content/images/gallery/random3/map-mapping-for-mohaa.png Well this is a very common story that the public hardly ever see's or hears about. A well known hacker who normal stays fairly quiet has dumped a load of accounts from a forum that refused to take help from the hacker. So the hacker, known as @Herxode had breached and obtained data from the forum which is a medal of honor mapping forum had contacted the administration about the exploit. In the contact @Herxode proposed they pay a $50 donation to a charity and they would allow for his work in securing the website. As a result of this it would seem the administration has taken this the wrong way and seen it as blackmail. Now before i go any further i just want to say, anyone who owns or administrates websites gets hacked and is actually lucky enough to be contacted about the hack and offered the option to secure by the person who broke it , is stupid enough to turn them away then they do deserve to be hacked and they do deserve to be exposed for not taking all measures to secure there clients information. Most of the time hackers will not ask for anything in return much like @Herxode who normally doesnt ask but asked for them to donate it to charity, is that so bad? So anyway as a result of the administration of the forum at map.mods-r-us.net now all the user accounts have been leaked onto the Internet and surely this will have effect yet again on many gamers all due to an admin who was not willing to take the help offered. Excerpt from leak:
The following is a database dump of over 3000 members from the forum at https://map.mods-r-us.net brought to you by Herxode (@Herxode) The admin of the forum was rude to me via email so I gave him an option to protect his users details for a small fee of $50 which I asked him to donate to a charity. This was a case to see what he valued more, money or his members, now that I'm dumping this I think you can see what he chose. I don't want his money, and I am always more than willing to help any of my victims for free if they are polite to me. But when you're as rude as this forums admin was then you get one chance. Quotes from his sites homepage include... "The hacker is now trying to blackmail me and actually asking money for not disclosing the user names and e-mail addresses that were stored in our database. This means the attack now certainly classifies as a crime and further action will be taken against the perpetrator. " "I have no intention to respond to his threats, so we'll have to see what happens." Notice he doesn't mention I didn't want his money and told him to donate it to a charity, and also clearly doesn't care about the risks to his members.
|**Top 4 Provider Result's**|
|**Total of** 3,031 Emails Found|
The attacker has an active threat to release the user account information (which he boasts to have recovered separately from the backup) into the public. I have no intention to respond to his threats, so we'll have to see what happens. In any case it is prudent to consider the password you used to log in to the forums compromised, which means it is best to change your password if you use the same password for other websites/services. I'll need one more day to check that everything is running ok. **If all goes well the forums will be re-opened tomorrow.**Update Friday, 10 February 2012, 22:18 (UTC) Oops, I thought I was done. .MAP opened briefly today with the forums restored as well as I thought possible. However, moments later it occurred to me that the user accounts were actually never deleted by the attacker, which means that I can restore them from the 'evidence' backup I made right after the attack. This means that nobody needs to reregister and posts remain attributed to their original author (instead of 'Guest'). However, for this to happen I need to redo the (manual) forum restoration from scratch. For this reason the site must unfortunately remain offline for an extra day or two, but I think it will be worth it in both the short and long terms. Hang tight! OK so lets look at this, in the above he states that he is being blackmailed? that is not true and this administration needs a review asap. It is not right to tell your users lie's it will get you no where fast, its best to be honest, admit to your mistake and move on and hope for the best. Maybe this will be a learning experience for them and they will pickup there game in both security and communication. So now the actual leak: data: https://pastebin.com/u1gHrNzB