TNA Board Hacked? Ransom Demand

[essayman]

I received a data ransom demand this AM from leak@tnaboard.com.

The hackers are demanding that I send them $200 in BTC within 7 days. Thankfully, I haven't used TNA Board that much, so there's not much there even if they do release any data. However, the demand email was sent to one of my legit email accounts, and it had my handle, and a bit of person information in it which does concern me.

Has anyone else received such a demand recently? Any thoughts from our IT savvy members as to how legit the hack and the demand may be? Suggested response?

Thanks in advance.

essyman

[Fizley]

I wouldn't worry about it too much. Most of those hackers are out for a quick score and then on to the next. They don't know if that is an old Email or a active one.

Just make sure all your passwords have been changed.

[ben dover]

I agree, doubtful they will follow through.

[Pangolier]

Quote:

Originally Posted by essayman

I received a data ransom demand this AM from leak@tnaboard.com.

The hackers are demanding that I send them $200 in BTC within 7 days. Thankfully, I haven't used TNA Board that much, so there's not much there even if they do release any data. However, the demand email was sent to one of my legit email accounts, and it had my handle, and a bit of person information in it which does concern me.

Has anyone else received such a demand recently? Any thoughts from our IT savvy members as to how legit the hack and the demand may be? Suggested response?

Thanks in advance.

essyman

You say the email was sent to one of your personal email accounts, and it has "a bit of personal information" Was that email address or the personal info ever entered into TNA at any point in the past? If not that means either they dug deeper, or your play email address has some sort of connection or link to your real world information.


Under no circumstances should you ever pay a ransom demand in this kind of situation. Doing so will only result in indefinite blackmail to the tune of bankruptcy. You'd be better off taking your chances with your info being divulged than paying a ransom. In fact, paying ransoms in general has a very low rate of success unless your family member has been kidnapped by Philippine terrorists.

[LustyBustyGina38FF]

https://twitter.com/530Vrose/status/1543583144502231041
More here ..

[TinMan]

If they stole the database, then the OP must have had something in there that connects to him personally. Used a personal email address at some point? Sent a PM that included personal information (perhaps for screening purposes)?

OP, let us know if you figure out how the hackers may have connected your hobby and RW info. Agree with others here as well…chances are what little info they shared with you is probably the extent of their knowledge, and ignoring it is the best strategy.

Best of luck, and please keep us posted.

[Gosling1]

When I signed up at TNA, I used a Gmail address that I had for naughty stuff. I then later changed it to a Protonmail account a few years ago. I have only received the lazy blacklmail letter (a dozen times in one day) to the Protonmail address.


I have no worries about whether the losers post the db on the internet or not. Nothing in it can tie it to my civilian life.


IP numbers don't go to your dwelling but to the local access point for your ISP. Or the VPN connection point that you use.

The email address isn't used for anything that connects to any of my regular civilian life or social media.


If I did use my personal email address then I would be concerned. But after the Ashley Madison hack back in 2015, anyone with more than 2 brain cells should have known to not get your sugar where you get your bread.

[TinMan]

Thanks for that report. Confirms what I expected. Several decades ago I made sure I had no connection between my RW and hobby accounts. On the few occasions I’ve received emails like the OP describes, it’s been obvious the sender had nothing.

People, if you haven’t checked your hobby accounts to make sure there isn’t any RW information there, do so now. These hacks of hobby websites are happening all the time. It’s just a matter of time before you are impacted.

[Pangolier]

Got mine. They have access to any private message you had on TNA.

[TinMan]

Quote:

Originally Posted by Pangolier

Got mine. They have access to any private message you had on TNA.

Another great reason to delete your PMs periodically. And refrain from putting any personally identifiable information in those PMs, since the recipient may not be as diligent as you in cleaning out their folders.

[winn dixie]

Quote:

Originally Posted by TinMan

Another great reason to delete your PMs periodically. And refrain from putting any personally identifiable information in those PMs, since the recipient may not be as diligent as you in cleaning out their folders.

^^^^^^^^^^^^

100% This

[essayman]

@ Pangolier - RE: your post "Got mine. They have access to any private message you had on TNA."

Does this mean that you received a ransom demand as well?

essayman

[Joe Blows]

What do they say they’re going to do if you don’t pay?

[DallasBella]

Can you log into the site at all?

[Pangolier]

Quote:

Originally Posted by essayman

@ Pangolier - RE: your post "Got mine. They have access to any private message you had on TNA."

Does this mean that you received a ransom demand as well?

essayman

Yep. They claim they will "expose" my info, of which they have none. In my case, even if they did have info, it wouldn't matter much because I'm single, and not a church going pillar of the community or politician. Essentially there's "nobody to tell" even if they did have my info. I'm afraid these kinds of things will continue to happen from time to time. Look at the SolarWinds hack... If the US government is not capable of protecting their own sites, then that shows potential vulnerability in the private sector. Think back to Ashley Madison... These hacks have been going on for decades. They are not common, but the best thing site owners can do is stay up to date with the latest security technology (Cloudflare, Crowdstrike, Palo Alto Networks, etc...), as well as not piss off the wrong crowd. Even if you are not in favor of the Russian Ukrainian war, posting anti Russian propaganda on your site is just begging to get hacked.