Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former Demonoid Members Receive Email Claiming Resurrection, Get Malware Instead

Posted by Unknown on from the probably-riaa-conspiracy dept.

New submitter giveen1 writes "I recieved this email as a former Demonoid.me user. I tried to go to the website and link is dead. ... 'Dear Demonoid Community Member, We have all read the same news stories: The Demonoid servers shut down and seized in the Ukraine. The Demonoid admin team detained in Mexico. The demonoid.me domain snatched and put up for sale. The Demonoid trackers back online in Hong Kong, but then disappearing. ... Now for some good news: The heart and soul of Demonoid lives on! Through an amazing sequence of unlikely events, the data on those Ukrainian servers has made its way into the safe hands of members of our community and has now been re-launched as d2.vu.'" But it turns out that the site was distributing malware, hosted on an American VPS, and quickly shut down after the provider discovered this. No word yet on how the Demonoid user database was acquired, but if you did make the mistake of trying to log in Torrent Freak warns: "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

4 of 62 comments (clear)

  1. Good Advice by DarthBling · · Score: 4, Insightful

    "New information just in suggests that if you logged into the fake Demonoid and used the same user/password combo on any other site (torrent, email, Steam, PayPal) you should change them immediately."

    Yup. After all those LinkedIn passwords were leaked last year, I wised up and changed the passwords to all the websites I visit each to something different. So now if my username/password combo is compromised, it's only good for that one particular website.

  2. Obligatory XKCD by Anonymous Coward · · Score: 5, Funny

    What has not been covered by It.

  3. Re:People still use common credentials? by hedwards · · Score: 5, Insightful

    Or just use something like keepass and give them all strong passwords. It's not like you're going to be remembering hundreds of passwords anyways. Last count I had over 400 log ins and little or no clue as to how many of them I actually will ever need to use again. For most people, even a dozen passwords is more than they can reliably remember.

  4. Sounds like demonoid used bcrypt. Yay! by Sloppy · · Score: 5, Insightful

    Someone has the database, but it's not enough: they want people to send them passwords associated with the records. That leads me to one conclusion, to the old Demonoid's credit.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.