# Hacked account



## Leasara (Feb 25, 2009)

My boyfriend, Tincrash, just called me in a panic to see if I could log into his account.  He gave me the password and I could not access the account, the password has been changed.  Now, at this very moment, someone is going through and deleting his gallery.  Is there any way to lockdown the account before the watch-list is cleared or something?


----------



## Leasara (Feb 25, 2009)

I'm going to go through his computer and see if it has a keylogger or something.


----------



## Leasara (Feb 25, 2009)

Now they're deleting all his journals


----------



## Leasara (Feb 25, 2009)

his avatars are gone and the hacker posted some sort of crap in his journal.

I wish I knew what to do.


----------



## Leasara (Feb 25, 2009)

Ahh, well now they're uploading pictures of penises without the adult tag.  That will probably provoke some action.


----------



## calaverx11 (Feb 25, 2009)

I sent a message to Dragoneer as soon as I saw the journal and icon.  Then came the penises...

So I'm guessing we'll see a re-up flood in the coming weeks, once this mess gets sorted out?


----------



## Leasara (Feb 25, 2009)

Unless they can restore the account or something.


----------



## STrRedWolf (Feb 25, 2009)

I just tweeted Dragoneer about it.  

Meanwhile, make sure Tincrash has a decent antivirus system (like AVG or Norton, not Antivirus 2009 or anything that pops up on the screen), updates his system (latest MS Malicious Software Removal Tool will remove the spyware AV2009), gets a spybot removal system (Spybot Search and Destroy is good, as is AdAware from LavaSoft), and ditches IE for Firefox.  And that's only if he runs windows.

If he's on a Mac, and just uses MacOS X, he's ok.


----------



## Owl--- (Feb 25, 2009)

If it comes down to it, I can offer my archive of the images Tincrash has posted to his FA. I believe I am current (654 images running to number 1233556778).
 Send me a Note if you need it.


----------



## Deimion (Feb 25, 2009)

poor guy :c all that nice artwork cleaned out in less than 20 minutes


----------



## Leasara (Feb 25, 2009)

I'm running an Avast! Virus scan now.  The rest of the computers on our network are clean, so I'm guessing he got a keylogger or the like somehow.  He doesn't even download things that much, which means it might have been one of the tools I downloaded some time ago, but I only download from reputable sites, like Download.com or Sourceforge.

God, if it turns out to be something I did, I don't know what I'll do.

They got his email too, so no use sending him a password change email there.  After the virus scan is done I'll go looking at his paypal and bank account and all.


----------



## Glaide (Feb 25, 2009)

please contact me on FA under your account


----------



## Leasara (Feb 25, 2009)

Owl--- said:


> If it comes down to it, I can offer my archive of the images Tincrash has posted to his FA. I believe I am current (654 images running to number 1233556778).
> Send me a Note if you need it.



He has a couple archives of everything he's ever scanned.  If we can't recover the Tincrash account, I'll probably be making an announcement when he gets a new account.


----------



## calaverx11 (Feb 25, 2009)

STrRedWolf said:


> I just tweeted Dragoneer about it.



I did, too...I think about 20 or more people did. He probably got spammed with "OMG TINCRASH HAX" tweets in the past hour.


----------



## Toaster (Feb 25, 2009)

I'm sorry to hear something like this happened, some people truly don't have better things to do in life besides hack passwords.


----------



## Takara_kitsune (Feb 25, 2009)

I've asked a friend that knows Shadowchaser to ask about locking down his Transfur, and I sent a message to the DA admins to lock his account, and possibly restore it. >.> They'll probably just lock it permanently. Not sure... 

But I'm seeing what I can do to assist in damage control.


----------



## Aurali (Feb 25, 2009)

wow... things will be turned back. I'm sure Yak has some way of fixing this


----------



## Takara_kitsune (Feb 25, 2009)

Eli said:


> wow... things will be turned back. I'm sure Yak has some way of fixing this



Yes, I may not know Yak personally, I've just paid attention to what he says... and there are backups he can reload of Tincrash's stuff, I'm sure... the question is, how much work that would be to retrieve, since backups are rarely done in an account-by-account basis...


----------



## Zekumas (Feb 25, 2009)

Hobbes_Maxwell's account is showing the same image that was being posted to Tincrash's


----------



## Owl--- (Feb 25, 2009)

And now FA is down, probably to see what the problem is, I'm thinking.
I hope so, at least.

