I just got an email from an unknown user with my unique email address AND password I'm using EXCLUSIVELY only for this forum. I use a special email address ONLY for this forum and it's a unique password just for this forum. So this combinations can NOT be hacked from somewhere else!
You should change your passwords immediately for this forum!

I've forwarded this thread to management.

So to clarify, someone contacted you and stated the E-mail address AND password you use for this site? It wasn't an E-mail through the contact feature or anything? Any chance of a screenshot with all sensitive info blanked out (also possible via PM/E-mail)?

Any more info on the detail would be great, did they request Bitcoin payment, a few of those have been going around today.

Please update your password and any more info or detail son the email would be great.

Jeff M

Was it something like this format?

https://www.reddit.com/r/Scams/comments ... ker_group/

VertScopeJeff wrote:

Was it something like this format?

https://www.reddit.com/r/Scams/comments ... ker_group/

Yes, correct. In German, but almost the same text.

airkas1 wrote:

I've forwarded this thread to management.

So to clarify, someone contacted you and stated the E-mail address AND password you use for this site? It wasn't an E-mail through the contact feature or anything? Any chance of a screenshot with all sensitive info blanked out (also possible via PM/E-mail)?

Here ist the source text of the email:

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from ms-10.1blu.de ([178.254.4.101])
by mb-26.1blu.de (Dovecot) with LMTP id XXXXXXXXX
for <[email protected]>; Thu, 27 Sep 2018 11:20:57 +0200
Received: from [60.240.132.79] (helo=60-240-132-79.static.tpgi.com.au)
by ms-10.1blu.de with esmtp (Exim 4.86_2)
(envelope-from <[email protected]>)
id 1g5STn-0001KH-6o
for [email protected]; Thu, 27 Sep 2018 11:21:04 +0200
Message-ID: <[email protected]>
From: <[email protected]>
To: "ghj9gxtn4f" <[email protected]>
Subject: Entfernen Sie diese Mitteilung nach dem Lesen!
Date: 28 Sep 2018 04:09:57 +0900
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_001D_01D45697.06ADA0C6"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Envelope-To: [email protected]

This is a multi-part message in MIME format.

------=_NextPart_000_001D_01D45697.06ADA0C6
Content-Type: text/plain;
charset="windows-1252"
Content-Transfer-Encoding: quoted-printable

Hallo!

Sie kennen mich vielleicht nicht und Sie wundern sich wahrscheinlich, =
warum Sie diese E-Mail bekommen, richtig?
In diesem Moment habe ich deinen Account gehackt [email protected], =
dein Passwort ist ghj9gxtn4f.

So habe ich vollen Zugriff auf Ihr Ger&#228;t! (Ich habe dir eine E-Mail =
von deinem Konto gesendet)

In der Tat, ich habe eine Malware auf die Website f&#252;r Erwachsene =
Videos (Porno-Material) und Sie wissen, was, Sie besuchten diese =
Website, um Spa&#223; zu haben (Sie wissen, was ich meine).
W&#228;hrend Sie Videoclips guckten,
Ihr Internet-Browser startet als RDP (Remote Desktop) mit einem =
Keylogger, der mir Zugriff auf Ihren Bildschirm und auch auf Ihre Webcam =
gew&#228;hrt.
Unmittelbar nach der Installation sammelte meine Software Ihre gesamten =
Kontakte von Ihrem Messenger, sozialen Netzwerken sowie E-Mai

Was habe ich getan?
Ich habe ein Doppel-Bildschirm-Video gemacht. Der erste Teil zeigt das =
Video, das Sie gesehen haben (Sie haben einen guten und manchmal =
seltsamen Geschmack), und der zweite Teil zeigt die Aufnahme Ihrer =
Webcam.
genau was solltest du tun?

Nun, ich glaube 600$ sind ein fairer Preis f&#252;r unser kleines =
Geheimnis. Sie werden die Zahlung per Bitcoin vornehmen (wenn Sie das =
nicht wissen, suchen Sie in Google nach "Bitcoin kaufen").
BTC Adresse: 16nFVusdKWSRwXM3Ch56wQeTib3ajXxJuQ
(Es ist sensibel, also kopieren und einf&#252;gen)

Hinweis:
Sie haben 2 Tage um die Zahlung zu t&#228;tigen.
(Ich habe ein bestimmtes Pixel in dieser E-Mail-Nachricht und in diesem =
Moment wei&#223; ich, dass Sie diese E-Mail-Nachricht gelesen haben).

