You are NOT Logged in.
Chat about all aspects of snowsports, backcountry, climbing and mountaineering.
Goto Thread: PreviousNext
Goto: Forum ListMessage ListNew TopicSearchLog In
Goto Page:  Previous12
Current Page:2 of 2
ropetow


Posts: 202
Joined: Sep 2006
Last Visited: 09:08
13th Apr 2021
Re: Password Leak
Date Posted: 14.18hrs on Mon 15 Feb 21
My email address is not showing up as compromised either in haveibeenpwned or avast.
alan


Posts: 10768
Joined: Nov 1994
Last Visited: 17:02
27th Mar 2024
What's this?What's this?What's this?
Re: Password Leak
Date Posted: 02.23hrs on Wed 17 Feb 21
Just completed a protracted verification and cross reference process.

We have enough site specific email address registrations which report 1 breach in the cit0day data dump to confirm that there is genuine Winterhighland forum members credentials in the data dump. That there are some 23,000 websites breached in this data dump is of little consolation when embarrassingly Winterhighland is one of them.

At this time we believe there are 2222 genuinely compromised passwords which are paired with the email address used to register these forum accounts. The information dumped does not include usernames, just password hash / password (where cracked) and email address.

The cracked passwords fall into a two distinct categories, either vulnerable to dictionary attacks including use of common numeric character substitution strategies or relatively vulnerable to brute force attacks given modern computing power such as all numeric digits with fewer than 10 digits and random alphanumeric passwords shorter than 8 characters.

There is also a significant reoccurrence of passwords like 123456, rangers1690, celtic1888, cliffhanger, nosecurity, qwerty - you get the drift!

If you want to check whether your passwords are secure try [haveibeenpwned.com] .

We have some other data and information to review which may help pinpoint what / when the actual breach was that lead to this data being in the Cit0day dump in December 2020. We will post further info with more details later on Wednesday,

Once again if you have used your Winterhighland email address and password combination elsewhere - CHANGE IT. If you have a re-used password on your actual email address change it before doing anything else!
jabuzzard


Posts: 885
Joined: Jan 2010
Last Visited: 11:02
16th Apr 2021
Re: Password Leak
Date Posted: 19.55hrs on Wed 17 Feb 21
Has the winterhighland website been patched to latest to fix any potential security issues?
paraffin


Posts: 580
Joined: Mar 2007
Re: Password Leak
Date Posted: 07.48hrs on Fri 19 Feb 21
Hi Al,
thanks for all your hard work in resolving the password leak.
I can confirm my password was leaked on 10 Dec 2020 in encrypted form.
Cheers
Davie
sspeirs


Posts: 370
Joined: Mar 2008
Last Visited: 09:59
22nd Apr 2021
Re: Password Leak
Date Posted: 19.32hrs on Fri 19 Feb 21
Same for me. Also leaked on the same date was my snowheads password - also in encrypted form.
WeeSam


Posts: 110
Joined: Sep 2014
Last Visited: 00:53
5th Apr 2021
Re: Password Leak
Date Posted: 23.57hrs on Sat 20 Feb 21
My password was leaked on 10 Dec 2020 decrypted.

All cool though, I only used it here.
P.Clark


Posts: 47
Joined: Feb 2010
Last Visited: 19:30
27th Feb 2021
Re: Password Leak
Date Posted: 22.52hrs on Thu 25 Feb 21
Mine was leaked too. Unencrypted.
Goto Page:  Previous12
Current Page:2 of 2
Your Name: 
Your Email: 
Subject: