I just got an email from an unknown user with my unique email address AND password I'm using EXCLUSIVELY only for this forum. I use a special email address ONLY for this forum and it's a unique password just for this forum. So this combinations can NOT be hacked from somewhere else!
You should change your passwords immediately for this forum!

I've forwarded this thread to management.

So to clarify, someone contacted you and stated the E-mail address AND password you use for this site? It wasn't an E-mail through the contact feature or anything? Any chance of a screenshot with all sensitive info blanked out (also possible via PM/E-mail)?

Any more info on the detail would be great, did they request Bitcoin payment, a few of those have been going around today.

Please update your password and any more info or detail son the email would be great.

Jeff M

Was it something like this format?

https://www.reddit.com/r/Scams/comments ... ker_group/

VertScopeJeff wrote:

Was it something like this format?

https://www.reddit.com/r/Scams/comments ... ker_group/

Yes, correct. In German, but almost the same text.

airkas1 wrote:

I've forwarded this thread to management.

So to clarify, someone contacted you and stated the E-mail address AND password you use for this site? It wasn't an E-mail through the contact feature or anything? Any chance of a screenshot with all sensitive info blanked out (also possible via PM/E-mail)?

Here ist the source text of the email:

Return-Path: <airliners.net@do-24.de>
Delivered-To: XXXXXXXXX@mb-26.1blu.de
Received: from ms-10.1blu.de ([178.254.4.101])
by mb-26.1blu.de (Dovecot) with LMTP id XXXXXXXXX
for <XXXXXXXXX@mb-26.1blu.de>; Thu, 27 Sep 2018 11:20:57 +0200
Received: from [60.240.132.79] (helo=60-240-132-79.static.tpgi.com.au)
by ms-10.1blu.de with esmtp (Exim 4.86_2)
(envelope-from <airliners.net@do-24.de>)
id 1g5STn-0001KH-6o
for airliners.net@do-24.de; Thu, 27 Sep 2018 11:21:04 +0200
Message-ID: <BD4487D38F7E10DB22E1B5E91876BD44@X7DV5E9W9PQ>
From: <airliners.net@do-24.de>
To: "ghj9gxtn4f" <airliners.net@do-24.de>
Subject: Entfernen Sie diese Mitteilung nach dem Lesen!
Date: 28 Sep 2018 04:09:57 +0900
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_001D_01D45697.06ADA0C6"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Envelope-To: airliners.net@do-24.de

This is a multi-part message in MIME format.

------=_NextPart_000_001D_01D45697.06ADA0C6
Content-Type: text/plain;
charset="windows-1252"
Content-Transfer-Encoding: quoted-printable

Hallo!

Sie kennen mich vielleicht nicht und Sie wundern sich wahrscheinlich, =
warum Sie diese E-Mail bekommen, richtig?
In diesem Moment habe ich deinen Account gehackt airliners.net@do-24.de, =
dein Passwort ist ghj9gxtn4f.

So habe ich vollen Zugriff auf Ihr Ger&#228;t! (Ich habe dir eine E-Mail =
von deinem Konto gesendet)

In der Tat, ich habe eine Malware auf die Website f&#252;r Erwachsene =
Videos (Porno-Material) und Sie wissen, was, Sie besuchten diese =
Website, um Spa&#223; zu haben (Sie wissen, was ich meine).
W&#228;hrend Sie Videoclips guckten,
Ihr Internet-Browser startet als RDP (Remote Desktop) mit einem =
Keylogger, der mir Zugriff auf Ihren Bildschirm und auch auf Ihre Webcam =
gew&#228;hrt.
Unmittelbar nach der Installation sammelte meine Software Ihre gesamten =
Kontakte von Ihrem Messenger, sozialen Netzwerken sowie E-Mai

Was habe ich getan?
Ich habe ein Doppel-Bildschirm-Video gemacht. Der erste Teil zeigt das =
Video, das Sie gesehen haben (Sie haben einen guten und manchmal =
seltsamen Geschmack), und der zweite Teil zeigt die Aufnahme Ihrer =
Webcam.
genau was solltest du tun?

Nun, ich glaube 600$ sind ein fairer Preis f&#252;r unser kleines =
Geheimnis. Sie werden die Zahlung per Bitcoin vornehmen (wenn Sie das =
nicht wissen, suchen Sie in Google nach "Bitcoin kaufen").
BTC Adresse: 16nFVusdKWSRwXM3Ch56wQeTib3ajXxJuQ
(Es ist sensibel, also kopieren und einf&#252;gen)

Hinweis:
Sie haben 2 Tage um die Zahlung zu t&#228;tigen.
(Ich habe ein bestimmtes Pixel in dieser E-Mail-Nachricht und in diesem =
Moment wei&#223; ich, dass Sie diese E-Mail-Nachricht gelesen haben).