Wenn ich die BitCoins nicht erhalte, sende ich deine Videoaufnahme =
definitiv an alle deine Kontakte, einschlie&#223;lich =
Familienmitglieder, Mitarbeiter usw.

Wenn ich jedoch bezahlt werde, zerst&#246;re ich das Video sofort.

Dies ist das nicht verhandelbare Angebot, also verschwenden Sie nicht =
meine pers&#246;nliche Zeit und Ihre mit allerlei Dummheit.

Das n&#228;chste Mal - sei vorsichtig!
Tsch&#252;ss!

VertScopeJeff wrote:

Any more info on the detail would be great, did they request Bitcoin payment, a few of those have been going around today.

Please update your password and any more info or detail son the email would be great.

Jeff M

I changed my password right after that email, of course. So the password in that email is not valid anymore.

10-4, you should be all good then.

We have no other reports of any issues and checked out the back end and no breaches.

Jeff M

Hmmm, very strange. The password ghj9gxtn4f is quite complex. I use a Mac in a fairly safe environment, with a personal and an additional complex company firewall and even a proxy with virus scanner etc. So the problem could not be my pc.

Hello guys,

Yeah we have checked and not hearing any other reports of this or a breach, if anybody else has issues please let us know here.

Jeff M

VertScopeJeff wrote:

10-4, you should be all good then.

We have no other reports of any issues and checked out the back end and no breaches.

Jeff M

Jeff, I'm afraid I have the same issue to report. Received an email a few minutes ago along very similar lines to the one mentioned above but in English. Included below (with the password Xed out, although of course I changed it immediately). Right email address for this site and the right password - one I've never used anywhere else and reasonably obscure. It does look like airliners.net security has been compromised, unfortunately. Suggest you investigate further. Has the site ever saved passwords unencrypted rather than as hashed values? Interesting to note the plain text "to" field was the password as well as inclusion in the text.

-----Original Message-----
From: [email protected] <[email protected]>
Sent: 06 October 2018 20:49
To: XXXXXXXX <[email protected]>
Subject: Security Warning

Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account [email protected] was hacked, because I sent message you from your account.

Now I have access to all your accounts!
For example, your password for [email protected]: XXXXXXXX

Within a period from July 31, 2018 to October 3, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $800 to our Bitcoin wallet: 1PwENLsmQ2Z6b4EJfXDeeXKBj9v878uHRf
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data"

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.

Same here; the password I used wasn't great, but it only used it on airliners.net.

Hi All

Thanks for reporting and for the copy of the email. We advise you change your passwords and from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data. Our passwords are stored as hashed values so not sure how they got them. We are escalating this to Operations and Development for investigation and they will take any necessary action if required.

Regards

Paul

shoot hope its not me

PanAm_DC10 wrote:

...from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data

Not likely. This is a version of a scam e-mail that has been going around for a while. They get your e-mail/password from a hacked site, then send you an e-mail claiming they put a tracker on your computer and have recorded you via your web cam, hoping to scare some people into sending them money. I've gotten a couple in the past few weeks and have ignored them with no consequences.

https://www.theregister.co.uk/2018/07/1 ... tion_scam/

Thanks Moose135

That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.

Regards

Paul

PanAm_DC10 wrote:

Thanks Moose135

That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.

Regards

Paul

You may not know HOW they're getting them from airliners.net, but with three reports of a password used only on this site being compromised it's pretty evident that they ARE.

Moose135 wrote:

PanAm_DC10 wrote:

...from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data

Not likely. This is a version of a scam e-mail that has been going around for a while. They get your e-mail/password from a hacked site, then send you an e-mail claiming they put a tracker on your computer and have recorded you via your web cam, hoping to scare some people into sending them money. I've gotten a couple in the past few weeks and have ignored them with no consequences.

https://www.theregister.co.uk/2018/07/1 ... tion_scam/

Heya guys,

Looking into this but looks to be some sort of dual step scam per the above, trying to dig deeper but here are some links to check out.