_yup! called it! Good for FA's staff!_


----------



## Kingman (Feb 25, 2009)

Yup whole thing is down.


----------



## Owl--- (Feb 25, 2009)

Yup! I called it!


----------



## Not A Fox (Feb 25, 2009)

I need to ask...


Was he fav+ing the udders & cows stuff or was this the hacker that did it?


Also, Are you sure this was a hacker and not just somebody that made a lucky guess? Or did your BF not use just one password for everything?

Also, You're probably the main target. Read your userpage description for a moment. The Published author bit would be just the thing to attract attention. 

Your BF may just be the first assault.



EDIT:


Disregard this. Not just him or you.  Looks like a larger operation. 

I'm blaming this on Ebaums


----------



## oniontrain (Feb 26, 2009)

Did he do anything to piss off anyone online?


----------



## Takara_kitsune (Feb 26, 2009)

oniontrain said:


> Did he do anything to piss off anyone online?



Tincrash? Piss someone off? Are you kidding? ^^;

He's one of the nicest people I've talked to online! I highly doubt he'd do anything to offend/piss off anyone...


----------



## oniontrain (Feb 26, 2009)

Takara_kitsune said:


> Tincrash? Piss someone off? Are you kidding? ^^;
> 
> He's one of the nicest people I've talked to online! I highly doubt he'd do anything to offend/piss off anyone...



I don't know any of the people involved, so I'm just asking the first thing that comes to mind. This was obviously purposeful and probably done by a /b/tard of some sort, they love to upload penises. Was he reasonably popular? I assume so. Was there any reason for someone to do this? 

How strong was his password?


----------



## Macroceli (Feb 26, 2009)

Why do terrible things happen to good people?


----------



## JamestheDoc (Feb 26, 2009)

Damn, seems like a pretty mean security breech.  I believe I'll change my passwords when the site gets back up. @__@

So this happened to another account as well?

I'm guessing it's either a talented troll or someone very bored and very douchey.


----------



## Ainoko (Feb 26, 2009)

The question is...

How many accounts were hacked before the site was taken down?


----------



## Ainoko (Feb 26, 2009)

JamestheDoc said:


> Damn, seems like a pretty mean security breech.  I believe I'll change my passwords when the site gets back up. @__@
> 
> So this happened to another account as well?
> 
> I'm guessing it's either a talented troll or someone very bored and very douchey.



I am agreeing eith you on this, my passwords are going to be changed on ALL websites that I am a member of.


----------



## Takara_kitsune (Feb 26, 2009)

Ainoko said:


> The question is...
> 
> How many accounts were hacked before the site was taken down?



Officially known by me? Two. 

Total number is unknown. I'm changing my password on all sites I go to at the moment. I don't use the same passwords, however, I haven't rotated recently anyway. No time like the time you're paranoid already!

Oh, and to answer your question, Oniontrain, yes, Tincrash is fairly popular. So... I suppose that would add to the appeal of hacking him.


----------



## Toaster (Feb 26, 2009)

Same. Everything is going to be changed. >.<


----------



## redfoxnudetoons (Feb 26, 2009)

http://forums.furaffinity.net/showthread.php?t=37725

We have on our hands a really big hacker.


----------



## oniontrain (Feb 26, 2009)

I have different passwords for everything anyway. Use strong alphanumeric passwords with multiple case letters in them! I'm definitely changing my FA password now though.


----------



## ArielMT (Feb 26, 2009)

In addition to the malware removers suggested toward the beginning of the thread, Tincrash should also download and run MalwareBytes' Anti-Malware.

Also, he should be keeping up-to-date on patches for his operating system.  If it's Windows, then that means Windows Update or Automatic Updates.  (If he fears his system won't pass Windows Genuine Advantage, then that rules out Windows Update.  That doesn't rule out turning on Automatic Updates as the official Microsoft-recommended way, however, or downloading AutoPatcher or c't Projekte Offline Update as very unofficial ways.)


----------



## redfoxnudetoons (Feb 26, 2009)

Unfortunately, not amount of antivirus/malware software will protect from a cracker....


