KVR Audio

morelia · Post by **morelia** » Tue Sep 10, 2024 6:32 am

Just got emails that my account email and password have been changed. My login credentials are no longer recognized.

gelly-vapor · Post by **gelly-vapor** » Tue Sep 10, 2024 6:46 am

are you able to login since ?

morelia · Post by **morelia** » Tue Sep 10, 2024 6:52 am

No, I am not.

gelly-vapor · Post by **gelly-vapor** » Tue Sep 10, 2024 7:02 am

..if you 're using the same password for all the other account you have , you must change it.
i have just done a very simple check on cytomic website ,the CMS used is very easy to find.
i think if the website has been hacked it would be really easy to find who did it and recover your account.
I'm not working for cytomic but from what i know if the CMS was not updated it can be a serious treath
Keep the mail you receveid et try to contact the cytomic guy explaining the situation.

whyterabbyt · Post by **whyterabbyt** » Tue Sep 10, 2024 8:53 am

Andy has an account at KVR, PM him.

Gamma-UT · Post by **Gamma-UT** » Tue Sep 10, 2024 9:00 am

I didn't get an email from Cytomic about a changed password (well, I did just now as I just beefed mine up a bit).

The email says contact support if this happens: and that's your best bet other than a PM here to Andy.

And I'd suggest checking what other sites you've used that password on because this sounds more like someone hacked one of your accounts elsewhere and is trying out that password at other places that has that email or account name.

gelly-vapor · Post by **gelly-vapor** » Tue Sep 10, 2024 9:23 am

Gamma-UT wrote: Tue Sep 10, 2024 9:00 am I didn't get an email from Cytomic about a changed password (well, I did just now as I just beefed mine up a bit).

The email says contact support if this happens: and that's your best bet other than a PM here to Andy.

And I'd suggest checking what other sites you've used that password on because this sounds more like someone hacked one of your accounts elsewhere and is trying out that password at other places that has that email or account name.

I think you re right , but i would recommend to everybody to change their password if the database has been stole ,he could be the first to notice someone stole his account.

Gamma-UT · Post by **Gamma-UT** » Tue Sep 10, 2024 1:15 pm

gelly-vapor wrote: Tue Sep 10, 2024 9:23 am I think you re right , but i would recommend to everybody to change their password if the database has been stole ,he could be the first to notice someone stole his account.

Good point.

gelly-vapor · Post by **gelly-vapor** » Tue Sep 10, 2024 5:59 pm

If Andy agree i could perform a pentest for free.[just pm me]

morelia · Post by **morelia** » Tue Sep 10, 2024 7:26 pm

It's a very unique password. I emailed Andy within minutes of confirming the emails were correct, and that someone has my account. Just posted here to see how widespread it might be.

From support:
Thanks for letting me know promptly about this. No harm done since they haven't authorised anything.

gelly-vapor · Post by **gelly-vapor** » Wed Sep 11, 2024 6:21 am

morelia wrote: Tue Sep 10, 2024 7:26 pm It's a very unique password. I emailed Andy within minutes of confirming the emails were correct, and that someone has my account. Just posted here to see how widespread it might be.

From support:
Thanks for letting me know promptly about this. No harm done since they haven't authorised anything.

good ending for you

andy-cytomic · Post by **andy-cytomic** » Wed Sep 11, 2024 1:39 pm

morelia wrote: Tue Sep 10, 2024 7:26 pm It's a very unique password. I emailed Andy within minutes of confirming the emails were correct, and that someone has my account. Just posted here to see how widespread it might be.

From support:
Thanks for letting me know promptly about this. No harm done since they haven't authorised anything.

Only one person has reported to me that their Cytomic web account login was changed. Anyone can enter an email into our webpage and get a password reset link sent to their email account, so if someone's email account is compromised, then so is their Cytomic web account, since we don't use 2FA. I recommend you change your email account password and enable 2FA on that as soon as possible.

PS: I'll report back here if there are any other reports of un-authorised account access, but this is the only one thus far, and the cause is still unknown. I'm using siteground to host my webpage, and they have security checks all the time which are all clear.

andy-cytomic · Post by **andy-cytomic** » Wed Sep 11, 2024 1:51 pm

morelia wrote: Tue Sep 10, 2024 6:32 am Just got emails that my account email and password have been changed. My login credentials are no longer recognized.

Did you receive the password reset email first? If someone has access to your email account login they can then use that link to login to your account, then change the password, and then change the email on the account - which will prevent you from changing the password.

morelia · Post by **morelia** » Thu Sep 12, 2024 7:56 pm

andy-cytomic wrote: Wed Sep 11, 2024 1:51 pm
morelia wrote: Tue Sep 10, 2024 6:32 am Just got emails that my account email and password have been changed. My login credentials are no longer recognized.
Did you receive the password reset email first? If someone has access to your email account login they can then use that link to login to your account, then change the password, and then change the email on the account - which will prevent you from changing the password.

I can barely get into my email with the multifactor authorisation process. I can't fathom that someone has access to my email. I'm no expert in these matters though.

Yes, the password email first and the email change less than a minute after.

kmonkey · Post by **kmonkey** » Thu Sep 12, 2024 8:28 pm

morelia wrote: Thu Sep 12, 2024 7:56 pm
Yes, the password email first and the email change less than a minute after.

If that is the case then I suggest you change your email password and all passwords that you have at any endpoint. And no this time I am not making fun of the situation or being sarcastic (contrary to my usual posting). Believe it or not, I am running a business that deals with e-commerce sites and I fix security errors for companies.

It sounds as if someone had or still has access to your email inbox. It is not the cytomic website causing problems. If it was, this problem would be much more widespread and we would see more people reporting the same thing.

Because the password email came first into your inbox this means someone "knew" in advance what to enter on the Cytomic website when utilizing the standard password reset function (this exists on pretty much any WordPress website) in order to wait for the email to arrive in your inbox and then.

More likely someone accessed your email inbox and then went looking for "orders" so that they can obtain your purchasing data from your history. That is what these people do when they enter your mailbox they are trying to see the history of your purchases and obtain details. Someone was able to find that you ordered at cytomic so then he/she tried and successfully finished the password reset. My guess is that they wanted to see your cytomic account in order to either find even more data on you or to sell your plugin to someone else and get some money that way.

I wholeheartedly suggest you in the future to use something like Bitwarden - free, open source (unbiased security audits) and it also has a nice password creator for you. You just have to keep one super duper tedious password.

Also, you can check your mailbox here but the list is not updated daily:

https://haveibeenpwned.com/
https://haveibeenpwned.com/Passwords

Good luck.

Has cytomic.com been hacked