Info from Google: https://support.google.com/mail/answer/50200?hl=en

Check here to see if you have been hacked: https://haveibeenpwned.com/

Standby for updates,

Jeff M

I give a Unique email address to every website I give one to. I just got an email for the address I used for airliners.net, in that email (below) it had my actual password for this site. For me this isn't a big deal for sites like this I use crappy passwords, I use different passwords for everything important, my email, banks etc. I'm sure there are users on here that use the same password for everything and if you are one of those people you should be changing your passwords on everything.


--- Sample Email ---
to <my password>
Hello!

My nickname in darknet is ender13.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from <my airliners.net email> is <my pass>

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $880 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1EZS92K4xJbymDLwG4F7PNF5idPE62e9XY
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

--- End ----

I also received an e-mail which states my airliners.net specific password in cleartext, my computer is secure, and has not been hacked, but it is very disconcerting, that airliners.net stores passwords in a way that they can be retrieved in cleartext!!! I wonder why airliners.net does not show up on haveibeenpwned.com already.

This is the e-mail:

Hello!

My nickname in darknet is valentin88.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from [my email address] is [my airliners.net specific password]

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $815 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1FHPbKHcSx9CaXJzDpLoXG733ipQ77UNx9
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

mcr wrote:

PanAm_DC10 wrote:

Thanks Moose135

That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.

Regards

Paul

You may not know HOW they're getting them from airliners.net, but with three reports of a password used only on this site being compromised it's pretty evident that they ARE.

Fairly sure it's an old browser exploit. IIRC The email lifts the password purely to display it "in the email" from the saved passwords in the vulnerable browsers. Nothing is actually 'hacked', the email is essentially doing the same as your browser does when suggesting your saved passwords on a site.
It goes within saying, you need to update your browser.

I've had similar emails. Although vaguer with the website details, include very similar threats. Although how they've supposedly "recorded all the fun you were having " is a mystery, the camera is a. taped over and more importantly b. not physically connected to the mobo. Tools

I received the same e-mail and have had to change the password on multiple sites because I use the same password elsewhere. But, given this is the only one that IS NOT secure, I think it is a safe bet that A-Net is the culprit. Why is A-Net NOT secure?

I also can't find out how to change the password here... Anyone?
I have been trying to figure out how to change the profile picture but gave up... Anyone?

I have been on this site for 13 years and it only seems to keep getting worse. I am about done.

PS - I spoke to my IT consultant and he confirmed my computer has NOT been hacked, just the e-mail compromised.

atcsundevil wrote:

As I mentioned in the https thread, have you cleared your cookies? If you do, it should take you to https every time. I did it around the time the site was upgraded, and it's never once been unsecured. The site should obviously automatically redirect, but since it apparently doesn't, clearing your cookies should fix the issue.

I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.

I just received a similar email as well.

Why doesn't Airliners.net inform it's users by mail on what is happening here?

paveknife wrote:

Why doesn't Airliners.net inform it's users by mail on what is happening here?

Because the e-mail notification system (used for things like letting users know when a forum post has been removed) is broken, but it's on the developers' list, we're just not sure when they will get to it.

atcsundevil wrote:

Moose135 wrote:

paveknife wrote:

Why doesn't Airliners.net inform it's users by mail on what is happening here?

Because the e-mail notification system (used for things like letting users know when a forum post has been removed) is broken, but it's on the developers' list, we're just not sure when they will get to it.

It isn't broken...it doesn't actually exist. The notifications were part of the old site. Nothing has been made to replace it. It's planned, and we've been asking for an automated notification system for more than two years, but obviously it hasn't happened. At the moment, there are clearly much bigger concerns.

Thanks, I was not aware of that!
My concern is that far not every user/uploader is active on this forum, and therefor will not be aware of what is happening...
So personally I think this is, or should be, a big concern.

OA412 wrote:

atcsundevil wrote:

scbriml wrote:

I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.

Interesting. I wonder why it works for some people and not others. Then again, I'm hardly an expert on this stuff. The developers are aware, and presumably they'll be getting to it once they can figure out all of these annoying 502 issues.

scbriml, I just had the same issue. I too am using Chrome. Try this and see if it works. I physically typed https://www.airliners.net into the browser, and now it does appear to default to the https site each time I visit the site.

