Sborg.us hacked and Database online

[Mr Happy]

Give him some time, let him do whatever he thinks is *good* and supplementary to the actions done.

Did you even read the whole thread before giving your speech? What he though was right was doing pretty much nothing for 4 days. Do you think it's acceptable to do nothing for 4 days? How much time is "some time"?

He has accepted that his server was breached and that the data is stolen.

They denied and covered up what data and information was stolen and only accepted when it when I proved otherwise with screenshots and even after that made further lies. Read the whole thread.

He might have emailed all his clients to change/modify their passwords.

As they said "Regarding sending mass mail, We've thought about that and it'll probably get us banned."

This shows they were still thinking about themselves and not their clients security and this was 4 days later and I had posted paypal and usernames and passwords. He's only emailed people because I publicly exposed how much data was leaked while they tried to cover it up and protect their reputation.


4 Days! Blaze I think you need to re-read the thread again.

 

[CyberHacker]

Attention ! Very Important Notice to all

Alright since everyone is jumping on this thread talking about shit
I am gonna do the same, First of all leave somik alone He's the main victim here maybe you Guys forgot it was his site which Got hacked, No i am not saying there was no way to stop This from happening But he did whatever he can do to control the damage

------------------------------------------------------------------------

Now for sborg customers, Take deep breath and stop freaking out

Now after you done that read on

The DB (Database) only contents the following things

1. Id - Email - Host - Url - Domain - Remote_ip - Display_ip

*Now that means your username and your email not the payment email Which is paypal ect.. And your ip and your sborg login page ect.. (unless you used same email as paypal which is a dumb thing2do)

2. Q & A

Q: Should you be worried ?

A: Yes, unfortunately based on the data which has been compromised but only a few should be worrying cuz the not all the info of users are compromised

For example people who have changed there password after they revised the default password from the support team have nothing to worry for now because once you change the password, It's automatically, Encrypted in a secure file now so far there has been no decoder for this encryptor, But that doesn't mean it cant be cracked but trust me it's no baby's play it will take lot of time, The hacker may even give up but even if he cracks it till then all would have changed there passwords

Q: Now what ?

A: All alright now, What has happened is happened nothing to do about it, Now follow these steps to make sure nothing else happens

1. Change all of your passwords i means all the passwords of the accounts in sborg fs fso whatever ect..

2. If you have installed the sborg script in your own domain for now It's best that you remove it or at least block access to it, Then contact the support team and wait for instructions

I must admit, The sborg staff didn't Handel this problem well but

Hay blaming on them wont do you any good so if you still want to use there services

Do it if not leave.

 

[Deadmau5]

Like smith, blaze already said. Shit happens. No need to go for kill against sborg. First of all Somik or say sborg developers didnt expected this ever. They would have never thought the breach was so big. It was very unfortunate. Just help them to get over it. And for the users I would say they should have random passwords for every site which would be better for them for such instances

Right

Time to Stop this Flame if you Kids mean you can make it Better or anything else start a Script like this and we see then how Good you are ):P
Mr Happy +1 Sborg.us Team inform the users not fast enough thats all!!!!


Its right he make a failure to inform his clients not fast enough but how the last 3 People say shit happends!!!and iam 100% sure that the Sborgs.us Team will learn about that.


So stop Flaming here and Go and make your 5 $ with Uploading and stop Flame here >.>

Last but not Least

I <3 u All )

 

[Myth?]

Why do you'll write a life story loll? Simply Sborg Staff is wrong for not informing their clients faster, and the correct way. But It's not like they planned It, so give them a little break. They aren't right or wrong but in between.

 

[WaffeSS]

Users that have premium account in sBorg, I suggest you change your passwords, Mr Happy is right, I did a test and yes it is possible the User access your account through the leaked data ..

The images below proves it ...

If the User "cuth-hidden" are reading this message or any other User, I suggest you change your passwords, I logged in one account for testing purposes only, I do not steal or change your account details, "cuth-hidden", this it was only to expose the problem with sBorg...

 

[Whoo]

Unlucky that this happened, being hacked is really painful and brings a lot of 'restoring' time with it as you need to reformat, re-import databases, files and in this case notify the customers.

As some have already pointed out (especially Mr Happy), the most essential point in situations like these (where client data gets leaked) is to inform them as soon as possible, this is something that wasn't done (lack of experience?). I'm pretty sure that all the people that have followed this thread will have learned a lot from this topic. Besides that I'm also sure (I hope so anyways) that if something like this happens again the owners will act faster than they did now.

I wish all the people who had their info leaked good luck and remember: always use a different password for each site you login to.

- Whoo

 

[Mr Happy]

Attention ! Very Important Notice to all

Database only contents the following things

1. Id - Email - Host - Url - Domain - Remote_ip - Display_ip

bla bla in a terrible oversize font

You're wrong. (I can do annoying fonts too)
Their are usernames and passwords leaked too along with paypal, alertpay and moneyborker details like emails. These are contained in the support database. The things you list are only in the client database but that is not the only DB leaked.

I posted proof of usernames and passwords earlier and managed to gain access to people's websites. Gavo gained access to 3 different websites and others have gained access to file host accounts. Just look at what WaffeSS posted above.

 

[BlaZe]

Did you even read the whole thread before giving your speech? What he though was right was doing pretty much nothing for 4 days. Do you think it's acceptable to do nothing for 4 days? How much time is "some time"?

They denied and covered up what data and information was stolen and only accepted when it when I proved otherwise with screenshots and even after that made further lies. Read the whole thread.
As they said "Regarding sending mass mail, We've thought about that and it'll probably get us banned."