Wenn ich die BitCoins nicht erhalte, sende ich deine Videoaufnahme =
definitiv an alle deine Kontakte, einschlie&#223;lich =
Familienmitglieder, Mitarbeiter usw.

Wenn ich jedoch bezahlt werde, zerst&#246;re ich das Video sofort.

Dies ist das nicht verhandelbare Angebot, also verschwenden Sie nicht =
meine pers&#246;nliche Zeit und Ihre mit allerlei Dummheit.

Das n&#228;chste Mal - sei vorsichtig!
Tsch&#252;ss!

VertScopeJeff wrote:

Any more info on the detail would be great, did they request Bitcoin payment, a few of those have been going around today.

Please update your password and any more info or detail son the email would be great.

Jeff M

I changed my password right after that email, of course. So the password in that email is not valid anymore.

10-4, you should be all good then.

We have no other reports of any issues and checked out the back end and no breaches.

Jeff M

Hmmm, very strange. The password ghj9gxtn4f is quite complex. I use a Mac in a fairly safe environment, with a personal and an additional complex company firewall and even a proxy with virus scanner etc. So the problem could not be my pc.

Hello guys,

Yeah we have checked and not hearing any other reports of this or a breach, if anybody else has issues please let us know here.

Jeff M

VertScopeJeff wrote:

10-4, you should be all good then.

We have no other reports of any issues and checked out the back end and no breaches.

Jeff M

Jeff, I'm afraid I have the same issue to report. Received an email a few minutes ago along very similar lines to the one mentioned above but in English. Included below (with the password Xed out, although of course I changed it immediately). Right email address for this site and the right password - one I've never used anywhere else and reasonably obscure. It does look like airliners.net security has been compromised, unfortunately. Suggest you investigate further. Has the site ever saved passwords unencrypted rather than as hashed values? Interesting to note the plain text "to" field was the password as well as inclusion in the text.

-----Original Message-----
From: mcr@martin-reilly.com <mcr@martin-reilly.com>
Sent: 06 October 2018 20:49
To: XXXXXXXX <mcr@martin-reilly.com>
Subject: Security Warning

Hello!
I'm a member of an international hacker group.

As you could probably have guessed, your account mcr@martin-reilly.com was hacked, because I sent message you from your account.

Now I have access to all your accounts!
For example, your password for mcr@martin-reilly.com: XXXXXXXX

Within a period from July 31, 2018 to October 3, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.

We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...

Transfer $800 to our Bitcoin wallet: 1PwENLsmQ2Z6b4EJfXDeeXKBj9v878uHRf
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.

I guarantee that after that, we'll erase all your "data"

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.

Same here; the password I used wasn't great, but it only used it on airliners.net.

Hi All

Thanks for reporting and for the copy of the email. We advise you change your passwords and from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data. Our passwords are stored as hashed values so not sure how they got them. We are escalating this to Operations and Development for investigation and they will take any necessary action if required.

Regards

Paul

shoot hope its not me

PanAm_DC10 wrote:

...from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data

Not likely. This is a version of a scam e-mail that has been going around for a while. They get your e-mail/password from a hacked site, then send you an e-mail claiming they put a tracker on your computer and have recorded you via your web cam, hoping to scare some people into sending them money. I've gotten a couple in the past few weeks and have ignored them with no consequences.

https://www.theregister.co.uk/2018/07/1 ... tion_scam/

Thanks Moose135

That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.

Regards

Paul

PanAm_DC10 wrote:

Thanks Moose135

That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.

Regards

Paul

You may not know HOW they're getting them from airliners.net, but with three reports of a password used only on this site being compromised it's pretty evident that they ARE.

Moose135 wrote:

PanAm_DC10 wrote:

...from reading the email it appears that all data on your PC is being breached and not just Airliners.net it appears they've found a way onto your PC and can access all your data

Not likely. This is a version of a scam e-mail that has been going around for a while. They get your e-mail/password from a hacked site, then send you an e-mail claiming they put a tracker on your computer and have recorded you via your web cam, hoping to scare some people into sending them money. I've gotten a couple in the past few weeks and have ignored them with no consequences.

https://www.theregister.co.uk/2018/07/1 ... tion_scam/

Heya guys,

Looking into this but looks to be some sort of dual step scam per the above, trying to dig deeper but here are some links to check out.

Info from Google: https://support.google.com/mail/answer/50200?hl=en

Check here to see if you have been hacked: https://haveibeenpwned.com/

Standby for updates,

Jeff M

I give a Unique email address to every website I give one to. I just got an email for the address I used for airliners.net, in that email (below) it had my actual password for this site. For me this isn't a big deal for sites like this I use crappy passwords, I use different passwords for everything important, my email, banks etc. I'm sure there are users on here that use the same password for everything and if you are one of those people you should be changing your passwords on everything.


--- Sample Email ---
to <my password>
Hello!

My nickname in darknet is ender13.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from <my airliners.net email> is <my pass>

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $880 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1EZS92K4xJbymDLwG4F7PNF5idPE62e9XY
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

--- End ----

I also received an e-mail which states my airliners.net specific password in cleartext, my computer is secure, and has not been hacked, but it is very disconcerting, that airliners.net stores passwords in a way that they can be retrieved in cleartext!!! I wonder why airliners.net does not show up on haveibeenpwned.com already.

This is the e-mail:

Hello!

My nickname in darknet is valentin88.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from [my email address] is [my airliners.net specific password]

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $815 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1FHPbKHcSx9CaXJzDpLoXG733ipQ77UNx9
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

mcr wrote:

PanAm_DC10 wrote:

Thanks Moose135

That's the same as the scam posted by Jeff in reply #4. We've alerted Operations and Development and they will investigate any possible breach but our passwords are stored with hashed values so not sure how they could be getting them from here.

Regards

Paul

You may not know HOW they're getting them from airliners.net, but with three reports of a password used only on this site being compromised it's pretty evident that they ARE.

Fairly sure it's an old browser exploit. IIRC The email lifts the password purely to display it "in the email" from the saved passwords in the vulnerable browsers. Nothing is actually 'hacked', the email is essentially doing the same as your browser does when suggesting your saved passwords on a site.
It goes within saying, you need to update your browser.

I've had similar emails. Although vaguer with the website details, include very similar threats. Although how they've supposedly "recorded all the fun you were having " is a mystery, the camera is a. taped over and more importantly b. not physically connected to the mobo. Tools

I received the same e-mail and have had to change the password on multiple sites because I use the same password elsewhere. But, given this is the only one that IS NOT secure, I think it is a safe bet that A-Net is the culprit. Why is A-Net NOT secure?

I also can't find out how to change the password here... Anyone?
I have been trying to figure out how to change the profile picture but gave up... Anyone?

I have been on this site for 13 years and it only seems to keep getting worse. I am about done.

PS - I spoke to my IT consultant and he confirmed my computer has NOT been hacked, just the e-mail compromised.

United787 wrote:

I received the same e-mail and have had to change the password on multiple sites because I use the same password elsewhere. But, given this is the only one that IS NOT secure, I think it is a safe bet that A-Net is the culprit. Why is A-Net NOT secure?

I also can't find out how to change the password here... Anyone?
I have been trying to figure out how to change the profile picture but gave up... Anyone?

I have been on this site for 13 years and it only seems to keep getting worse. I am about done.

PS - I spoke to my IT consultant and he confirmed my computer has NOT been hacked, just the e-mail compromised.

As I mentioned in the https thread, have you cleared your cookies? If you do, it should take you to https every time. I did it around the time the site was upgraded, and it's never once been unsecured. The site should obviously automatically redirect, but since it apparently doesn't, clearing your cookies should fix the issue.

atcsundevil wrote:

As I mentioned in the https thread, have you cleared your cookies? If you do, it should take you to https every time. I did it around the time the site was upgraded, and it's never once been unsecured. The site should obviously automatically redirect, but since it apparently doesn't, clearing your cookies should fix the issue.

I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.

I just received a similar email as well.

scbriml wrote:

atcsundevil wrote:

As I mentioned in the https thread, have you cleared your cookies? If you do, it should take you to https every time. I did it around the time the site was upgraded, and it's never once been unsecured. The site should obviously automatically redirect, but since it apparently doesn't, clearing your cookies should fix the issue.

I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.

Interesting. I wonder why it works for some people and not others. Then again, I'm hardly an expert on this stuff. The developers are aware, and presumably they'll be getting to it once they can figure out all of these annoying 502 issues.

Why doesn't Airliners.net inform it's users by mail on what is happening here?

paveknife wrote:

Why doesn't Airliners.net inform it's users by mail on what is happening here?

Because the e-mail notification system (used for things like letting users know when a forum post has been removed) is broken, but it's on the developers' list, we're just not sure when they will get to it.

Moose135 wrote:

paveknife wrote:

Why doesn't Airliners.net inform it's users by mail on what is happening here?

Because the e-mail notification system (used for things like letting users know when a forum post has been removed) is broken, but it's on the developers' list, we're just not sure when they will get to it.

It isn't broken...it doesn't actually exist. The notifications were part of the old site. Nothing has been made to replace it. It's planned, and we've been asking for an automated notification system for more than two years, but obviously it hasn't happened. At the moment, there are clearly much bigger concerns.

atcsundevil wrote:

scbriml wrote:

atcsundevil wrote:

As I mentioned in the https thread, have you cleared your cookies? If you do, it should take you to https every time. I did it around the time the site was upgraded, and it's never once been unsecured. The site should obviously automatically redirect, but since it apparently doesn't, clearing your cookies should fix the issue.

