pfsense forums data breach confirmed

mer

I'm kind of wondering about the motivation of this thread now.
Is it simply:
Hey the old pfsense forum may have suffered a data breach, so you may want to be aware of any place you use that password/email combo and change it.

That is a good thing, a heads up to everyone.

Not sure if there is much value in posting redacted headers and such since the old forum has no way for users to change anything, all you could do is change your password on the current forum if you've used the same email/password combo.

Just my opinion feel free to ignore as you wish.

johnpoz

@mer said in pfsense forums data breach confirmed:

wondering about the motivation of this thread now.

Same here - seems like the subject is meant to draw attention, get on google, etc.. When clearly there is no such evidence of any sort.... @mer have you got any spam on your unique email - oh yours doesn't look unique never mind..

Now if we had a huge number of users saying hey I got spam xyz.. To my unique only used on this forum.. Then you might have something to talk about..

dennis_s

Our IT team has been looking into a possible breach of the Netgate forums. They have found no evidence of any breach or of users' email/passwords being compromised in any way.

All users that migrated their accounts to the new (current) forum were forced to change their password at that time, mitigating anything that may have happened prior to that.

mer

@johnpoz It's not unique, and yes "I've got spam" :) At least comcast has been training their algorithms, they do a decent job of marking them as such.

@dennis_s Thanks for the info.

Anonymous-5132

@johnpoz said in pfsense forums data breach confirmed:

@anonymous-5132 said in pfsense forums data breach confirmed:

"Well I haven't received spam" is not evidence. Absence of evidence is not evidence

Its same sort of evidence that your trying to present ;)

I've presented hard evidence in the form of server logs and email headers. You've presented absolutely nothing but your word. They are not the same in any way and any reasonable person would know that.

What if, for sake of argument, I don't believe you? I showed you the proof that I have received spam, so you don't have to take me at my word. Show me the proof that you haven't received spam so I don't have to take you at your word. If I was paranoid I might think you're hiding something...

I, and three other people, have presented evidence that the old pfsense forums suffered a data breach, while you've presented absolutely nothing that it hasn't. If not that, then what? What other explanation do you have that fits the evidence that has been posted so far? Present evidence, not words. Proof.

Why are you arguing so hard against this from such a weak position? What is it to you?

@mer said in pfsense forums data breach confirmed:

I'm kind of wondering about the motivation of this thread now.
Is it simply:
Hey the old pfsense forum may have suffered a data breach, so you may want to be aware of any place you use that password/email combo and change it.

That is a good thing, a heads up to everyone.

Something like that. "Hey, change your passwords, start using a password manager with unique passwords for all sites, and turn on 2FA. If you used a unique email, change it and block delivery to the old address if you have the ability. Also be aware that it's possible any information you provided to the old pfsense forum and anything connected to it may be in the wild now, which may include private messages."

Not sure if there is much value in posting redacted headers and such since the old forum has no way for users to change anything, all you could do is change your password on the current forum if you've used the same email/password combo.

In my opinion one should present evidence when claiming a data breach, otherwise it tends to look like simple trolling. It also gives admins a reference to look at while investigating.

@johnpoz said in pfsense forums data breach confirmed:

When clearly there is no such evidence of any sort....

The only ones not presenting evidence are you and the other naysayers. There's plenty of evidence. Have you looked at the other thread? Have you looked at the evidence I presented?

Now if we had a huge number of users saying hey I got spam xyz.. To my unique only used on this forum.. Then you might have something to talk about..

Do you know how I know you didn't read my previous post? Give it time. This thread has already attracted another confirmation, albeit without providing evidence yet. More will eventually filter in, especially if you keep keep this thread alive.

@dennis_s Thanks for the update, but this seems to be only related to the old forums. Once enough users come forward with evidence I think an official breach notification might be nice. It would also give a place to explain anything else that may have been compromised as well as listing everything that couldn't have been involved.

I have no evidence that the Netgate forum, or any other part of the Netgate website, has been breached, nor am I claiming that. If it seemed that I was claiming that the Netgate forum has suffered a data breach that was not my intent. This is all about the old pfsense forum and any software tied in to that system at that time. We know that at least email addresses have been leaked, but so far we don't know what other data may or may not have been involved.

mer

@anonymous-5132 Thanks: I was just making sure, I was not trying to imply or assume motive to anyone

Anonymous-5132

Wow, what junk forum software. My post above isn't spam until I try to edit it to remove the duplicated word. Teach me to proofread three times...

