MyBB Twitter & Staff Account Hacked.

Discussion in 'MyBB' started by Azareal, Jan 27, 2015.

  1. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
    mybb-2.PNG
    B8Xr9JICMAA0DoN.png

    This is currently up on their Twitter account.
    From the looks of some of the screenshots on the Twitter Account, they may have compromised a staff member's account on MyBB.com.
    Edit: They probably don't have links to the ACP enabled, so it could be an admin account.

    Update: It's been confirmed that a moderator's account was compromised, and that the IP Addresses of all the staff was dumped on Pastebin (not sure what they're trying to accomplish with this). Along with the obvious being that the culprit compromised the Twitter Account.
     
    Last edited: Jan 27, 2015
    • Informative! Informative! x 2
    • List
  2. Jake

    Jake Developer

    1,058
    362
    +1,111
    • Informative! Informative! x 1
    • List
  3. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
  4. Danielx64

    Danielx64 Developer

    3,330
    607
    +1,395
    Not looking good for MyBB again.
     
    • Agree Agree x 3
    • Disagree Disagree x 1
    • List
  5. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
    I thought that MyBB was supposed to implement multi-factor authentication after the last incidents which was supposed to stop things like this from happening again..?
     
    Last edited: Jan 27, 2015
  6. Danielx64

    Danielx64 Developer

    3,330
    607
    +1,395
    That what I was thinking.
     
  7. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    2FA is included in the next release, not the current release.

    A member of the development team's account was hacked (it's not clear how as we have been unable to contact them as of yet, but we're currently assuming it was via social engineering). The staff member in question does not have ACP access, but did manage to get the last used IP addresses for all staff members, which they then dumped to Pastebin. The hacker also got the Twitter login credentials from a private thread that staff team members can view and changed the Twitter email and password.

    We will be doing a full incident report on our blog once we know more, but I must stress that this does not seem to have been caused by a flaw within the MyBB software at this point in time. This seems to be an unfortunate incident in which a staff member was a victim of a social engineering type attack.

    As above, the two are linked rather than being exclusive. The MyBB account seems to have been used to view the Twitter login thread we have internally. This is what actually allowed us to realise which staff member it was that was compromised as nobody else had viewed that thread in the last few days.
     
    • Informative! Informative! x 2
    • List
  8. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
    -2.PNG
    The culprit still seems to be tweeting via the MyBB Twitter Account.
    Well, that explains why they've been tweeting for four hours without anyone stopping them.
    I assume that you probably have a way to lock them out of the Twitter account and to reclaim control..?
     
  9. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    Yes, they seem to still have control. The only people who can do anything about this unfortunately is Twitter. The hacker has changed both the email and password for the account. Several team members have contacted Twitter without any kind of response or acknowledgement as of now.

    Matt has just recently posted an official thread on the matter, with a blog post to follow as we know more: http://community.mybb.com/thread-166257-post-1135637.html#pid1135637

    It's worth noting that the @MyBBGroup account hasn't been compromised and we still have full access to that. We will likely be using that for the time being.
     
  10. R44

    R44 Asperger's Network? Absolutely.

    1,071
    167
    +415
    Congratulations guys. You got "compromised" by a retard.

    That aside, he only wanted access to the staff forum. From there he has taken the vulnerabilities. So my priority would be patching them and rolling out an update in the meantime. One staff member can continue securing Effones account.
     
    • Meh Meh x 2
    • Funny Funny x 1
    • List
  11. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
    3.PNG
    Is this statement true? Are there any unpatched exploits which they may have taken?
     
  12. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    There are a few XSS flaws that are patched for 1.8.4, but not officially released yet. There are a few other patches coming in 1.8.4 too. I don't want to release full details into the wild unless we, as a team, decide to do so.
     
  13. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    We are working on doing just that. We don't now believe it is effone is compromised as the attacker states he still has access, and effone is banned.
     
  14. Blind Bandit

    Blind Bandit Fanatic

    3,487
    1,112
    +420
    Mybb needs to get this handled ASAP. Mybb already has a damaged reputation from this happening in the past.
     
  15. R44

    R44 Asperger's Network? Absolutely.

    1,071
    167
    +415
    I'm famous :D

    On Twitter? I wouldn't listen to him. He is deranged.
     
  16. BrandonSheley

    BrandonSheley loving life

    2,597
    1,072
    +948
    I'm surprised they didn't have 2 factor setup on their twitter account with all the recent issues Mybb has had in the last year.
    With that said, it's very easy for them to get back their account. It may take twitter 2 or 3 days but they can get it back and hopefully secure it this time..
     
  17. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    We have to take everything said to be true to be sure. We can't just assume these things, we have to assume the worst.

    Enabling 2FA is problematic as the Twitter account is shared between all team members who've been with us for more than 3 months. Anybody on staff can use the account to provide quick support and to post updates. 2FA just doesn't work in this scenario.
     
  18. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
    Even if his telling the truth, there's always the possibility that several accounts were compromised.
     
  19. BrandonSheley

    BrandonSheley loving life

    2,597
    1,072
    +948
    They need to rethink this approach then ;)

    @Mybb_bob can provide support just the same as @Mybb_jim can.
     
  20. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    There's a possibility, which is why we're scouring server access logs for new IPs for all staff members.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.