Re: I forget, was there an email db leak for this forum?

Quote from: dzungmobile on September 03, 2023, 02:06:08 PM

The forum was hacked three times, not two times, in 2011, 2013 and 2015.
Details in Bitcointalk history of hacks and vandalism

I also thought that it was hacked only twice, because this is the first time I found out that the first hacking happened back in 2011, and it seems to me that maybe the biggest damage was done then, if we take into account that no one noticed the hack even 6 days, and that the hacker took over the Satoshi account. Fortunately, it was still the early days of the forum, because if something like that were to happen today, it would create a real circus.

Quote from: theymos on September 11, 2011, 04:17:26 AM

The attacker first paid for a donator account so he could change his displayed username. The displayed username field is not escaped properly, so he was able to inject SQL from there. He took over Satoshi's account, and from Satoshi's administrative interface he was able to inject arbitrary PHP code by modifying the style template.