----------



## ArielMT (Feb 26, 2009)

redfoxnudetoons said:


> Unfortunately, not amount of antivirus/malware software will protect from a cracker....



Even if that's true, even if you're going to be a target anyway, it's still important to make yourself a hard target.


----------



## Zeikcied (Feb 26, 2009)

I think most people would be safe enough to just change the password on the email address associated with the FA account.  Or at the very least make sure they aren't the same two passwords.

I mean, I don't think a cracker is going to know what sites you visit or what usernames you use where without access to your email (or at worst your entire computer).  Once they get your email, they can look for any site registration notices you've left in there.  (Of course, if you use a POP3 email client and don't keep emails on the server, then you're in good shape.)

It's best to err on the side of caution in situations like this, but if you have a strong enough password, you shouldn't be in too much trouble.  At least I don't think so.


----------



## Mokusei_Kaze (Feb 26, 2009)

Holy Crap!  D: I hope they can get everything all fixed *hugs*


----------



## Kesteh (Feb 26, 2009)

OSHwait.
I use different passwords on everything.


----------



## Ainoko (Feb 26, 2009)

Well, as I stated earlier, I am in the process of creating new passwords for all accounts on sites that I am a memeber of. The problem is that it will be hard to create unique passwords for 100+ accounts that I visit almost daily, not to mention I have 75 email accounts (mostly used to catch spam)


----------



## CurioDraco (Feb 26, 2009)

Hmm.. so I google'd for Tincrash to see if I'd ever seen his work.. found his DA gallery, which appears to also have been hacked
http://tincrash.deviantart.com/

Hope things get sorted out, lame deal


----------



## Leasara (Feb 26, 2009)

CurioDraco said:


> Hmm.. so I google'd for Tincrash to see if I'd ever seen his work.. found his DA gallery, which appears to also have been hacked
> http://tincrash.deviantart.com/
> 
> Hope things get sorted out, lame deal



Yeah, we talked about that, he had the same password on both.

You can find a lot of his stuff on Transfur.


----------



## Ainoko (Feb 26, 2009)

Leasara said:


> Yeah, we talked about that, he had the same password on both.
> 
> You can find a lot of his stuff on Transfur.



Hope that Timcrash didn't have the same password on transfur as he did on both FA and DA.


----------



## Torvus (Feb 26, 2009)

Now might be a good time to change your forum password.


----------



## Ainoko (Feb 26, 2009)

Torvus said:


> Now might be a good time to change your forum password.



Already did that, and have made a dent in changing passwords on accounts that I visit reguarly.


----------



## Takara_kitsune (Feb 26, 2009)

Ainoko said:


> Hope that Timcrash didn't have the same password on transfur as he did on both FA and DA.



I had a friend ask Shadowchaser to lock down Tincrash's account. I'm not sure if Shadowchaser did it, but he was informed. So, his Transfur should be fine. If he can't get into it, I'd recommend emailing Shadowchaser later on.


----------



## Ainoko (Feb 26, 2009)

Takara_kitsune said:


> I had a friend ask Shadowchaser to lock down Tincrash's account. I'm not sure if Shadowchaser did it, but he was informed. So, his Transfur should be fine. If he can't get into it, I'd recommend emailing Shadowchaser later on.



that's good to hear


----------



## kamunt (Feb 26, 2009)

I'm picturing the TF2 Announcer would say of this so-called "hacker" failure.

This seriously isn't even "hacking". Creating fake items in Phantasy Star Online takes more tact than this. I wish I could use the Easy button specifically on chantards like this one to turn them into bags of Spicy Habanero Doritos. At least then I could do something useful with them--throw them in the trash.


----------



## Toaster (Feb 26, 2009)

CurioDraco said:


> Hmm.. so I google'd for Tincrash to see if I'd ever seen his work.. found his DA gallery, which appears to also have been hacked
> http://tincrash.deviantart.com/
> 
> Hope things get sorted out, lame deal



DO NOT GO HERE. caused my computer to crash.


----------



## Takara_kitsune (Feb 26, 2009)

Ainoko said:


> that's good to hear



Yeah, I only hope I wasn't stepping out of bounds to do so. But while I may not know Tincrash super well, I do know that I hate seeing someone so nice getting attacked. I hope the bastard that did this rots in jail. And gets fined. And fired from his job. And set on fire... and... yeah, I know, I took that too far. But I'm not happy at all that anyone would attack Tincrash. -_-



Ornias said:


> DO NOT GO HERE. caused my computer to crash.



