167
qubit
Overclocked quantum bit
W1zzardnope
So, over 8 years online without an incident like this. Good record, I'd say. :toast:
Posted on Reply
#168
lyndonguitar
I play games
maybe lets celebrate, its the first ever hack, lets make this a special day for the site and start a friendly hacking competition/event or something every year lol
Posted on Reply
#169
Nelly
Thanks for letting us know, probally sounds daft saying that, but Scan the retailer here in the UK got hacked in 2007, and never bothered to tell anyone, then they got hacked again about two weeks ago, and never bothered to tell anyone again.

It was only when people received emails with their passwords in the title, they was sussed out, how great is that, when they have our bank details and ordering info, secret question etc lol.

Link >> forums.hexus.net/scan-care-hexus/265549-security-breach-scan-consider-least-changing-passwords.html
Posted on Reply
#170
Unregistered
NellyScan the retailer here in the UK got hacked in 2007, and never bothered to tell anyone, then they got hacked again about two weeks ago, and never bothered to tell anyone again.
That's a very good advertizing for them. :D
Posted on Edit | Reply
#171
Thefumigator
HiSpeedThat's a very good advertizing for them. :D
makes me think about the big retailers like amazon and newegg and the like... do they ever get hacked and how often... I mean, look at paypal...
Posted on Reply
#172
XeoNoX
mtosevforum not up to date and someone found a security hole and hacked the forum?
i would agree in most cases and its a common problem, why TPU didnt patch known exploits to protect its users and its reputation is beyond me.
Posted on Reply
#173
XeoNoX
btw b/c of this security breach i'm VERY surprised TPU didn't recommend users change their passwords to other webiste/services that use the same username/password as it will be a matter of time before the attacker(s) get to it.
Posted on Reply
#174
W1zzard
XeoNoXi would agree in most cases and its a common problem, why TPU didnt patch known exploits to protect its users and its reputation is beyond me.
The hack did not happen due to a vBulletin security issue.

Which known exploits are you talking about?
Posted on Reply
Add your own comment
Apr 26th, 2024 18:41 EDT change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts