| View previous topic :: View next topic |
| Author |
Message |
balazer
Joined: 09 Sep 2012
Posts: 7
|
 Posted: Sun Apr 18, 2021 7:52 am Post subject: mflenses.com security breach: member info stolen |
 |
|
balazer wrote:
mflenses.com has experienced a security breach. I registered for the mflenses.com forum in 2012 using a new and unique email address. I never used that address at any other website. My profile was always set to not show my email address. On April 1 I received a phishing message at that address. The mflenses.com site was likely hacked, with the attacker exfiltrating a list of member addresses. |
|
| Back to top |
|
 |
RnR
Joined: 11 Jul 2012
Posts: 283
Location: Brisbane, Australia
Expire: 2019-08-29
|
| Posted: Sun Apr 18, 2021 9:31 am Post subject: |
|
|
RnR wrote:
The website software is likely the original installed back in 2007. At least this is suggestive from the copyright date at the bottom of the website.
Plenty of email addresses available in the database I guess.
_________________
Currently shooting with Fuji X-E2s + Metabones Speedbooster + m42 and CY glass 💕
Cheers, Hasse |
|
| Back to top |
|
|
balazer
Joined: 09 Sep 2012
Posts: 7
|
| Posted: Sun Apr 18, 2021 10:32 am Post subject: |
|
|
balazer wrote:
The forum.mflenses.com Apache server is reporting itself as version 2.4.10. That version was released in 2014 and superseded in 2015. It has a fairly long list of known security vulnerabilities. If the site's other server software components are that old, it wouldn't be surprising for the site to have been hacked. |
|
| Back to top |
|
|
calvin83
Joined: 12 Apr 2009
Posts: 7383
Location: Hong Kong
|
| Posted: Sun Apr 18, 2021 12:52 pm Post subject: |
|
|
calvin83 wrote:
I am not surprised if the DB has been hacked with such old version of phpBB and Apache. Make sure don't share sensitive information via PM.
_________________
https://lensfever.com/
https://www.instagram.com/_lens_fever/
The best lens is the one you have with you. |
|
| Back to top |
|
|
Blazer0ne
Joined: 12 Sep 2018
Posts: 836
Expire: 2024-12-07
|
| Posted: Sun Apr 18, 2021 2:30 pm Post subject: |
|
|
Blazer0ne wrote:
...
Last edited by Blazer0ne on Tue Feb 22, 2022 6:34 pm; edited 1 time in total |
|
| Back to top |
|
|
visualopsins
Joined: 05 Mar 2009
Posts: 10195
Location: California
Expire: 2021-06-22
|
| Posted: Sun Apr 18, 2021 4:13 pm Post subject: |
|
|
visualopsins wrote:
Perhaps your email provider security has been breached, not mflenses. Perhaps your mflenses password was guessed. To jump to the conclusion the entire mflenses website security has been breached requires more proof than you provide. As noted, if you ever used mflenses to send a PM, your email address has been exposed to the recipient and their email provider. To prove a breach at mflenses requires examination of server logs. Far more likely is your own computer has been hacked, imho.
_________________
☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮ like attracts like! ☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮
Cameras: Sony A7Rii, Spotmatics II, F, and ESII, Nikon P4
M42 Asahi Optical Co., Lenses:
Takumar 1:4 f=35mm, 1:2 f=58mm (Sonnar), 1:2.4 f=58mm (Heliar), 1:2.2 f=55mm (Gaussian), 1:2.8 f=105mm (Model I), 1:2.8/105 (Model II), 1:5.6/200
Tele-Takumar 1:5.6/200, 1:6.3/300
Macro-Takumar 1:4/50
Auto-Takumar 1:2.3 f=35, 1:1.8 f=55mm, 1:2.2 f=55mm
Super-TAKUMAR 1:3.5/28 (fat), 1:2/35 (Fat), 1:1.4/50 (8-element),
Super-Multi-Coated Fisheye-TAKUMAR 1:4/17
Super-Multi-Coated TAKUMAR 1:4.5/20, 1:3.5/24, 1:3.5/28, 1:2/35, 1:3.5/35, 1:1.8/85, 1:1.9/85 1:2.8/105, 1:3.5/135, 1:2.5/135 (II), 1:4/150, 1:4/200, 1:4/300, 1:4.5/500
Super-Multi-Coated Macro-TAKUMAR 1:4/50, 1:4/100
Super-Multi-Coated Bellows-TAKUMAR 1:4/100
SMC TAKUMAR 1:1.4/50, 1:1.8/55
Other lenses:
Carl Zeiss Jena Flektogon 2.4/35
SMC PENTAX ZOOM 1:3.5 35~105mm, SMC PENTAX ZOOM 1:4 45~125mm
Nikon Micro-NIKKOR-P-C Auto 1:3.5 f=55mm, NIKKOR-P Auto 105mm f/2.5 Pre-AI (Sonnar), Micro-NIKKOR 105mm 1:4 AI, NIKKOR AI-S 35-135mm f/3,5-4,5
Tamron SP 17mm f/3.5 (51B), Tamron SP 17mm f/3.5 (51BB), SP 500mm f/8 (55BB), SP 70-210mm f/3.5 (19AH) |
|
| Back to top |
|
|
balazer
Joined: 09 Sep 2012
Posts: 7
|
| Posted: Mon Apr 19, 2021 1:26 am Post subject: |
|
|
balazer wrote:
| visualopsins wrote: |
| Perhaps your email provider security has been breached, not mflenses. Perhaps your mflenses password was guessed. To jump to the conclusion the entire mflenses website security has been breached requires more proof than you provide. As noted, if you ever used mflenses to send a PM, your email address has been exposed to the recipient and their email provider. To prove a breach at mflenses requires examination of server logs. Far more likely is your own computer has been hacked, imho. |
My email provider is a top-tier provider with an excellent security record and my account is protected with a hardware key. My mflenses.com password is unique to the site. I had never sent PMs on mflenses. My computers are not running obsolete software exposed to the internet. I hadn't logged into the site in almost a year.
For the past 15 years I've always registered on websites with unique email addresses and passwords. While I can't prove that mflenses leaked my address, it certainly fits the pattern. I've gotten spam at addresses leaked in all of the big-name hacks (LinkedIn, eBay, MySpace, and dozens more), as well as from a lot of small forum sites where other users who also use unique addresses reported the same spam. I don't get spam at 90+% of the email addresses you'd find in my mail account. If a hacker had breached my mail account or my computer, they'd be very strange to pick an address out of my inbox that last received mail 9 years ago, and not the others. Given that mflenses is running obsolete software exposed to the internet, it seems far more likely to me that the site was breached and the user database was stolen. A great many small forum sites around the world have had the same thing happen. |
|
| Back to top |
|
|
visualopsins
Joined: 05 Mar 2009
Posts: 10195
Location: California
Expire: 2021-06-22
|
| Posted: Mon Apr 19, 2021 3:22 am Post subject: |
|
|
visualopsins wrote:
| balazer wrote: |
| visualopsins wrote: |
| Perhaps your email provider security has been breached, not mflenses. Perhaps your mflenses password was guessed. To jump to the conclusion the entire mflenses website security has been breached requires more proof than you provide. As noted, if you ever used mflenses to send a PM, your email address has been exposed to the recipient and their email provider. To prove a breach at mflenses requires examination of server logs. Far more likely is your own computer has been hacked, imho. |
My email provider is a top-tier provider with an excellent security record and my account is protected with a hardware key. My mflenses.com password is unique to the site. I had never sent PMs on mflenses. My computers are not running obsolete software exposed to the internet. I hadn't logged into the site in almost a year.
For the past 15 years I've always registered on websites with unique email addresses and passwords. While I can't prove that mflenses leaked my address, it certainly fits the pattern. I've gotten spam at addresses leaked in all of the big-name hacks (LinkedIn, eBay, MySpace, and dozens more), as well as from a lot of small forum sites where other users who also use unique addresses reported the same spam. I don't get spam at 90+% of the email addresses you'd find in my mail account. If a hacker had breached my mail account or my computer, they'd be very strange to pick an address out of my inbox that last received mail 9 years ago, and not the others. Given that mflenses is running obsolete software exposed to the internet, it seems far more likely to me that the site was breached and the user database was stolen. A great many small forum sites around the world have had the same thing happen. |
The fact you received *any* messages at the email address given mflenses.com 9 years ago indicates the sender(s) have that email address too, yes? Perhaps they leaked it?
If you let us know how to identify the phish message we can certainly be on the lookout for it.