This shows they were still thinking about themselves and not their clients security and this was 4 days later and I had posted paypal and usernames and passwords. He's only emailed people because I publicly exposed how much data was leaked while they tried to cover it up and protect their reputation.
4 Days! Blaze I think you need to re-read the thread again.

It was not a speech. FYI speeches are way bigger than that and most of the time, speeches are provoking or for self-actualization.

Yes, they did denied it and I never said that. When you started to point things right, they started to clear up the mess and were put on right track by you. So you should be overwhelmed by this action and rejoice by the mutuality created between you, sBorg developers & their clients. But the others in this thread started to troll them. So my "speech" was for them, not you :p

So ? You need an award for that? Its good that you did it and infact, we need such active people who care for others. But only the aftermath was a bit negative. The trolling could be limited and they should be helped instead.

 

[•RaJ•]

Currently Active Users Viewing This Thread: 41 (38 members and 3 guests)

 

[imagepad]

People freaking about PayPal and AlertPay ID's. I've made thousands of PayPal transactions over time. Just simply having someones PayPal ID obviously accomplishes nothing as it's a common thing to give out anyway. If you're using a simple password on your PayPal email that you're using for everything that's just a disaster waiting to happen.

I just skimmed through this, but everyone who's logging in to "help" a good chunk of you are probably trying to get access to free premiums not "help". Simply put, when tons of you from all over the place are logging in to one account to "help" you're flagging the persons account for suspicious activity and causing more harm than good.

 

[ibby]

Heres a Quick way to Be Safe..

Just FUCKING change ur Passes, and close this thread.. shit

 

[Deadmau5]

Heres a Quick way to Be Safe..

Just FUCKING change ur Passes, and close this thread.. shit

+1

Its all sayed :P

 

[intensecool]

Had to read all the mess of 12 pages before posting this :

1. Mr Happy should be named Mr Worried after this,, thanks to him for all help he did.

2. To sBorg Team,

As an owner of this thing and as the coders , you guys know what infos you had saved in that database and in what type, may be instead of everyone poking and finding from DB, you guys should come forward to reveal everything what has happened, what has been leaked, what may have been lost so your clients can take actions ASAP.

And that was the dumbest thought ever of the crew saying :

Mass emailing will get us banned.

Your 1 mistake or may be we can call this misfortune has leaked out so much of private infos.
You should be worrying about informing them rather then getting banned for mass emailing.

 

[Smith]

I never thought people would link their login info for sBorg in tickets > filehost accounts. Not to mention IPs, emails, names, etc.

But then again even if they do change your password on filehosts you can change it back via email, happened to me once actually, thank god for "verify before changing mail/password" :facepalm:

So try not to get heard attack.

You better start mass changing passwords people...

 

[CyberHacker]

Your wrong. (I can do annoying fonts too)
Their are usernames and passwords leaked too along with paypal, alertpay and moneyborker details like emails. These are contained in the support database. The things you list are only in the client database but that is not the only DB leaked.

I posted proof of usernames and passwords earlier and managed to gain access to people's websites. Gavo gained access to 3 different websites and others have gained access to file host accounts. Just look at what WaffeSS posted above.

So what i never said there where no password leeks,

I already looked in the support db and yes i did see lot of passwords

But like i already said before those are the default passwords

People change the password from there sborg page then the file saves the password in encrypted format

Thats the reason when you ask the support to recover the password

They tell you to remove the file which resets the password but also removing all the account info

And i never said people's websites cant be hacked from this, That's the reason i said to remove the sborg script if they are using it on there own domain

Look buddy i dont work for the sborg, I am jest trying to help

Both our styles may be different but we both are

Trying to do the same thing do u agree ?

I find there is no point in this, I know sborg staff didn't do right

They should have told everyone soon as they knew but they may had there reasons, Whatever it was i think there is no point arguing about it

 

[soft2050]

Isn't this the time to close the thread now? This thread was created for telling other people about the hack! But now The sBorg team has already sended notification to all the user about the hack and also published in the main website!

sBorg team should have told about the hack and its consequences! They should have got the lesson now <-- Thats the only mistake i think sBorg team did!

People trolling here with comments like 'they suckz at security ....' should be knowing that everything could be hacked and mistakes are done by human beings only not bots

It was user responsibility that he used same password, given right name ... knowing the fact that he is going to use the script for illegal purposes!

 

[deAthbLisS]

Well People who are making a login/checking the sborgs/sites..
good peoples can still make a difference.

when you log in.. just goto the setup page and clear all the accounts details and save.
so that the next user can only make a login and do nothing..

atleast We can protect the filehost accounts.. from getting leaked.

if the email is there mail them, ping them on msn etc..
create awareness rather than just sitting on the laptop/computers and watching people getting hacked

 

[SaKIB]

Here is a tutorial

Link removed.

 

[nichole]

That's why you shouldn't be using a public script

 

[LuDo8]

@SaKIB is that a filipino site with instructions on how to use it?

By the way, I never recieved any emails, and I have two accounts with Sborg..not in spam box either.

Anyways, I've done the following:

-Changed Sborg login password + removed all Filehost details
-Changed all Filehost passwords
-Changed VPS password
-Changed Wordpress Site password
-Changed Sborg Forum password

Luckily with my Sborg forum account I used "testingtest" for my password which is NOT a password for anything else I have on the internet. But I changed that to something new again not used by any other accounts.

Does that cover all the bases? Anything else I should look into? Thanks.