---Edit---

Just testing to see if all my edits are considered spam for some reason...

johnpoz

@anonymous-5132 said in pfsense forums data breach confirmed:

Have you looked at the other thread? Have you looked at the evidence I presented?

Yes - and there is no "evidence" you getting some email to some address "you" say has not been used elsewhere - or not leaked "elsewhere" or someone didn't specific add to a spam list, etc. etc.. is sure and the hell not "evidence" of a breach... When more than you come forward and say hey we all got this spam, from our only used on this forum you might have something worth talking about.

My "EVIDENCE" show no spam to my private address - so clearly your email address was obtained elsewhere.. Do you see how thin you accusation is?

getting email to the clearly unique and unknowable "pfsense" at some domain - yeah just screams their db has been compromised <rolleyes>

Anonymous-5132

@johnpoz said in pfsense forums data breach confirmed:

@anonymous-5132 said in pfsense forums data breach confirmed:

Have you looked at the other thread? Have you looked at the evidence I presented?

Yes - and there is no "evidence" you getting some email to some address "you" say has not been used elsewhere -

So we're supposed to believe you at your word but not me? You who has yet to post anything but words and has given absolutely no reason whatsoever to be trusted and in fact has shown good reason not to be trusted?

or not leaked "elsewhere" or someone didn't specific add to a spam list, etc. etc.. is sure and the hell not "evidence" of a breach...

So I leaked my own email address, defeating my own system I put together to detect leaked email addresses? Or are you claiming I faked the email headers and server log lines I posted? And you think I'm the one being completely unreasonable? ROFL!

When more than you come forward and say hey we all got this spam, from our only used on this forum you might have something worth talking about.

You mean like the three other people who have posted? Did the two others who posted evidence so far fake their evidence as well?

My "EVIDENCE" show no spam to my private address - so clearly your email address was obtained elsewhere.. Do you see how thin you accusation is?

Your "evidence" is your word and absolutely nothing else. You claim that you haven't received spam, and quite frankly, I don't believe you. I, and two other people, have posted hard evidence. You have posted crazy assumptions and ignored facts.

getting email to the clearly unique and unknowable "pfsense" at some domain - yeah just screams their db has been compromised <rolleyes>

A data breach of the old pfsense forum is the simplest explanation given the facts. What else could explain multiple different people all receiving spam to an address only used in that one place? Do you honestly believe that three different people all decided to forge evidence to falsely claim that they got spam to a unique email used at a single website and then all chose the old pfsense forum out of millions of choices? Oh, but I'm the one being unreasonable.

One of us has posted evidence, and one of us has not. One of us has read the evidence posted by two other people, and one of us has not. The fact is the evidence posted so far supports the theory that a list of email addresses used on the old pfsense forums has been leaked. No amount of words from a clearly unreasonable person will change that.

jdeloach

@anonymous-5132

I think it's about time that a moderator LOCK this post as there has been no credible evidence that there has been a leak posted and lets quit feeding this troll.

Joolee

The full (redacted) E-mail I received is:
https://pastebin.com/ApKP3fmG

kiokoman

let me guess !! let me guess !!
the email of @johnpoz johnpoz [snipped mod]

johnpoz

@kiokoman no that is not private address that the forum knows about..

kiokoman

@johnpoz
it was here
https://forum.netgate.com/topic/61267/minor-issue-with-client-export-config-commands
maybe you should clean that also
I wanted to show that it is not impossible to find them
also
https://marc.info/?l=pfsense-discussion&r=1&w=2
it's full of information about personal emails for example

johnpoz

@kiokoman thanks - from 2013, wow.. Not sure how I missed that way back then.

But yeah great example..

Joolee

@johnpoz your email address is also exposed in your Redmine profile, in case you're wondering. You can set it to private in the settings.

bingo600

@joolee
Might be nice to edit the above to just say your mail address

johnpoz

@joolee thanks - but that is not the address tied to my forum account either.. But another great example on my part ;) showing that email can be harvested without a "breach".. ;)

provels

I get spam every day in my roadside mail box.
Who do I see about that?

johnpoz

@provels I would contact the Postal Service about their breach.. Since clearly that is the only explanation