It's safe enough if you have NoScript in place. But the page is definitely running craptastic scripts. Enter at your own risk.


----------



## Ainoko (Feb 26, 2009)

Takara_kitsune said:


> Yeah, I only hope I wasn't stepping out of bounds to do so. But while I may not know Tincrash super well, I do know that I hate seeing someone so nice getting attacked. I hope the bastard that did this rots in jail. And gets fined. And fired from his job. And set on fire... and... yeah, I know, I took that too far. But I'm not happy at all that anyone would attack Tincrash. -_-
> 
> 
> 
> It's safe enough if you have NoScript in place. But the page is definitely running craptastic scripts. Enter at your own risk.



You weren't, you were doing what any honest person would do, alert the appropriate site admins when something like this happens


----------



## DigitalMan (Feb 26, 2009)

Ornias said:


> DO NOT GO HERE. caused my computer to crash.



... Your computer is a pussy. Did nothing to my laptop, running Internet Exploder.

Hmm... I should make a nice, long, complicated password. But those are so hard to remember...


----------



## kamunt (Feb 26, 2009)

Yeah, it didn't do anything to me either, except make me cringe.


----------



## ArielMT (Feb 26, 2009)

Also, this thread:  How to make a safe password.


----------



## yak (Feb 26, 2009)

Leasara said:


> Yeah, we talked about that, he had the same password on both.


^ This was a very bad idea. As for the rest,

Tincrash' yahoo email account was compromised _somehow_, details are not available to me. After that the guy who did that started hunting down every internet place tincrash might have had an account on. He found  Tincrash' account on FA via a google search and used a password recovery feature to reset the account's password. After that, during the next 45 minutes he deleted everything from the gallery and all the journals.


----------



## NN9 (Feb 26, 2009)

That realy Sucks (Hacked)  it's not nice at all it ruins all the fun in internet. i hope they will be able to restore Tincrash account in the mean while i should tell that theres even more bad news have u heared it already if not heres a link:http://forums.furaffinity.net/showthread.php?t=37740 = *A list of the damaged profiles =*  one good one is on the list = nek0gami and sorry to say Tincrash on it  well hope the fix this soon cause im getting realy worried.


----------



## vappykid5 (Feb 26, 2009)

NN9 said:


> That realy Sucks (Hacked)  it's not nice at all it ruins all the fun in internet. i hope they will be able to restore Tincrash account in the mean while i should tell that theres even more bad news have u heared it already if not heres a link:http://forums.furaffinity.net/showthread.php?t=37740 = *A list of the damaged profiles =*  one good one is on the list = nek0gami and sorry to say Tincrash on it  well hope the fix this soon cause im getting realy worried.



Stop the worrying, the hacker is delt with & the problem is being resolve.


----------



## Nanakisan (Feb 26, 2009)

this is the exact reason i use a password not on any known word lists IE the argon list or use a known set of words to be common. also i keep my passwords well above 5 digits. only one email i own is using a full keyspace password i have t have written down. luckily its hidden within the hundreds of random .txt files i've made so hackers would never find it.


----------



## NN9 (Feb 26, 2009)

Well im worried because the site is beening down temporarily so long so i wonder if there is more Damaged/Compromised accounts, and that worries me too in a way they say theres three accounts down but what if they founds more?


----------



## kamperkiller (Feb 26, 2009)

NN9 said:


> Well im worried because the site is beening down temporarily so long so i wonder if there is more Damaged/Compromised accounts, and that worries me too in a way they say theres three accounts down but what if they founds more?



nope it's far simpler than that. It takes the crew a few hours to get around to starting them back up.


----------



## Nanakisan (Feb 26, 2009)

kamperkiller said:


> nope it's far simpler than that. It takes the crew a few hours to get around to starting them back up.



or in our case. it takes a crew to get them started in a week


----------



## kamperkiller (Feb 26, 2009)

you know we say it with love guys.


----------



## Leasara (Feb 26, 2009)

NN9 said:


> Well im worried because the site is beening down temporarily so long so i wonder if there is more Damaged/Compromised accounts, and that worries me too in a way they say theres three accounts down but what if they founds more?



