Lone Wolf Development Forums  

Go Back   Lone Wolf Development Forums > Hero Lab Forums > Hero Lab Discussion


Thread Tools Display Modes
Senior Member
Lone Wolf Staff
Join Date: Dec 2008
Posts: 4,690

Old December 21st, 2008, 03:03 PM
On Thursday December 18th, while working on the upcoming Hero Lab 3.0 release, Rob and I noticed some odd behavior occurring on our corporate server. We spent about an hour investigating it and inspecting the access logs. Eventually we noticed some highly suspicious activity that confirmed our worst fears - a hacker had broken in to both support.wolflair.com and lonewolfdevel.com.

We immediately took the affected services offline. After spending Thursday and Friday investigating, we've come to the following tentative conclusions about what happened.

* First, the hackers appear to have used an exploit to gain administrator access to support.wolflair.com, allowing them to log in as an administrator.

* Using their ill-gotten administrator access, they gained access to the forum database and all user information.

* Using this information, they found a working username and password for lonewolfdevel.com, and successfully logged in. They then gained limited access to our server, until we discovered the breach that day and took everything offline.

Since discovering the breach, the forums have been offline as we worked to understand what happened. After putting it all together, we thought it best to disclose it to ensure the safety of everyone's information. It's important that you know what's happened, so you can take appropriate action.

So what does this mean to you, as a customer of Lone Wolf Development and a user of our software?

* Good: Unless you have been notified by us already, your credit card number is SAFE. According to our logs of the event, less than 20 credit card numbers, from orders spanning the last 5 years, may have been compromised; those individual users have been notified.

* Good: None of our source code was exposed to the hackers. Our source code is maintained separately, and there's no chance they could have accessed it at all.

* Good: No viruses or malware were introduced anywhere. The "for-download" copies of our products and the server operating systems were unaffected.

* BAD: If you're a user on our forums, your password MAY have been compromised. Although all passwords were encrypted in our database, if your password was something simple like "password1" or "hello", it will be relatively easy for the attackers to decrypt it. However, if your password was something harder, like "kn?49a7$6@xxx!!", it's a lot harder (and possibly even impossible) for them to work it out.

To reiterate:

* Good: Your credit card number is SAFE.
* Good: Our products and their source code were NOT affected.
* BAD: Your password MAY have been compromised.

"OK, my password may be compromised. What do I do now?"

We recommend you change your password on support.wolflair.com immediately. If you use that password anywhere else, especially on accounts with the same email address, ESPECIALLY ESPECIALLY if that password is used to get access to your email account, you should also change those passwords IMMEDIATELY.

(When picking new passwords, a guide to password security can be found here: http://www.securityfocus.com/infocus/1537 )

"I'll do that. What are YOU going to do to make sure this doesn't happen again?"

* As soon as we learned about the hack, we took the affected components offline to ensure that no further data could be compromised.

* We then spent the last 2 days updating the security on our server and support forums. The exploit the attackers used to gain access has been patched, and should no longer be a viable attack path. Our corporate server has also had its security systems upgraded, and is now much harder to gain unauthorized access to.

* The support forums have been locked down so that everything the attackers might use to regain access has been removed. (This is why the 'downloads' section is now missing.) In the unlikely event that they manage to break in again, they should find it much harder to get the same level of access they achieved before.

* We've taken our own advice and changed all our passwords. Any of our passwords the hackers stole have now been invalidated.

* We're now closely monitoring access to our support forums and corporate server. If any further suspicious activity occurs, we'll know about it and can move to cut things off very quickly.

* The forum software that we're running is outdated, and the new (more secure) version has some unfortunate incompatibilities with what we're currently using. To alleviate the possibility of future attacks, we're now testing completely new (and much more modern & secure) off-the-shelf forums software. (This was something we had planned to do in the near future, but we need to do it now to ensure security.) As soon as we're satisfied with the results, we'll discontinue the old forums in favor of newer, more secure ones.

Rob and I deeply regret this incident, and apologise for any inconvenience it's caused you. If you have any questions we haven't answered here, please post a reply or send me an email at colen@wolflair.com.

Thanks for your patience.

Final Reminder:

* Good: Your credit card number is SAFE.
* Good: Our products and their source code were NOT affected.
* BAD: Your password MAY have been compromised, and should be changed.
Colen is offline   #1 Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -8. The time now is 06:34 PM.

Powered by vBulletin® - Copyright ©2000 - 2024, vBulletin Solutions, Inc.
wolflair.com copyright ©1998-2016 Lone Wolf Development, Inc. View our Privacy Policy here.