TBT Data Breach?!

[BonkOnTheHead]

that wasn't what I was talking about, but whatever
i was talking about the simple data within an image and how you could find someone's location and timezone using it

Using photoshop to find someone's geographical mapping for where the picture was taken isn't finding out info about them other than where the picture was taken. You can't find other dox from that. "You know my timezone I'm scared of the internet now!"

Oh, EXIF data? Most services should strip it, and I don't geotag my photos anyway, but yeah - best remember that exists if you care about it.

My point is no-one can really do anything with a TBT account. They can view your email address and private messages, and post "I stink", but that's about it.

Why go through the effort of spending ages cracking my TBT password, for example. "Oh look, AnimalCrossingPerson's email address is so and so and AnimalCrossingPerson's password is so and so. Let's try those login details on various websites. Oh, it doesn't work. That's a shame. I should have bought a list of leaked email address + password combos instead."

The fact you dismiss it shows how naive you are to the internet. "No one can really do anything with a TBT account". Wrong. And no one looking for compromised accounts are trying to post on your account. But people who do it do actually look at facebook, Twitter and IG DMs to look for noods.

It doesn't matter if it works even 10 percent of the time. Because if someone uses the same login details for everything the person doing it can potentially have access to their online banking, private photos, dox, etc. They don't care if it works often as long as it works sometimes. It only needs to work once to potentially have someone's n00ds, or $5,000 in their bank account or $50,000 in their bank account.

Do you think the people from Indian countries scamming over the phone have it work often? No, but it's often enough to get them what they want. Which is the same in this case for people looking for people who use the same login for everything. Again, it being a niche forum is irrelevant because there ARE people stupid enough to use the same password here as they do on facebook, twitter, IG, online banking, etc.

PS @ you both: You don't need to geotag a picture to find where someone is located from a cell phone picture. You don't need the geographical mapping properties either to find that out. Google how 4chan trolled Shia Labeouf. You could even use a zenith along with other sciences and common sense to narrow down where someone is located. But again that's not finding dox. Knowing the location of where someone took a picture isn't a huge deal or compromising to someone's personal data, banking, etc.

What's next? Are we going to start talking about how IP sniffers can get your IP from forum posts you make? Let's stop guys.

 

[AnimalCrossingPerson]

^

Sounds like you are a little too concerned. Care to explain what someone can actually do with a TBT account then? Just hoping someone has the same login details elsewhere? Like I've said, there are already lists from data breaches. Scouting Pastebin is a much better use of time than very slowly brute-forcing various websites. This isn't even a good example due to the ReCAPTCHA implementation - brute-force would be expensive if using a captcha-solving service.

As for social media, nudes are generally not the motive. No rando is going to care for explicit photos. Generally it's just a case of bots logging in and sending "hey, check out this rad and totally not fishy website I found!" to all friends.

Scam phone calls are generally targeted. They test the waters with random people at times, but generally if you get lots of scam calls you are on a list of people they consider vulnerable. The comparison doesn't really work since that's social trickery rather than breaking in. Cycling through accounts testing for weak passwords is like going around the neighbourhood trying doors to see which ones are open. Bruteforcing an account is like having a load of keys and testing each one on the door.

Yes, you can sometimes locate where a photo was taken from its image contents alone, but this is quite a lot of work. If I were to take a photo of my fridge, good luck pinpointing where that was taken.

And sure, we could talk about finding IP addresses and more through the power of embedding images, but you're the paranoid one here.

 

[BonkOnTheHead]

"Sounds like you are a little too concerned. Care to explain what someone can actually do with a TBT account then? Just hoping someone has the same login details elsewhere"

Beating a dead horse. You keep asking the same question and I keep answering it the same way. My answer isn't going to change. My original post was telling people what are dumb passwords to use and what password choices are more secure and why since the original poster was concerned.

"Cycling through accounts testing for weak passwords is like going around the neighbourhood trying doors to see which ones are open. Bruteforcing an account is like having a load of keys and testing each one on the door."

Except you don't have to be at the computer to use bruteforce or other programs to test those "doors".

"As for social media, nudes are generally not the motive. No rando is going to care for explicit photos."

Clearly you don't know much about the internet if you're saying this. Do you know what "The Fappening" is concerning the icloud? That happens all of the time with politicians (Anthony Weiner's twitter sexting for example), celebs (literally tons of them from The Fappening), athletes (Randy Couture's webcam for example), twitch broadcasters, youtubers, regular females who disappear from the net after, regular females who only got "famous" online once nudes of them got leaked. There's one girl for example in her mid 20s who had nudes of her leaked when she was younger. No one gaf about her prior. Now she has 2.3 million followers on IG and 2.4 million on youtube. All because stuff of her got leaked years ago when she was a nobody with not even 500 followers. Noobs only started following her then thinking more would show up. Now she makes money and travels due to the same people you supposedly think don't do that kind of stuff.

