map.mods-r-us.net data dumped after administration denied help from @Herxode

content/images/gallery/random3/map-mapping-for-mohaa.png Well this is a very common story that the public hardly ever see's or hears about. A well known hacker who normal stays fairly quiet has dumped a load of accounts from a forum that refused to take help from the hacker. So the hacker, known as @Herxode had breached and obtained data from the forum which is a medal of honor mapping forum  had contacted the administration about the exploit. In the contact @Herxode proposed they pay a $50 donation to a charity  and they would allow for his work in securing the website. As a result of this it would seem the administration has taken this the wrong way and seen it as blackmail. Now before i go any further i just want to say, anyone who owns or administrates websites gets hacked and is actually lucky enough to be contacted about the hack and offered the option to secure by the person who broke it , is stupid enough to turn them away then they do deserve to be hacked and they do deserve to be exposed for not taking all measures to secure there clients information. Most of the time hackers will not ask for anything in return much like @Herxode who normally doesnt ask but asked for them to donate it to charity, is that so bad? So anyway as a result of the administration of the forum at map.mods-r-us.net now all the user accounts have been leaked onto the Internet and surely this will have effect yet again on many gamers all due to an admin who was not willing to take the help offered. Excerpt from leak:

The following is a database dump of over 3000 members from the forum at https://map.mods-r-us.net brought to you by Herxode (@Herxode) The admin of the forum was rude to me via email so I gave him an option to protect his users details for a small fee of $50 which I asked him to donate to a charity. This was a case to see what he valued more, money or his members, now that I'm dumping this I think you can see what he chose. I don't want his money, and I am always more than willing to help any of my victims for free if they are polite to me. But when you're as rude as this forums admin was then you get one chance. Quotes from his sites homepage include... "The hacker is now trying to blackmail me and actually asking money for not disclosing the user names and e-mail addresses that were stored in our database. This means the attack now certainly classifies as a crime and further action will be taken against the perpetrator. " "I have no intention to respond to his threats, so we'll have to see what happens." Notice he doesn't mention I didn't want his money and told him to donate it to a charity, and also clearly doesn't care about the risks to his members.

Statistical Information

**Authenticity**
Valid3,025
Duplicate's1
Already Stored6
**Top 4 Provider Result's**
Hotmails1,032
LiveMail9
Gmails241
Yahoos400
**Total of** 3,031 Emails Found
  Also having a look at the website you will see its offline with the below message, we have copied this for archival reasons.. **The bad news** Unfortunately the forums got hacked, which has caused the loss of nearly a year of user-contributed content. I am deeply sorry for this loss and regret not making backups often enough. **Is my personal information stolen?** The attackers have gained access to the e-mail addresses in our database and so-called MD5-hashes of the associated passwords. It is possible but non-trivial to recover the original password from such a hash. **What now?** I had to take the forums offline to prevent the possibility of being immediately attacked again. In the meantime, I'm installing an all new shiny forum at a different location. I was able to recover all posts before February 2011 and convert them to the new forum software. Our tutorials and map reviews were untouched by the attack. The new forum will be opened shortly. The attacker claims he has made a backup just before deleting everything. I hope to get my hands on it, but so far my attempts to get in touch with the attacker have been unsuccessful. There is still hope he gets remorseful of his destructive actions and makes his backup available to us, so that all posts can be restored. **Do we know anything about the purpose of the attack?** It appears that the attack was performed to demonstrate the vulnerability of websites running outdated forum software. **Do we know anything about the attacker?** If you were a registered member at the time of the attack, you will have received an e-mail from the attacker stating his Twitter identity that I will not replicate here. I was also able to determine the precise timing of the attack, the IP-address from which the attack was performed and an e-mail address that apparently was used in the attack. I'm still considering what to do with this information. Hang on. .MAP isn't dead yet. Best regards, Jeroen / jv_map Administrator **Update Tuesday, 7 February 2012, 23:35 (UTC)** I have been able to get in touch with the hacker. He pointed out a number of security flaws in our website. I have taken steps to eliminate all of these flaws. I'm now waiting for the hacker to make his backup available to us. **Update Wednesday, 8 February 2012, 23:20 (UTC)** The backup that the hacker made turns out to be incomplete. This happens when people get their hands on buttons that were not made for them to handle. More is getting clear about the purpose of the attack. The hacker is now trying to blackmail me and actually asking money for not disclosing the user names and e-mail addresses that were stored in our database. This means the attack now certainly classifies as a crime and further action will be taken against the perpetrator. I'm also working on restoring the forums as well as possible. It takes a lot of time to sort out this mess, so .MAP will be offline for a few more days. **Update Thursday, 9 February 2012, 23:51 (UTC)** Almost done restoring the forums. As the dust settles, the extent of the damage becomes clear: - User account information of users registered after Feb 6, 2011 is lost. These users will need to re-register to continue using the boards. - Any private messages sent after Feb 6, 2011 are lost. - Threads started after Feb 6, 2011 are lost. However, I was able to recover all individual posts up to the day of attack. These posts have been merged into a single 'Lost + found' thread in each forum, which means that at least all information is still accessible via the search feature. The post chronology is not necessarily correct (but makes sense in many cases). In case the author of the post has registered after Feb 6, 2011, the original author no longer exists as a user and the post is displayed as posted by a 'Guest' user.

The attacker has an active threat to release the user account information (which he boasts to have recovered separately from the backup) into the public. I have no intention to respond to his threats, so we'll have to see what happens. In any case it is prudent to consider the password you used to log in to the forums compromised, which means it is best to change your password if you use the same password for other websites/services. I'll need one more day to check that everything is running ok. **If all goes well the forums will be re-opened tomorrow.**Update Friday, 10 February 2012, 22:18 (UTC) Oops, I thought I was done. .MAP opened briefly today with the forums restored as well as I thought possible. However, moments later it occurred to me that the user accounts were actually never deleted by the attacker, which means that I can restore them from the 'evidence' backup I made right after the attack. This means that nobody needs to reregister and posts remain attributed to their original author (instead of 'Guest'). However, for this to happen I need to redo the (manual) forum restoration from scratch. For this reason the site must unfortunately remain offline for an extra day or two, but I think it will be worth it in both the short and long terms. Hang tight! OK so lets look at this, in the above he states that he is being blackmailed? that is not true and this administration needs a review asap. It is not right to tell your users lie's it will get you no where fast, its best to be honest, admit to your mistake and move on and hope for the best. Maybe this will be a learning experience for them and they will pickup there game in both security and communication. So now the actual leak: data: https://pastebin.com/u1gHrNzB

Lee Johnstone

Lee Johnstone

Information Security Data Analyst, Investigative Journalist, Technology Lover, Mechanic.

Read More