10 replies [Last post]
Chimp's picture
User offline. Last seen 2 weeks 1 day ago. Offline
Joined: 05/13/2008
Groups: None

Today I got an email using a template that has been making the rounds.

"I greet you!

I have bad news for you.
27/08/2018 - on this day I hacked your operating system and got full access to your account %EMAIL%
On that day your account (%EMAIL%) password was: %PASSWORD%"

I've had a few of these to services that I know have been breached like dropbox.com and easycontentunits.com but today is the first I have seen for fold.it.

The email address used was only ever provided to fold.it and has never been reused.
The password was the password used to secure my account. In other such cases I've had the attacker show an MD5 hash of my password (easycontentunits.com) but here it was plaintext suggesting that fold.it are not storing passwords in a hashed and salted secure manner. Admittedly my password here was only 8 characters so could have been bruteforced

My question is were fold.it aware of a breach previously? Did it communicate this to its userbase?

Thanks

LociOiling's picture
User offline. Last seen 27 min 57 sec ago. Offline
Joined: 12/27/2012
Groups: Beta Folders
No email here...

Not sure what's going on, but I haven't received any email of this type.

If this is widespread, I suspect others would have reported it.

Foldit does store your password locally and unencrypted, if you allow it. There's a file 0000nnnnnn.ir_user, which contains your Foldit screen name, and optionally, password in cleartext. That wouldn't give the attacker an email address, however (unless you used your email as your screen name).

Similarly, browsers may store a password for fold.it, supposedly in a secure form. Once again, the combo would be screen name + password, hard to see them coming up with the email address without manual intervention.

I'll let the Foldit team know that there may be a problem.

smortier's picture
User offline. Last seen 1 week 4 days ago. Offline
Joined: 03/10/2016
Groups: None
Thanks for the info, Chimp!

We're investigating this right now and will get back to you ASAP.

Chimp's picture
User offline. Last seen 2 weeks 1 day ago. Offline
Joined: 05/13/2008
Groups: None
Thanks - for reference,

Thanks - for reference, ignore the date offered in the email for any investigation. Supposedly this is the same day I was 'attacked' via easycontentunits.com. My dropbox.com account was supposedly 'hacked' on the 11th of August this year when in reality it was ~June 2012

Joined: 11/13/2018
Groups: None
Thats actually happening

Thats actually happening before((

jflat06's picture
User offline. Last seen 2 days 5 hours ago. Offline
Joined: 09/29/2010
Groups: Window Group
.

When was the last time you had the client installed or played?

jflat06's picture
User offline. Last seen 2 days 5 hours ago. Offline
Joined: 09/29/2010
Groups: Window Group
.

Also, as a note, we do store hashed passwords, not plaintext. Is it possible you have malware on your machine?

Chimp's picture
User offline. Last seen 2 weeks 1 day ago. Offline
Joined: 05/13/2008
Groups: None
Possible but unlikely. I

Possible but unlikely. I don't think I ever installed it. I signed up in 2008 and haven't used it since. That would have been many systems ago. I track all 'spam' as I'm anal and use a unique email address for everything.

This is the first time since Tue, 13 May 2008, 09:02 that this email address has been used.

Susume's picture
User offline. Last seen 1 hour 59 min ago. Offline
Joined: 10/02/2011
same email, old password

Thanks for the heads up. Checking my spam folder, I found that I received the same email to the email address I use for foldit. However, the password provided in the email was my original password for my foldit account (created Oct 2011), which I changed at least a year ago (maybe 2 years ago, I don't remember). The hacker must have gotten the passwords some time ago, or perhaps this hacker recently acquired a collection of passwords that was actually harvested some time ago.

Susume's picture
User offline. Last seen 1 hour 59 min ago. Offline
Joined: 10/02/2011
not necessarily fold.it

I should note that the email does not mention fold.it or my foldit account name anywhere. Because I occasionally re-used passwords in those days, it is possible they got this password from some other old account on some other site. Unlike Chimp, I do not use unique email addresses, so I can't confirm that this password was acquired from foldit.

As Loci said, my *.ir_user file does contain my current foldit password in plain text.

Joined: 05/19/2009
Groups: Contenders
Reported

I have received a similar mail, which in effect is an extortion attempt for bitcoins. A very old password was listed which may or may not have been an old foldit password. I searched my records and I did use the e-mail address in a reply to an authorship request e-mail of the gmail address of foldit, it is not the account e-mail.

I am aware that old account data of various large firms was obtained years ago and my e-mail address and password may have been linked to those instead. In any case, do NOT pay as the claims in the mail are bogus.

As it is an extortion attempt I have reported it to the police.

Sitemap

Developed by: UW Center for Game Science, UW Institute for Protein Design, Northeastern University, Vanderbilt University Meiler Lab, UC Davis
Supported by: DARPA, NSF, NIH, HHMI, Amazon, Microsoft, Adobe, RosettaCommons