There are sites, forums, chat rooms, and random people who go around the net SPECIFICALLY just for doing that. The fact you're saying random people aren't going to care about explicit photos shows you don't know anything about the internet. Trust me guy, people 100% go through ridiculous lengths on the internet for that stuff. You're crazy and naive for not thinking so.

"Yes, you can sometimes locate where a photo was taken from its image contents alone, but this is quite a lot of work. If I were to take a photo of my fridge, good luck pinpointing where that was taken."

It's "quite a lot of work" to open photoshop and right click properties to look at the geographical mapping which shows the longitude and latitude of where a cell phone picture was taken?? When noobs think they're untouchable on the internet... I dare you to take a cell phone picture of your fridge, post it on /b/ over on 4chan daring them to find the location of where you took that picture and see what happens.

"And sure, we could talk about finding IP addresses and more through the power of embedding images, but you're the paranoid one here."

I wasn't talking about embedding images. I was talking about an IP sniffer. I'm not talking about sending you a hypothetical jpeg with a trojan embedded.

Honestly, how old are you? And how long have you been using the internet? I'm not going to reply to anything else other than when you say how old you are and how long you've used the net. I've made my case and listed who, what, when, where, why with examples of why you're oblivious, wrong and not going to keep beating a dead horse further.


Edit:
Just to prove a point I will respect your privacy concerning what you look like, but will describe what you and your living room look like from a video I seen of you online. Since you said, "No one cares about a niche forum" and "What is someone going to do with a TBT account?".

You have a black sofa, a lamp next to it, a picture on your off-white walls that's matted and framed of some drawn city art. You have brown hair, glasses, wide lips. I didn't "hack", didn't need your TBT login, just google. Do I prove my point? Took literally less than 60 seconds.

 

[Kurb]

You are being EXTREMELY paranoid about a TBT hack that took place years ago.

- - - Post Merge - - -

Using sites like tineye to do a reverse image search rarely works properly and doesn't make someone a "hacker".

relatable,

i showed everyone the "inspect" feature in google chrome now everyone is a "hacker"

 

[AnimalCrossingPerson]

It's "quite a lot of work" to open photoshop and right click properties to look at the geographical mapping which shows the longitude and latitude of where a cell phone picture was taken?? When noobs think they're untouchable on the internet... I dare you to take a cell phone picture of your fridge, post it on /b/ over on 4chan daring them to find the location of where you took that picture and see what happens.

Oh, I thought we were off the EXIF subject seeing as your last point was that a geotagged image isn't required to find someone's location. I don't know what the norm is these days, but with my smartphone I don't have any of that stuff on - it just saves its model number and some details about the photo (shutter speed, etc.). Again, usually this is stripped on image hosts, and if not you can strip it yourself if you care.

I'm just going to drop the rest of the points since we'll be here all day if not.

I will respect your privacy concerning what you look like, but will describe what you and your living room look like from a video I seen of you online.

This caught me off-guard for a moment, but now I've remembered I set my Gamertag on my TBT profile. Good detective work there, tracing that back to the Why Do We Fault video, and further good work by asking my age when it's already on my profile to throw me off the scent.

I'm still not quite sure what that proves though, as all you did was take public-facing information and run it through a search engine. This is quite unrelated to breaking into accounts.

 

[Jeremy]

This thread has blown up into something more than talking about the forum's February 2018 data breach. Trying to find someone's personal information to prove a point about the dangers of the internet is taking it too far and not related to what happened here. What we know is that a hacker gained access to the database, which would include information such as your email address and encrypted password. Like others have mentioned, though, it's unlikely they would directly target a user here since TBT is a simple fan site and stores no financial information. If anything, the user information could potentially be added to a dump of millions of accounts pulled from hundreds of websites where other people could access it in the future, possibly in order to gain access to accounts at other websites. This is why it's important to change your password and use different passwords at different sites.

 

[Kurb]

*clears throat* this is why two factor exists

 

[tumut]

Thank god i was banned when this happened.

 

[Antonio]

As others have already mentioned, this was from February 2018. If you haven't changed your password since then or use the same one on other sites, you should change it. You can read more in the announcement thread for this here.

It feels like that happened this year. Was it really a year and a half ago?