From: "RE: Second HACK thanks to....

Here's what I'm seeing! I think this is interesting. I did DNS lookups on all the owned sites he listed on twitter. None of the registrants email addresses showed up in his dump. So, I decided to go back in the wayback machine and see if these were ever real sites.

web.archive.org/web/20140517093118/http://hostguest.com/

web.archive.org/web/20090709062440/http://vstudio.sk/ (not active since 09)

web.archive.org/web/20140823190508/http:...interinkexpress.com/ (this one has J1.5 written all over it)

web.archive.org/web/20140517091116/http://ilanp.org/ This looks updated but could still be J1.5.

What do you all think????

I can't see how any credit card info could be compromised. The way I see it, there are 2 risks.

1. Your Joomdonation.com password IF you use it on multiple sites AND the salting/hashing is really bad, which it doesn't seem to be.
2. Your actual site is compromised which is REALLY likely if you've given Tuan admin access and somewhat likely if the component has been compromised. Although, from the wayback machine links I've explored, I don't see where any of the supposedly pwned sites were using Ossolution components...at least not that I can recognize from the front end.

I recommend to change immediately your password!!! :woohoo:

We don't know that the "hacker" doesn't still have access to JoomDonation.com. In fact, YOU could be the hacker

Hi

I had to hide some information about this hack at the beginning for security reasons. However, we decided it's the time to tell the trust. Please see joomdonation.com/forum/questions/45092-o...ty-announcement.html , I updated the topic with the trust. In short :

1. The hacker had access to our site database until we moved our site to new server.

2. As you see, he had our hosting account, so he had access to full site database including our support tickets database. We emailed all customers who submitted submit tickets to change username and password of the sites, hopefully, they are all changed by now. So if you read this topic and haven't changed your site super admin username and password, please change it now (If you provided us that information via support ticket)

3. The support tickets database can contains super admin account of sites which requested support from us. So Yes, he could hack the sites if he wants.

I am really sorry for all of these trouble you are having because of this hack. If you have any other questions about this issue, please don't hesitate to ask. I will be open, honest and answer all questions

Regards,

Tuan