Sborg.us hacked and Database online

[snub]

hi,

yesterday i have see that sborg.us is down and today i have read on a site
sBorg v5.4 RETAIL - Real Original Files + Bonus

that means full database with all email addys of the clients + script


oh somik what have you done :facepalm:

 

[snkr007]

if you are talking about scriptmafia.org then its FAKE and its not even working so better close this topic here only

 

[snub]

yes because the script is encoded. in the comments they wrote that they will decode it.
of course is it real !! i have found my email adress in the database (sql file)

 

[robert420]

Thread Re-Opened
Reason: It's a security matter if SQL database does contain clients information such as email, and etc

 

[Halcyon]

Yeah someone breached our main server, And that was the reason for the downtime!

Everything is back online now, And as far as the database is concerned we've changed all the credentials. You'll have to open a support ticket to know your new transaction ID.


Also, all are advised to change your sBorg logins ASAP. If possible, Change all the filehost logins too (security eh?) -_-

 

[indahouse]

I see in database my email, my licence, etc

 

[fdls]

Don't worry guys. Halycon has already said that they have changed your credentials. Just get the new ones and there won't be any problem.

 

[•RaJ•]

this is kind of worst!

 

[iHate]

I would like to know if:
Email ID's
Paypal ID's
Passwords

were in those databases and if yes what are you going to do about that?
(This is directed at somik and whoever else works for sborg)

 

[r0ck]

Don't worry guys. Halycon has already said that they have changed your credentials. Just get the new ones and there won't be any problem.

Lol don't worry?
Customers emails and other stuff is in that database, thats not good at all.

 

[liveuploader]

If you can't protect yourself then dont run it. Once hacked = could be hacked again !!

 

[somik]

Guys, i am sorry that your emails were leaked with our database, however do not worry. If you check in the database, you'll see it only has your sBorg email & your old sBorg key. It does not have your name or paypal emails. As you know, we've taken action LONG before the files were released. We completely shutdown our system, formatted our harddisk (keeping ONLY) the database. Then we moved the sBorg site and forum to a new server and installed it fresh.

We also have changed all the passwords in the system, and yes, your keys are also changed. As you can see, you cannot install sBorg right now because we are still working on the licensing server. Once we are done, you'll recieve your new sBorg keys.

We'll also be creating a new licensing server for the next versions of sBorg as when i started with sBorg, my coding skills were very beginner level. Although i wont say i am a pro now, i do know somewhat more then before so i'll be working on a new licensing server while Halcyon works on the new sBorg.

We'll keep you updated via out website: http://site.sborg.us/

I would like to know if:
Email ID's
Paypal ID's
Passwords

were in those databases and if yes what are you going to do about that?
(This is directed at somik and whoever else works for sborg)

Email ids were in the database.
If the user provided paypal email as sborg email, then their paypal id may be there.
No passwords were saved in the database in the database.

We have also reported the file to the filehost.
.

 

[Dj Mad]

Any body want to send me a copy of the db????? i would have good use for that?

 

[Mr Happy]

Any body want to send me a copy of the db????? i would have good use for that?

Can't link to it here as I'll get in trouble but it's on scriptmafia.org as mentioned earlier in this topic. If you search for Retail sborg the link in the first post is dead as it was reported but in comment number 8 voldemort uploaded it to his server, perdana, so it won't be removed and anyone can download it. Maybe we could send a copy to Nate from TakeDownPiracy :P




Using this one as an example that not all passwords are safe. I've checked and showing this example as the site is down.

It's a complete disaster. You really need to email your clients and tell them what happened. Their's no info at all on your blog that their email, IP's and other data was compromised.

This post is useless for information http://site.sborg.us/2011/10/sborg-systems-up-and-running/

The least you should do is let all 805 clients know.


EDIT:

some real names are in the Database too

hot topic now

 

[innocent_kid]

If you can't protect yourself then dont run it. Once hacked = could be hacked again !!

if everyone follows that internet will have number of sites = 2 .. probably only facebook and google
even though they might be hackable too but are not being targeted or whtever :P

 

[ajinkya9]

^^
Does this mean, passwords are stored as Plaintext
I think that's a very wrong thing to do.

 

[Mr Happy]

SERIOUSLY? "NOTHING TO WORRY ABOUT"?

 

[soft2050]

^^
Does this mean, passwords are stored as Plaintext
I think that's a very wrong thing to do.

No! Not every!
[strike]I just checked the database and out of 100 users, i think only 3-4 users passwords were not encrypted (Maybe they were from staff/team)[/strike]
I just again checked whole db info and only somik's and 2 more user pass was not encrypted! Else all were encrypted (Dunno, there may be some which i couldn't see)

But it doesn't seems to be md5!

Question to Somik:
Were these password a hash or just a encryption which could be later decrypted?
It would be a much bigger disaster if the passwords were ENCRYPTED and not HASHED once the script gets unencoded:'(

 

[pioneer_fawad]

i am not there customer but one suggestion change your all passwords immediately to strong one .
paypal
email
etc

 

[masterb56]

Also file directories are visible.

F*ck.

They have your ip/hostname and where you installed sborg.

I've placed other precautions on my private server, but I suggest some free install tickets somik so we can move the sborg installation to a different directory.