This is somewhat (OK, very) embarrasing, but I realised that I access a.net through a bookmark that was still set to https://airliners.net. I've changed that to https://airliners.net and it now seems to be working OK.

While stupid on my part, it would appear that the most basic redirection of the site from http to https is clearly not working.

I've also received that email telling me my account from an "ADULT SITE" that I had visited had being hacked, asking me for bitcoin.
Apart not having visited any adult sites, let alone got a password on one, it was a unique password to this site that they gives it away.
The 1st email was about a month ago, and the last about 2 weeks.



.

Also got the blackmail e-mail today.
I changed my password but I don't think it really matters since it's not secure anyway.

Any updates?

BTW, the e-mail came through my spam folder, from me to me.

Just received the same email.

matb wrote:

Just received the same email.

So did my wife, on her work email and computer. And I can assure you she hasn’t browsed porn or airliners.net on that machine. She needs to update her browser, nothing more, as do you.

I wonder if some of the trolls in the forums are burrowing in some way...

I just switched from using KeePass to 1Password. 1Password can check your password against the haveibeenpwned.com list of known passwords from past breaches. 1Password is telling me that my password, which I randomly generated for airliners.net, has been found in a data breach. This is the only account 1Password is warning me about. My password was

&(Uc#oOR^Z,/ZepX

but I have since changed it. You can check my password or your own at https://haveibeenpwned.com/Passwords

I have not received a scam mail yet that I know of.

May I ask how passwords stored on this site are hashed?

LH422, my password has not changed since I registered, and has not been pwned.

Thanks for the update. I have no explanation for this phenomenon. I'd appreciate if others could try if their passwords have been compromised. The probability that someone other than me was using that same password is incredibly small.

LH422 wrote:

Thanks for the update. I have no explanation for this phenomenon. I'd appreciate if others could try if their passwords have been compromised. The probability that someone other than me was using that same password is incredibly small.

I agree, mine aint that sophisticated, but still unique to me

I only learned about a.net upgrading to SSL by reading this thread. Like me, many users will access the site through bookmarks saved long ago. It might be worthwhile to make a pinned announcement regarding this, and suggesting users delete (or edit) their old bookmarks. This, as well as clearing cache and cookies.

Cheers!

JohnKrist wrote:

LH422, my password has not changed since I registered, and has not been pwned.

You should be aware that the old forum for a long time sent your password XOR encoded back to the browser for use in the posting system, and could be stolen by any advertising on the site, as well as via many of the hacks which allowed users to inject JavaScript or HTML into the forum pages.

If you haven't changed your password since this practice changed, I'd suggest doing so - it's pretty much guaranteed that your password would have been hoovered up by numerous advertising bots, since there was nothing stopping them.

Unsurprising that there has been zero response from VerticalScope on this. The forum continues to fall into further into decay month by month.

People's highly unique passwords are being echoed back to them in plaintext, and y'all don't even have a mandated password change or - at bare minimum - a sticky post anywhere. Wow. Brilliant.

Maybe the absentee landlords would pay attention if they understood that there's a big potential liability issue if somebody reused a password and they find out that VerticalScope failed to inform them of a data breach weeks or months in advance of it being used to compromise e.g. a bank account...? Nah, I doubt it.

PanAm_DC10 wrote:

That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.

You do know that hashes aren't magic, right? They can be brute-forced, and very very easily if they are improperly deployed, as is often the case.

What is the hashing algorithm in use on this site?

Moose135 wrote:

PanAm_DC10 wrote:

...from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data

Not likely. This is a version of a scam e-mail that has been going around for a while. They get your e-mail/password from a hacked site, then send you an e-mail claiming they put a tracker on your computer and have recorded you via your web cam, hoping to scare some people into sending them money. I've gotten a couple in the past few weeks and have ignored them with no consequences.

https://www.theregister.co.uk/2018/07/1 ... tion_scam/

To recent posts,

This is a common fishing scam, not a true legit hack. I bumped this post from above, we have seen this before and looks like they have re messaged it.

More info:
https://www.theregister.co.uk/2018/07/1 ... tion_scam/

https://www.reddit.com/r/Scams/comments ... ker_group/

Jeff M

What is the password hashing algorithm in use on this site? Disclosing the algorithm has no negative impact on security, if it's been properly selected and implemented.

Of course, if it hasn't, then there's already a problem with security.