omni catcher look. i caught vikingvpn attacking pia, claiming pia was hacked.
https://vikingvpn.com/blogs/security/private-internet-access-forums-hacked
Private Internet Access Forums Hacked
Private Internet Access, a VPN provider based in the United States, experienced a security breach early this morning by what appears to be spammers.
They were alerted to the intrusion because the attacker inserted code into the site to prompt the forums users to "send bitcoins to an address to receive 10x that amount in return".
The attackers used a known PHP object injection vulnerability for Vanilla Forums, the forum software PIA uses. Updating the forums to current would have prevented this vulnerability from being exposed for this attack to occur.
They also accessed the SQL database of the server and likely pulled hashed forum passwords from the server. They did not disclose if other registration information such as emails were compromised in the data breach. This is significant because typically users will use the same passwords in multiple places, such as to log in to the VPN service or for their personal email.
Their response is to move to different forum software, and start a white-hat program to search for vulnerabilities in their systems with rewards that vary with the severity of the vulnerability found.
They have "advised" people to change their passwords, but did not force a password change for all users which would be standard procedure for a large-scale security breach.
This reinforces our belief that security is not all about encryption strength. 99 times out of 100 it is an OS or app vulnerability that brings down a system...
Comments
And moreover the article is plainly wrong. Why you ask? What forum software does PIA use here? Anyone know the answer?
https://www.reddit.com/r/VPN/comments/2zenq7/is_it_an_issue_that_vpn_service_provider_is/
this idiot at the time was claiming that pia's entire vpn system was hacked, he did the same thing during that heartbleed bug mess.
and if you read what derek zimmer wrote,he seems to know alot of the details of that so called hack job. might he have had something to do with it?
what a pathetic idiot
i too never noticed a forum hack here. i was posting during that time and all i remember is some wild claims about it with no actual proof of it.
Kind of strange that,the whole time,this viking derek guy had such technical details about it.
now he is the one on reddit complaining that people are attacking vikingvpn. what a crock
But I do believe the Bitcoin thing did actually happen. It was spoken of by someone here I trust. (I do not recall who though.) The details I have are sketchy, but I know it only happened a day or two and even during the day(s) that it happened, I never saw it.