My diecastmodelaircraft.com credentials pwned...? - DA.C
 

Go Back   DA.C > Clearance Delivery > General Squawk Talk

Like Tree1Likes
  • 1 Post By ops manager
Reply
 
LinkBack Thread Tools Rate Thread
Old 12-21-2020, 11:11 AM   #1 (permalink)
1/200 civil|1/72 military
 
nurunet's Avatar
 
Join Date: Sep 2012
Location: Toulouse, France
Posts: 917
Default My diecastmodelaircraft.com credentials pwned...?

I recently received a notification from Have I Been Pwned that credentials linked to diecastmodelaircraft.com (DiMA, where I manage my collection) with an email address I use *exclusively* for DiMA had been found in a collection of breached credentials called Cit0day. I think DiMA may have been compromised.


I also found my email address on Dehashed with the comment "Sourced from diecastmodelaircraft.com (Cit0day) data" (and recently started receiving spam on that address).


I'd say this is very strong evidence that DiMA has been compromised at some point. I'd love to know when, and whether whatever security issue allowed this has been fixed. Otherwise any change of email address and/or password is rather moot.


If any of you use DiMA, I'd say be very careful in case you used the same login credentials elsewhere.
__________________
Successfully bought from: vertigo, LH456, STEVEJ, jixer, 40612, qantas747, HTF200, smanish, Alcon Air, 747-400ERX, AirCanada881, Flight777, crownvic, GiveMeWings, callume190, kevin_flikweert

Successfully sold to: jsjscd9a, Roarer, smanish, fleetlordatvar, DELTA-711, laviru93doodle, sizmo7, ramjet77, mik211, geeforce9, Surinam Air 747, Taiga04, jcruznegron, Buckeyes14, cowlesco, Sonka, Spanish Dragon, fin_airplane_collector
nurunet is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 12-21-2020, 06:13 PM   #2 (permalink)
747-400 Collector
 
JagT747's Avatar
 
Join Date: Aug 2018
Location: Toronto
Posts: 560
Default Re: My diecastmodelaircraft.com credentials pwned.

DiMA wasn't the only place Hacked. My DAC and Wings900 got compromised and my iPhone gave me several warnings. Anyone can check their emails on haveibeenpwned.com to check if You were compromised. Over 226 million accounts got compromised!
__________________
JAG

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
JagT747 is offline   Reply With Quote
Old 12-22-2020, 05:57 AM   #3 (permalink)
1/200 civil|1/72 military
 
nurunet's Avatar
 
Join Date: Sep 2012
Location: Toulouse, France
Posts: 917
Default Re: My diecastmodelaircraft.com credentials pwned.

Strangely, for my DA.C address HIBP says "Good news — no pwnage found!"
__________________
Successfully bought from: vertigo, LH456, STEVEJ, jixer, 40612, qantas747, HTF200, smanish, Alcon Air, 747-400ERX, AirCanada881, Flight777, crownvic, GiveMeWings, callume190, kevin_flikweert

Successfully sold to: jsjscd9a, Roarer, smanish, fleetlordatvar, DELTA-711, laviru93doodle, sizmo7, ramjet77, mik211, geeforce9, Surinam Air 747, Taiga04, jcruznegron, Buckeyes14, cowlesco, Sonka, Spanish Dragon, fin_airplane_collector
nurunet is offline   Reply With Quote
 
Old 12-22-2020, 08:37 AM   #4 (permalink)
Senior Collector
 
JJ Skippy's Avatar
 
Join Date: Sep 2020
Posts: 342
Default Re: My diecastmodelaircraft.com credentials pwned.

Honestly, I think DiMA, DAC and Wings900 should get a bit of a facelift in both design and security. Not sure if this has happened before but I don’t think any of those websites have gotten reworked since their inception.
__________________
My BIGGEST requests for new 1:400 releases: American Eagle CRJ-900; Delta CRJ-900 re-release; United CRJ-200 Blue Evo

Latest arrivals: There's 7 new arrivals today! Thanks DGPilot!
JJ Skippy is offline   Reply With Quote
Old 01-03-2021, 11:38 PM   #5 (permalink)
Junior Collector
 
ops manager's Avatar
 
Join Date: Jan 2021
Posts: 2
Default Re: My diecastmodelaircraft.com credentials pwned.

An update from Dima, as I personally executed the upgrade this weekend; we're at the latest and greatest version of the software with all security holes plugged.



All,
On the evening of January 2, 2021, we executed a well-needed upgrade of our forum software; this addressed many security issues with the system. Now with every upgrade comes a challenge, this one is in the form of the database. Without going into too many details, our database system relies on the forum software to draw the menus and general look and feel. Now after the upgrade, the two systems need to run with different settings. You'll notice that anything related to the database will now reside under the URL: database.diecastmodelaircraft.com

With that said, over the next week or so, we will work to address some known issues with the database - mainly around menus, URLs, and page components. We appreciate your patience while we work through these.


You can report errors/issues to the thread in our main forum.


We will be notifying all members of the community regarding the security breach. Thank you for your patience!


DiMA Ops Manager
nurunet likes this.
ops manager is offline   Reply With Quote
Old 01-09-2021, 02:47 PM   #6 (permalink)
1/200 civil|1/72 military
 
nurunet's Avatar
 
Join Date: Sep 2012
Location: Toulouse, France
Posts: 917
Default Re: My diecastmodelaircraft.com credentials pwned.

Happy to see this reaction. :-)
__________________
Successfully bought from: vertigo, LH456, STEVEJ, jixer, 40612, qantas747, HTF200, smanish, Alcon Air, 747-400ERX, AirCanada881, Flight777, crownvic, GiveMeWings, callume190, kevin_flikweert

Successfully sold to: jsjscd9a, Roarer, smanish, fleetlordatvar, DELTA-711, laviru93doodle, sizmo7, ramjet77, mik211, geeforce9, Surinam Air 747, Taiga04, jcruznegron, Buckeyes14, cowlesco, Sonka, Spanish Dragon, fin_airplane_collector
nurunet is offline   Reply With Quote
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are On



All times are GMT -4. The time now is 05:25 PM.

Latest Threads
 

Models of the Week
 



Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.1
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.