login   |    register
User Support
This forum deals with technical issues, email problems or other support related issues.
Has Armorama been hacked?
TankTalk
_VISITCOMMUNITY
Canada
Joined: December 02, 2013
KitMaker: 38 posts
RailRoad Modeling: 0 posts
Posted: Sunday, February 10, 2019 - 12:05 PM UTC
I just got one of those slimy blackmail emails and the sender knew my Armorama password!! I've since changed it, but if they've hacked the site there should be more....
Namabiiru
Staff MemberAssociate Editor
MODEL SHIPWRIGHTS
#399
_VISITCOMMUNITY
Rhode Island, United States
Joined: March 05, 2014
KitMaker: 2,805 posts
RailRoad Modeling: 2 posts
Posted: Sunday, February 10, 2019 - 12:19 PM UTC
That's a pretty common scam spam right now, and not unique to Armorama. It's not so much the site has been hacked, but the perpetrators have gotten their hands on old (not current) user lists. I've gotten a ton of those emails. Not one of them has a password for any account I'm particularly concerned about. If someone wants to hijack my KMN account, I'll be sad, but it won't be the end of the world.

TankTalk
_VISITCOMMUNITY
Canada
Joined: December 02, 2013
KitMaker: 38 posts
RailRoad Modeling: 0 posts
Posted: Monday, February 11, 2019 - 03:52 AM UTC

Quoted Text

It's not so much the site has been hacked, but the perpetrators have gotten their hands on old (not current) user lists.[ ]



I'm a bit confused as to what form a user list is found and how it is obtained in the public domain containing my current password? Of course this isn't a critical site like banking, but Kit Maker Network is a very large platform. Just googling about this scam, it seems sites with weak security are vulnerable.
CMOT
Staff MemberEditor-in-Chief
ARMORAMA
_VISITCOMMUNITY
England - South West, United Kingdom
Joined: May 14, 2006
KitMaker: 10,886 posts
RailRoad Modeling: 4 posts
Posted: Monday, February 11, 2019 - 06:42 AM UTC
Dean your password is encrypted on the site and so even a hack does not give that information. What they do get is a list of encrypted passwords that are then cracked as most people use words and dates that a system can figure out, Using random figures, symbols and upper and lower case letters will usually protect you against this issue, but nothing is 100% secure.
TankTalk
_VISITCOMMUNITY
Canada
Joined: December 02, 2013
KitMaker: 38 posts
RailRoad Modeling: 0 posts
Posted: Monday, February 11, 2019 - 12:36 PM UTC
Fascinating. My MacOS has a password generator that would give such randomness. Of course I won't be able to remember them
CMOT
Staff MemberEditor-in-Chief
ARMORAMA
_VISITCOMMUNITY
England - South West, United Kingdom
Joined: May 14, 2006
KitMaker: 10,886 posts
RailRoad Modeling: 4 posts
Posted: Monday, February 11, 2019 - 11:11 PM UTC
All I can say then Dean is that they are a pain the the A R S E
RobinNilsson
Staff MemberDirector of Member Services
KITMAKER NETWORK
_VISITCOMMUNITY
Stockholm, Sweden
Joined: November 29, 2006
KitMaker: 5,938 posts
RailRoad Modeling: 0 posts
Posted: Tuesday, February 12, 2019 - 01:27 AM UTC
My password is really simple,
it is:
***************

lahi
_VISITCOMMUNITY
Aarhus, Denmark
Joined: August 04, 2006
KitMaker: 1 posts
RailRoad Modeling: 0 posts
Posted: Monday, March 30, 2020 - 11:44 AM UTC
Hi. I just found this thread. Recently, I have been receiving spam from NetFlix - apparantly someone has used my email address to try to create an account at NetFlix. As the mail address used is one I used specifically for this account at kitmaker.net (quite a while ago, frankly I had forgotten about it), it must definitely have leaked from here. (An address of the form username+kitmaker@domain.name.)

As I can read from above, apparantly user data has been leaked from kitmaker.net in the past. I suppose that is how it happened. I don't recall seeing any message about this? Even if passwords are not compromised, the leakage of email adresses is bad enough.