_________________
☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮ like attracts like! ☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮☮
Cameras: Sony A7Rii, Spotmatics II, F, and ESII, Nikon P4
M42 Asahi Optical Co., Lenses:
Takumar 1:4 f=35mm, 1:2 f=58mm (Sonnar), 1:2.4 f=58mm (Heliar), 1:2.2 f=55mm (Gaussian), 1:2.8 f=105mm (Model I), 1:2.8/105 (Model II), 1:5.6/200
Tele-Takumar 1:5.6/200, 1:6.3/300
Macro-Takumar 1:4/50
Auto-Takumar 1:2.3 f=35, 1:1.8 f=55mm, 1:2.2 f=55mm
Super-TAKUMAR 1:3.5/28 (fat), 1:2/35 (Fat), 1:1.4/50 (8-element),
Super-Multi-Coated Fisheye-TAKUMAR 1:4/17
Super-Multi-Coated TAKUMAR 1:4.5/20, 1:3.5/24, 1:3.5/28, 1:2/35, 1:3.5/35, 1:1.8/85, 1:1.9/85 1:2.8/105, 1:3.5/135, 1:2.5/135 (II), 1:4/150, 1:4/200, 1:4/300, 1:4.5/500
Super-Multi-Coated Macro-TAKUMAR 1:4/50, 1:4/100
Super-Multi-Coated Bellows-TAKUMAR 1:4/100
SMC TAKUMAR 1:1.4/50, 1:1.8/55
Other lenses:
Carl Zeiss Jena Flektogon 2.4/35
SMC PENTAX ZOOM 1:3.5 35~105mm, SMC PENTAX ZOOM 1:4 45~125mm
Nikon Micro-NIKKOR-P-C Auto 1:3.5 f=55mm, NIKKOR-P Auto 105mm f/2.5 Pre-AI (Sonnar), Micro-NIKKOR 105mm 1:4 AI, NIKKOR AI-S 35-135mm f/3,5-4,5
Tamron SP 17mm f/3.5 (51B), Tamron SP 17mm f/3.5 (51BB), SP 500mm f/8 (55BB), SP 70-210mm f/3.5 (19AH) |
|
| Back to top |
|
|
RnR
Joined: 11 Jul 2012
Posts: 283
Location: Brisbane, Australia
Expire: 2019-08-29
|
| Posted: Mon Apr 19, 2021 3:31 am Post subject: |
|
|
RnR wrote:
| visualopsins wrote: |
| The fact you received *any* messages at the email address given mflenses.com 9 years ago indicates the sender(s) have that email address too, yes? Perhaps they leaked it? |
I think you are misunderstanding him. He registered here 9 years ago. The last sender to have used his mflenses email address was mflenses.com
_________________
Currently shooting with Fuji X-E2s + Metabones Speedbooster + m42 and CY glass 💕
Cheers, Hasse |
|
| Back to top |
|
|
balazer
Joined: 09 Sep 2012
Posts: 7
|
| Posted: Mon Apr 19, 2021 3:54 am Post subject: |
|
|
balazer wrote:
| visualopsins wrote: |
The fact you received *any* messages at the email address given mflenses.com 9 years ago indicates the sender(s) have that email address too, yes? Perhaps they leaked it?
If you let us know how to identify the phish message we can certainly be on the lookout for it. |
The email I received 9 years ago at that address was the Manual Focus Lenses Forums welcome email. It was sent by mflenses.com.
The phishing message I received April 1 of this year was a fake parcel delivery notification from "UPS(GB)". But please note that receipt of such a message does not, by itself, indicate that your mflenses.com address was leaked. Spammers buy and trade lists of addresses, and most spam campaigns use addresses collected from multiple sources. In fact, I received a nearly identical message the next day at a different address. |
|
| Back to top |
|
|
martinsmith99
Joined: 31 Aug 2008
Posts: 6968
Location: S Glos, UK
Expire: 2013-11-18
|
| Posted: Mon Jan 10, 2022 8:27 am Post subject: |
|
|
martinsmith99 wrote:
I doubt you're going to find the source.
_________________
No longer here |
|
| Back to top |
|
|
DConvert
Joined: 12 Jun 2010
Posts: 891
Location: Essex UK
|
| Posted: Mon Jan 10, 2022 1:55 pm Post subject: |
|
|
DConvert wrote:
| balazer wrote: |
| visualopsins wrote: |
The fact you received *any* messages at the email address given mflenses.com 9 years ago indicates the sender(s) have that email address too, yes? Perhaps they leaked it?
If you let us know how to identify the phish message we can certainly be on the lookout for it. |
The email I received 9 years ago at that address was the Manual Focus Lenses Forums welcome email. It was sent by mflenses.com.
The phishing message I received April 1 of this year was a fake parcel delivery notification from "UPS(GB)". But please note that receipt of such a message does not, by itself, indicate that your mflenses.com address was leaked. Spammers buy and trade lists of addresses, and most spam campaigns use addresses collected from multiple sources. In fact, I received a nearly identical message the next day at a different address. |
I think You'll find many of these phishing attempts send messages to random addresses, trying every combination of likely characters. Being sent from infected computers the wasted bandwith is of no concern to the perpetrators. |
|
| Back to top |
|
|
RokkorDoctor
Joined: 27 Nov 2021
Posts: 1112
Location: Kent, UK
|
| Posted: Mon Jan 10, 2022 4:27 pm Post subject: |
|
|
RokkorDoctor wrote:
I always err on the safe side and assume any email address is public and everyone can find it out, given enough incentive.
I also assume that any website can be hacked.
Security protocols & algorithms are one thing, they may well be very good; but software implementation of those are quite another 
_________________
Mark
SONY A7S, A7RII + dust-sealed modded Novoflex/Fotodiox/Rayqual MD-NEX adapters
Minolta SR-1, SRT-101/303, XD7/XD11, XGM, X700
Bronica SQAi
Ricoh GX100
Minolta majority of all Rokkor SR/AR/MC/MD models made
Sigma 14mm/3.5 for SR mount
Tamron SP 60B 300mm/2.8 (Adaptall)
Samyang T-S 24mm/3.5 (Nikon mount, DIY converted to SR mount)
Schneider-Kreuznach PC-Super-Angulon 28mm/2.8 (SR mount)
Bronica PS 35/40/50/65/80/110/135/150/180/200/250mm |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