I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.

Interesting. I wonder why it works for some people and not others. Then again, I'm hardly an expert on this stuff. The developers are aware, and presumably they'll be getting to it once they can figure out all of these annoying 502 issues.

scbriml, I just had the same issue. I too am using Chrome. Try this and see if it works. I physically typed https://www.airliners.net into the browser, and now it does appear to default to the https site each time I visit the site.

Been using Safari and it has never reverted back to http for me. Has always stayed https.

atcsundevil wrote:

Moose135 wrote:

paveknife wrote:

Why doesn't Airliners.net inform it's users by mail on what is happening here?

Because the e-mail notification system (used for things like letting users know when a forum post has been removed) is broken, but it's on the developers' list, we're just not sure when they will get to it.

It isn't broken...it doesn't actually exist. The notifications were part of the old site. Nothing has been made to replace it. It's planned, and we've been asking for an automated notification system for more than two years, but obviously it hasn't happened. At the moment, there are clearly much bigger concerns.

Thanks, I was not aware of that!
My concern is that far not every user/uploader is active on this forum, and therefor will not be aware of what is happening...
So personally I think this is, or should be, a big concern.

paveknife wrote:

atcsundevil wrote:

It isn't broken...it doesn't actually exist. The notifications were part of the old site. Nothing has been made to replace it. It's planned, and we've been asking for an automated notification system for more than two years, but obviously it hasn't happened. At the moment, there are clearly much bigger concerns.

Thanks, I was not aware of that!
My concern is that far not every user/uploader is active on this forum, and therefor will not be aware of what is happening...
So personally I think this is, or should be, a big concern.

We moderators completely agree. People rightly get upset over deletions when they don't understand the reason behind them. If they see their post has simply disappeared, it's more than understandable to be angry. It isn't that we don't want to be transparent about our actions — I am more than happy to justify myself based on my actions or inactions as a moderator — we just don't have the time to contact each person individually for simple deletions. Threads that go totally off the rails may have 20, 30, or more deletions (most of them are because they reference deleted posts); we all have jobs, families, and personal lives, and while we're happy to take time out of our day to keep the site going, we don't have the time or energy to send out 20 or 30 PMs or emails.

Because of that, we obviously need an automated system. We've spent a couple of years pushing for things people want, like the airport codes "hover function", notifications, new forum ideas, etc. It's not that we aren't advocating for these things, and in some cases there has been quite a bit of work done to try to make it happen, but there's only so much we can do sometimes. It's up to the developers and the powers that be to implement these things.

I always encourage users to contact us via email to ask about any deletion or action we've taken. If I'm the moderator that did it, I will always respond and try to have a constructive discussion about it. We will only discuss actions with the user involved, but we're happy to answer. It is less than ideal to put the burden on users to seek us out, but it's our only logical option for now.

OA412 wrote:

atcsundevil wrote:

scbriml wrote:

I've just cleared all my cookies, history and downloaded images & files from Chrome, restarted it and a.net is still not secure.

Interesting. I wonder why it works for some people and not others. Then again, I'm hardly an expert on this stuff. The developers are aware, and presumably they'll be getting to it once they can figure out all of these annoying 502 issues.

scbriml, I just had the same issue. I too am using Chrome. Try this and see if it works. I physically typed https://www.airliners.net into the browser, and now it does appear to default to the https site each time I visit the site.

This is somewhat (OK, very) embarrasing, but I realised that I access a.net through a bookmark that was still set to https://airliners.net. I've changed that to https://airliners.net and it now seems to be working OK.

While stupid on my part, it would appear that the most basic redirection of the site from http to https is clearly not working.

scbriml wrote:

This is somewhat (OK, very) embarrasing, but I realised that I access a.net through a bookmark that was still set to https://airliners.net. I've changed that to https://airliners.net and it now seems to be working OK.

While stupid on my part, it would appear that the most basic redirection of the site from http to https is clearly not working.

It happens to the best of us.

You're right though, it's not forcibly redirecting everyone, and that is an issue that needs to be addressed. I'm pretty sure the developers are aware of it, so hopefully they'll close that loophole sooner than later.

I've also received that email telling me my account from an "ADULT SITE" that I had visited had being hacked, asking me for bitcoin.
Apart not having visited any adult sites, let alone got a password on one, it was a unique password to this site that they gives it away.
The 1st email was about a month ago, and the last about 2 weeks.



.

Also got the blackmail e-mail today.
I changed my password but I don't think it really matters since it's not secure anyway.

Any updates?

BTW, the e-mail came through my spam folder, from me to me.