neurosynth wrote:
Having taken over the account did the attacker do anything with it? I ask in case he/she took over other accounts but *didn't* change the password on those, and thus might remain undetected but active.
ams2008dam wrote:
why would you want to hack a site like this.....
Well, as a regular user, the only thing one can "do" is to make a post or send a private message. Those affected can check their post history and PM sent box for anything they do not recognise, though I think it's unlikely anything like that was done (because what's the point?)
Here's what I think happened: the attacker specifically went after accounts with high post counts, in the hopes that one or more may have moderator or admin privileges. I am guessing
maybe the goal was to steal email addresses for spamming purposes. It's not really clear to me. Either way, these were thought out criminal actions, perpetrated using the Tor network (google that if you're unfamiliar.) Pieces of shit. Spammers really need to be executed...