They've been so straight forward, if there were more damaged accounts, they'd say so.

The "hacker" was on his account deleting stuff when I started this thread.  One of the admins tried to lock the account to prevent further damage, but they accidentally promoted the account to admin status, most likely because a simple mis-click on a drop down menu or the like.  The "hacker" had admin power for under 2 minutes, and was only able to damage two accounts in addition to Tincrash's account.  The site is down to make sure such an accident can't happen again.

FA staff is not going to name the admin, and I don't blame them one bit.  If you must blame someone, blame the "hacker", failing that, blame me, an IT professional and Tincrash's girlfriend for not having discussed his loose password security with him sooner.


----------



## Nanakisan (Feb 26, 2009)

Leasara said:


> an IT professional and Tincrash's girlfriend for not having discussed his loose password security with him sooner.



don't be so hard on yourself. I've been a hacker for well over 11 years of my life and people who have weak passwords are more common then anything i nthe world and telling them to fix the problem is nearly impossible. seeing as 98% of my hacking was general security penetration tests i literally proved to them how weak their passwords were. I actually had a client who said no body could hack him. his password was the ! symbol. i laughed my head off after i grabbed his password in like 2 seconds with a brute forcing tool and left him a nice message. I changed his windows startup logo to my favorite. you've been hacked message which is the windows logo thats been shattered with a hammer.


----------



## Toaster (Feb 26, 2009)

DigitalMan said:


> ... Your computer is a pussy. Did nothing to my laptop, running Internet Exploder.
> 
> Hmm... I should make a nice, long, complicated password. But those are so hard to remember...



I was using my sisters computer >.<, that sucker sucks.


----------



## LadyHisoka (Feb 26, 2009)

This reeks of ED BS! seriously penuses sites like ed encourage this nonsense and need to be removed for it!

On another note the staff was certainly on the problem really quick and I'm utterly impressed at the speed they worked this very serious isusse. I would outright advise EVERYONE changes their passwords regardless if they were hacked or not if they can switch to a different e-mail do so! and hide your new e-mail for the time being. some e-mail services are Easy to hack and it could provide effortless acess to the account.


----------



## Renard_v (Feb 26, 2009)

LadyHisoka said:


> This reeks of ED BS! seriously penuses sites like ed encourage this nonsense and need to be removed for it!



A lot of people don't seem to understand that ED, while it contains things directed at certain people directly, is maintained in a way that the content it contains is very satirically written.


----------



## NN9 (Feb 26, 2009)

Well i hope it wont take too long or much longer well bey Guys and Girls   Gilrs ;9


----------



## LadyHisoka (Feb 26, 2009)

Renard_v said:


> A lot of people don't seem to understand that ED, while it contains things directed at certain people directly, is maintained in a way that the content it contains is very satirically written.




well sadly that runs into the society is stupid concept that if you don't watch what you say you get what you don't expect. In this case ED and sites like it are actually encouraging hacking sarcasm or not they certainty don't deface the hackers in fact you  can tell where this hacker came from by what he posted. Its a signature this guy got Browne points for what he did on FA, and he isn't the only party at fault in this that much we already know.

However what most people aren't seeing is that its not the admin or a staff of FA its the ones encouraging this ill behavior by reading it. they do it because they think they can get away with it they are encouraged to do it more because they are getting rewarded for it. If this manes you a little uneasy or angry GOOD you are beginning to understand.


----------



## rednec0 (Feb 26, 2009)

LadyHisoka, ED does possibly promote trolling, but certainly not hacking. Said hacker fails to realize that the internet is serious business as pointed-out by Dragoneer:



			
				Dragoneer said:
			
		

> S'ok. The dude was dumb enough to use his actual ISP -vs- a proxy in both this incident and the one involving ebonyleopard. We've got more than enough logs to send his ISP.


----------



## kamunt (Feb 26, 2009)

rednec0 said:


> http://images.encyclopediadramatica.com/images/5/5f/FBI_Party_van.jpg



*snrk* Bloody brilliant. Edito:



Renard_v said:


> A lot of people don't seem to understand that ED, while it contains things directed at certain people directly, is maintained in a way that the content it contains is very satirically written.



There's still a difference between being satirical and being an ass. "A Modest Proposal" is satirical.


----------

