Hack on central.owncloud.org resolved


#1

Hello,
I didn’t login to the new forum so far. Today I tried in order to change my password as suggested. I got a message that my password is invalid. Is this normal behavior first time logging into new forum or might it be an security issue? I created a new account, just in case.
Regards, mtm


Strip down amount of categories?
#2

Based on your question I guess you had been registered on the old phpBB forum at https://forum.owncloud.org which had been set to readonly mode. If this is the case you must request a new password, the users have been migrated to this Discourse forum, but phpBB is using a different password hashing, that’s why your current password can’t get checked by Discourse.

Just use the regular “I forgot my password” link and you should be fine.


#3

Thanks for your answer and the good news, that everything is ok.

Regards, mtm


#4

For me it was the same. I could’t log in and had to use the “forgot my password” feature. Was my hashed pw also stolen by the hacker or as the new forum used another hashing was not in the data base?


#5

The new forum uses a different hashing algorithm, so it was just not possible to check your old password.


#6

Ok, so my with the old hash method hashed pw was stored in the DB and thus the hacker got access to thus hash, right?

I hoped that I was lucky and my password hash was not transferred to the new board.


#7

I can’t say it absolutely sure because I have not done the migration from phpBB to Discourse, but for me it looks like the old passwords have not been imported.


#8

Ok, thanks for looking!