UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Mr. Excel Hack    
 
   
River59
post Jan 17 2017, 10:49 AM
Post#1



Posts: 1,114
Joined: 7-April 10
From: Detroit, MI


I received an email this weekend from the Mr. Excel website stating that they had been hacked and email & password information was compromised. I do not remember ever 'registering' for that website though I know I have gone there a couple of times to get Excel answers. Has anyone else received this email? I can't imagine why a 'hacker' would hack into a programming forum like that ... what would be the purpose?

Just curious ...

--------------------
Remember ... Armstrong, Aldrin and Collins flew to the moon and back with a computer system less complex than a modern, programmable toaster ...
Go to the top of the page
 
doctor9
post Jan 17 2017, 11:11 AM
Post#2


UtterAccess Editor
Posts: 17,086
Joined: 29-March 05
From: Wisconsin


River59,

Do you use a unique password for every single website that you need a password for? Or do you have one password that you use for a bunch of them because it's easier to remember? Hackers know that some people tend to use the same password for multiple sites, and if your MrExcel password is the same as your banking password, you could be in deep trouble.

Dennis

--------------------
(;,;) Li'l Cthulu says: Please talk about what you're trying to do, as well as how you're doing it.
Changing your real table name to "Table1" and your real form name to "Form1" in your posts makes it more difficult to understand what's going on, not easier.
Guidelines for Posting Questions
Go to the top of the page
 
GroverParkGeorge
post Jan 17 2017, 11:22 AM
Post#3


UA Admin
Posts: 29,445
Joined: 20-June 02
From: Newcastle, WA


This is a legitimate response to a hack that occurred. I am a member there, although not as active as I once was.

Too many people use one password at multiple places and the fact that they were compromised means you could, potentially, be at risk in many places.

If you got the email, you must have signed up there at some point, it would seem.

--------------------
Go to the top of the page
 
River59
post Jan 17 2017, 11:44 AM
Post#4



Posts: 1,114
Joined: 7-April 10
From: Detroit, MI


No, not the same passwords ... and I never do banking online. If I did sign up there, it was years ago and any password used has long since been discarded. I just found it curious that type of database was hacked. It seems a long way around trying to get to personal data unless it is just easier to hack there than other places and they cross their fingers a password can be used someplace more valuable.

My major point was to confirm this was a real hack and not a hacker telling me something was hacked ... oh my, will the insanity ever end?

--------------------
Remember ... Armstrong, Aldrin and Collins flew to the moon and back with a computer system less complex than a modern, programmable toaster ...
Go to the top of the page
 
GroverParkGeorge
post Jan 17 2017, 11:55 AM
Post#5


UA Admin
Posts: 29,445
Joined: 20-June 02
From: Newcastle, WA


To the contrary. It's getting worse. Keep in mind that the people who do these things can have enormous computing power at their disposal. Scanning thousands of usernames/passwords is not the same kind of task for them as it might be for you or me.

--------------------
Go to the top of the page
 
zocker
post Jan 17 2017, 02:27 PM
Post#6


Utterly Eccentric and Moderator
Posts: 4,041
Joined: 4-March 00
From: Bristol / Ipswich / Spain


Have you spoken to anyone at Mr Excel? It could be that the entire email is a spoof. I receive mail all the time from Bank of America, Wells Fargo, DHL, many from 'Adult Dating' none of which do I have accounts.....honest!

Only yesterday was offered a highly paid executive job with Total Oil....I only had to send an introduction fee before they hired me. in London too, exactly in the same place as the kebab shop.

All the best

Zocker

--------------------
Everything in moderation.......especially moderation.
Go to the top of the page
 
GroverParkGeorge
post Jan 17 2017, 02:34 PM
Post#7


UA Admin
Posts: 29,445
Joined: 20-June 02
From: Newcastle, WA


There is a notice posted on their forums regarding the breach.


--------------------
Go to the top of the page
 
zocker
post Jan 17 2017, 02:39 PM
Post#8


Utterly Eccentric and Moderator
Posts: 4,041
Joined: 4-March 00
From: Bristol / Ipswich / Spain


Too bad that well meaning people are effectively burgled!

Z

--------------------
Everything in moderation.......especially moderation.
Go to the top of the page
 
TheSmileyCoder
post Jan 18 2017, 09:13 AM
Post#9


UtterAccess VIP
Posts: 1,489
Joined: 19-January 12
From: Denmark, Copenhagen


Disclaimer: This is my oppinion, not facts:
Most hacks of high-security sites these days start by phishing information from employees in one way or another.
Gathering personal information from a low-security (or simply outdated) site might be a good entry point. Imagine that by hacking MrExcel I start by getting usernames and emails, as wel as first/last names of say 25.000 people. Imagine that one of those emails are Susan@FederalReserveBank.com, or some other email, where I can use the domain name to get a good idea of the originating source. Now again, imagine that Susan has an outlook online account, and she is stupid enough to use the same password for her outlook mail, as she does for her MrExcel forum account.

Now you have access to susans mail, you can expand your reach. From there, you can proceed to attempt to gather info on other employees or even try to trick Susan to giving other kind of info, or maybe write phishing mails to her colleagues from her account,and so on.

--------------------
TheSmileyCoder // Anders Ebro (Access MVP)

~~~~~~~~
Blog: www.TheSmileyCoder.com
YouTube Channel: TheSmileyCoder
Go to the top of the page
 
River59
post Jan 18 2017, 09:42 AM
Post#10



Posts: 1,114
Joined: 7-April 10
From: Detroit, MI


zocker,

I can beat that ... I received an email regarding the Yahoo breach and it said that the World Bank was going to send me $1M for my troubles! Of course, I signed on the dotted line ... still waiting for my check (snicker, snicker).

--------------------
Remember ... Armstrong, Aldrin and Collins flew to the moon and back with a computer system less complex than a modern, programmable toaster ...
Go to the top of the page
 
JonSmith
post Jan 18 2017, 09:47 AM
Post#11



Posts: 3,075
Joined: 19-October 10



The advice I always think is good is that you manually navigate to the affected site whenever you get an email from any bank or website etc, that prevents phising stuff.

As for if they were hacked, then yeah you'd need to change you passwords on other places. Hackers can connect the dots between here and another website etc etc and work out your accounts in other places. If they get your email they can reset other stuff and so on.

Go to the top of the page
 


Custom Search
RSSSearch   Top   Lo-Fi    24th May 2017 - 04:48 AM