Tapatalk Support Foren wurden gehackt

[Rak]

Hi, habe folgende Mail bekommen:

Dear Tapatalk Forum Community,

Today we discovered that someone had used an exploit in a third party plugin on the Tapatalk support forums, leading to the disclosure of email addresses and encrypted passwords, and possibly passwords in cleartext if you attempted to login since December 9th.

Due to this incident, please log into www.tapatalk.com/v2 and change your password.

Please choose a strong password, containing a mix of upper and lower case letters, numbers and even symbols if possible.
Never use the same password on more than one site. Passwords should be unique to each site they access in order to comply with basic security best practices.
No other systems appear to have been affected and we will continue to perform audits. In the meantime our support forums will be brought back online but we will be rolling back the site approximately a week as a precaution. Posts and messages since that time will not be restored in this process.

Again, all passwords have been invalidated and will no longer work. Please reset your password using the reset password page and then following the instructions provided in the email.

We are sorry for this inconvenience and thank you for your patience,

The Tapatalk Team

Stärkt nicht mein Vertrauen in den Laden...

 

[androiduser44]

Zitat E-Mail vom Tapatalk Security Team:


Dear Tapatalk Forum Community,

Today we discovered that someone had used an exploit in a third party plugin on the*Tapatalk support forums,*leading to the disclosure of email addresses and encrypted passwords, and possibly passwords in cleartext if you attempted to login since*December 9th.

Due to this incident, please log into*www.tapatalk.com/v2*and change your password.

Please choose a*strong password, containing a mix of upper and lower case letters, numbers and even symbols if possible.Never use the*same password on more than one site. *Passwords should be unique to each*site they access in order to comply with basic security best practices.

No other systems appear*to have been affected*and we will continue to perform*audits.*In the meantime our support forums will be brought back online but*we will be rolling back the site*approximately a week*as a precaution. Posts and messages since that time will not be restored in this process. *

Again, all passwords have been invalidated and will no longer work. Please reset your password using the*reset password page*and then following the instructions provided in the email.

We are sorry for this inconvenience and thank you for your patience,

The Tapatalk Team


Wer hat noch diese "erfreuliche" Mail bekommen?

 

[Rak]

Wer hat noch diese "erfreuliche" Mail bekommen?

Hi, alle dortigen User haben das bekommen.

 

[cramu]

Wenn ich richtig verstehe sind hier nur die Login-Daten des Support-Forums betroffen, nicht aber die Tapatalk-ID, oder?

 

[Rak]

Wenn ich richtig verstehe sind hier nur die Login-Daten des Support-Forums betroffen, nicht aber die Tapatalk-ID, oder?

So verstehe ich das auch.

 

[det-happy]

Tapatalk Forum kompromittiert, Mail-Adressen und Passwörter gestohlen

 

[Rak]

Hi, da steht aber auch nur das, was in der Mail steht (auf deutsch immerhin).

Übrigens ist der erste Link in der Mail falsch! Damit kann man kein Passwort zurücksetzen lassen. Erst weiter in der Mail steht der korrekte Link.

Es gibt nur wenig Info mehr. Paul (Admin bei Tapatalk-Foren) schreibt:

Only the support forums were affected, not the admin panel (unless you use the same password everywhere, a very bad practice) and not the Tapatalk plugin installed onto your site or the app on your phone.

(..)


Affected
- support.tapatalk.com

Unaffected
- www.tapatalk.com
- Admin control panels.
- Tapatalk plugins
- Tapatalk mobile apps

Also anscheinend wirklich nur die eigenen Xenforo-Foren betroffen....

Weiter zur Quelle des Übels:

The entry vector was not via Xenforo or the tapatalk plugin on support, it was via wordpress. (..)

Xenforo was *never* exploited directly. There is no exploit for Xenforo that was seen, this was an attack on wordpress which led to the server being compromised which was the vector to attack Xenforo. Xenforo would hot have been compromised if it wasnt for the wordpress install.

"Beste" Antwort eines Users im Thread:

at this point I don't even know if paul @Tapatalk is a real admin.

(wenn es nicht so traurig wäre ...)

Die Foren wurden übrigens 6 Tage zurückgesetzt.

Tapatalk-Mitarbeiter winter schreibt:

the Tapatalk ID you use in the app is not affected, and the Tapatalk Admin Console is not affected (the place where you manage your forum installation).

Wegen Tapatalk-ID wurde oben ja gefragt, daher hier dieses letzte Zitat noch hier.

Quelle/Threads bei Tapatalk:
Android - Passwords Stolen? | Tapatalk Support
Tapatalk exploit by 3rd party add-on - which ?? | Tapatalk Support