[IMPORTANT] Account Security

BHW-News

Super Moderator
Staff member
Moderator
Jr. VIP
Joined
Mar 26, 2013
Messages
15,019
Reaction score
10,735
Website
support.blackhatworld.com
Sept 2017 Update

Save time and enable 2-factor now.

We've recently added a new security module to keep one step ahead - we'll be asking that all accounts reset their passwords and then will be required to do so periodically on a rotating basis.

PLEASE NOTE - those enabling 2-factor authentication will NOT BE required to reset their passwords in future.

Now to enable 2-Factor on BHW - https://www.blackhatworld.com/seo/important-account-security.879700/

With hacks this month on institutions like Equifax and it's 142 million customers it's time to make some updates to your personal security.


Setting up 2 step verification:


Two-Step verification link:
http://www.blackhatworld.com/account/two-step

On this page you can manage trusted devices and set up your phone to act as a security backup on your account. Once you have set up two-step, you will see the following screen:

f4861925564385bd951075d84bb4cb43.png


Clicking "Manage" will let you view your backup codes, like this:

0f8c7825d2c8e6b38e9b41c8caeb937e.png

(don't get excited, these aren't my backup codes)

YOU MUST SAVE YOUR BACKUP CODES IN A SAFE PLACE.

Doing this will let you regain access to your account if your phone is lost or your email compromised.

We'll put more detailed instructions about setting up two-step verification in the near future. In the meantime, if you're having problems accessing your account or think it might have been compromised, please report this here: support.blackhatworld.com


--------------------------------------------
2016

There's been reports of a few compromised accounts lately and I keep seeing posts attributing this to an alleged bhw database hack around 2013/14

We take security seriously and have been looking into this in depth. A few patterns have emerged so please look at the checklist below to see if you could be affected. Regardless, it's a good idea to consider securing your account using the new two-step verification.

Details

We spent a lot of time trying to track down any leaks from the BHW database, both internally and externally. We've looked at the articles on other sites claiming our database was hacked or posts made by people offering our DB as a download. We also ran numerous security checks and penetration tests.

To date, we've found no evidence whatsoever that BHW account information has been leaked. Tellingly, none of the compromised accounts were moderator or admin level which you would have thought would have been a priority for anyone with username, email or password details.

However, we are aware that that lots of vbulletin forums have allegedly been breached over the last couple of years which was a prime consideration in finding a new platform and providing enhanced security with two-step verification which we strongly suggest you enable to help keep your account secure.

The two largest recent breaches have been millions of email account details from yahoo.com and mail.ru I've restored 6 compromised accounts over the last couple of months - all of the members concerned had yahoo email addresses. Breach info reported here 2017 UPDATE - Equifax have also become victims with 143 million + user details now out there.

If any of the following apply to you, please make sure you change your password asap and set up two-step verification on your BHW account.

You've ever received emails from BHW to these accounts:
  • yahoo.com
  • mail.ru

You have the same bhw username (or security credentials or personal information) registered on any of these forums:
  • bitcointalk
  • BTC-E
  • warrior forum
  • digital point
  • wickedfire
  • bestblackhatforum

If you believe anything is missing from this list, please either contact support or report it with the details of the site you want added. PLEASE NOTE: we have not managed to verify these sites were compromised, however it's important to inform you of any potential risk.
 
Last edited by a moderator:

Diamond Damien

Owner BlackHatWorld
Staff member
Joined
Oct 27, 2005
Messages
64,738
Reaction score
19,408
Website
www.BlackHatWorld.com
Due to the recent much publicised Yahoo Breach in 2014 we've published the recommendations above for BHW. Obviously this information has been leaked and would have been tried against many different accounts. I'd recommend services such as 1Password / Keychain (if you're a mac user), / LastPass (no BHW affiliations).

REMEMBER
Hackers often use news of big breaches to conduct "phishing" campaigns, sending official-looking emails that make it seem as if Yahoo or other legitimate services are asking them to supply information or click through to a link to repair any damage — something legitimate services will not do.

Change those passwords and keep your BHW account locked down with 2 factor Authentication.

2017 update - we're going back to requiring users to use unique passwords. HOWEVER if you enable 2-factor Authentication then you won't be required to reset your passwords as often.
 
Last edited:

Reaver

Elite Member
Joined
Aug 6, 2015
Messages
1,898
Reaction score
5,790
I use 2 step verification for the site. It's pretty awesome, and not as much of a pain as you'd think. It actually only takes an extra couple of seconds when signing in.

Plus I keep my passwords at least 14 characters, and fill them with special characters and numbers. You know, basic stuff. Never had a problem.
 

JasonXDC

Regular Member
Joined
Sep 17, 2015
Messages
305
Reaction score
142
kudos to the mods who take an active stance on such serious issues. It's good to know you guys are on top of things.
 

aurarank

Jr. VIP
Jr. VIP
Joined
Apr 3, 2010
Messages
4,817
Reaction score
5,264
Glad to see that the security of this forum is being taken very seriously. Going to be jumping on this 2-step security process.

Luka
 

dave124

Registered Member
Joined
Sep 8, 2016
Messages
93
Reaction score
6
I am not in any one of the above forums, so safe. Some people always release fake news like gossip.
 

Aty

Elite Member
Joined
Jan 27, 2011
Messages
7,631
Reaction score
5,297
2 step verification activated, thanks for the notification.
 

macdonjo3

Jr. VIP
Jr. VIP
Joined
Nov 8, 2009
Messages
8,380
Reaction score
8,665
Great tutorial Apricot.

I use 2-step for everything. A plain text password only goes so far these days.
 

coldice

Regular Member
Joined
Dec 4, 2015
Messages
357
Reaction score
80
I am going to change my registered email address and password.
However my account is not useful since it has very less posto_O
 

tasburrfoot

Regular Member
Joined
Dec 16, 2008
Messages
338
Reaction score
162
You can see if your email/details were compromised in any big breaches via https://haveibeenpwned.com/

you can also setup a notification for your emails, so you get emailed anytime your information gets dumped, so you can respond quickly and change your PW's.
 

bartosimpsonio

Jr. Executive VIP
Jr. VIP
Joined
Mar 21, 2013
Messages
21,709
Reaction score
27,316
Website
coinmarketcap.com
Thanks for the heads up.

I've changed my password several times and no longer use Yahoo so it's impossible to steal my credentials using that older Y! exploit.

Maybe the posts we've seen lately are tracer bullets? They post a comment just to see if a hacked account is active, then they sell it somewhere?
 
Top