KevC wrote: ↑Thu Mar 21, 2024 7:29 pm
You can already do it with the autogroups extension.
I know this, I became aware of this ext while reading this topic. I then experimented with this Ext in my local development environment. This Ext is an effective remedy against the security problem. However, this requires some effort at first and, once set up, still requires manual work on the part of the moderators and administrators.
However, I follow a completely different approach that is automated. In principle, I proceed in a similar way to Derky: I use existing phpBB functionalities and combine them with my own code.
So I'm not looking for a solution because I already have one and now with AG I would even have another one if my own is unusable. So I'm looking for information about the background to the data leak so that I know whether I still need to adapt my own solution or whether I even have to abandon my own approach.
Derky wrote: ↑Thu Mar 21, 2024 9:10 pm
Sounds interesting, what type of extension are you creating?
I'll give you detailed information via PM, I don't want to reveal unnecessary public information at the moment. ^^ I will change my developer board to English and take new screenshots, since the previous ones are all in German. However, I won't get to that until this evening.
Derky wrote: ↑Thu Mar 21, 2024 9:10 pm
The only common denominator I can find so far it that all email addresses from compromised accounts are listed in one or more dumps
Yes, with the information currently available, which you also mentioned in the starting post, it is currently only clear that these email addresses are in connection with other leaked access data. However, it is still not clear to me at the moment whether the
accounts of the affected email addresses were also hijacked.
That was the reason why I wrote here, because I wanted to know whether you might have any new information in the meantime.
We currently assume that only phpBB login data was actually leaked, but not the login data of the associated email accounts. That is an immense difference and important for my further approach.
May the backup be with you. Always.