TapaTalk hacked

Discussion in 'Forum Software' started by WoodiE55, Dec 13, 2014.

Tags:
  1. WoodiE55

    WoodiE55 Enthusiast

    187
    83
    +33
    Just received this email from TapaTalk. Better go change your passwords.




    Dear Tapatalk Forum Community,

    Today we discovered that someone had used an exploit in a third party plugin on the Tapatalk support forums, leading to the disclosure of email addresses and encrypted passwords, and possibly passwords in cleartext if you attempted to login since December 9th.

    Due to this incident, please log into www.tapatalk.com/v2 and change your password.

    • Please choose a strong password, containing a mix of upper and lower case letters, numbers and even symbols if possible.
    • Never use the same password on more than one site. Passwords should be unique to each site they access in order to comply with basic security best practices.
    No other systems appear to have been affected and we will continue to perform audits. In the meantime our support forums will be brought back online but we will be rolling back the site approximately a week as a precaution. Posts and messages since that time will not be restored in this process.

    Again, all passwords have been invalidated and will no longer work. Please reset your password using the reset password page and then following the instructions provided in the email.

    We are sorry for this inconvenience and thank you for your patience,

    The Tapatalk Team



    ---

    Curious to see how passwords would have been "seen" in clear text. Even more scary is Tapatalk has many forum owners personal information too if said owners are showing ads. Hopefully more information will be published about how much was taken and what is "safe" at this point.
     
    • Informative! Informative! x 4
    • List
  2. WoodiE55

    WoodiE55 Enthusiast

    187
    83
    +33
    For what it's worth this line, "all passwords have been invalidated and will no longer work." does NOT appear to be correct as I was able to log into my profile using my "old" password and reset it to a new one.
     
  3. Erin Nicole

    Erin Nicole Habitué

    1,053
    232
    +273
    Oh wow! Good luck everyone~
     
  4. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
    Honestly, I've seen Tapatalk as a joke for years and they're just getting more and more irrelevant as time goes by.
    This is just yet another reason for sites which use Tapatalk to stop using it, as soon as possible.
     
  5. Danielx64

    Danielx64 Developer

    3,330
    607
    +1,395
    Password changed :)

    I don't use it today as there are better options but I didn't think about shutting my account down.
     
  6. sgray

    sgray Aspirant

    36
    13
    +26
    Anyone have a clue what "third party plugin" provided the gateway to this?
     
  7. TimWolla

    TimWolla Developer

    113
    105
    +98
    Hi
    Actually it does not seem to be possible anyway. My emails regarding account deletion are being ignored, despite this seems to be the official way according to their forums…
     
    • Also Wondering! Also Wondering! x 1
    • List
  8. Rasty

    Rasty Fan

    804
    147
    +471
    I deleted my plugin from my site. I'm officially done with tapatalk.
     
  9. BirdOPrey5

    BirdOPrey5 #Awesome

    4,217
    912
    +1,735
    What forum software is Tapatalk using these days?
     
  10. sgray

    sgray Aspirant

    36
    13
    +26
    Xenforo
     
  11. BirdOPrey5

    BirdOPrey5 #Awesome

    4,217
    912
    +1,735
    [exhales]
     
  12. Amaury

    Amaury Habitué

    1,341
    207
    +414
    Doesn't affect us. We don't use TapaTalk. :D
     
  13. Tracy Perry

    Tracy Perry Opinionated asshat

    4,988
    552
    +3,594
    Don't know why you are "exhaling". The link they are using is not to the forum, but to their custom script that controls the actual Tapatalk accounts dashboard for forums. Makes me wonder if it is actually a XenForo plugin or something that they have written (and if they use their normal coding procedures it's no surprise it has problems).
     
    • Funny Funny x 2
    • Agree Agree x 1
    • List
  14. bucket

    bucket badge consultant

    949
    562
    +189
    so, what was exploited? just their own forum, or the whole TT network, or ????
     
  15. BirdOPrey5

    BirdOPrey5 #Awesome

    4,217
    912
    +1,735
    I think that was a screw up on their part- I went to the forum last night and read a post that they kind of hastily sent out the email to let everyone know but the staff that could answer questions wouldn't be in until later (Monday?). They were pretty clear it was the forum that was hacked.

    From this thread- https://support.tapatalk.com/threads/passwords-stolen.27443/

    Post confirming it is the forum:

    A lot of people complaining that the links in the email sent out look fishy- and they did... Also complaints that despite the email saying all forum passwords were reset/erased people were still able to login with their old passwords.

     
  16. Tracy Perry

    Tracy Perry Opinionated asshat

    4,988
    552
    +3,594
    If it was the forum then it's really strange that the link went to their dashboard. <shrug>
    I'd also like to know exactly what "add-on" it was.
    What I got was that there was an intrusion that allowed access to the DB and also the person to inject code. I've got to wonder if it was a plugin and not another vector of attack. If it had been a plugin, I would assume that they would announce that fairly quickly to assure that others were not effected, unless it was a bespoke one that would not effect others.
     
  17. BirdOPrey5

    BirdOPrey5 #Awesome

    4,217
    912
    +1,735
    In another post he says specifically it was a XenForo Plugin that was exploited. The exploit allowed the attacked to download the database and also install yet another plugin that sent copies of passwords in clear text of anyone who logged into the support forums since December 10th (inclusive.)

    Had not mentioned which plugin, but I only read 2 pages into the thread I linked above.
     
  18. Danielx64

    Danielx64 Developer

    3,330
    607
    +1,395
    You know I got confused, I may not even have a support forum account.
     
  19. zappaDPJ

    zappaDPJ Administrator

    6,883
    1,432
    +5,496
    At this point in time I'm not convinced that the email sent out is legitimate and I'm certainly not going to change my password via the link contained within it (which by many accounts doesn't seem to be legitimate).
     
  20. BirdOPrey5

    BirdOPrey5 #Awesome

    4,217
    912
    +1,735
    Well it was a legitimate email, just with the wrong link. Also they were using a script to track clicks like it was a marketing email. It's pretty clear what happened when you look at it.

    An unfortunate combination of mistakes made everyone further confused and paranoid.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.