Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Any recent hacked accounts from Southperry users?
Atuan Wrote:Whoever is doing this has their hands on our PW/PIN MD5 hashes. Looks like account IDs are stored in plaintext(?) because there are no hits on hashes for my ID. There were hits for both passwords, both pins of compromised accounts. No hits for safe ones.

Accounts & PIN are both stored in plain text, in the same table as the password hash.
Don't jump to conclusions until we have more than one or two people who were matched - Could just be a few people who had passwords that have been broken previously.

Takebacker Wrote:Are you saying that the above is a bad thing?

No, it's rather neutral. If your hash isn't found it means you've got a password that can't immediately be looked up, which is positive, but it also implies that some other method was used to bypass your pass/pin, which is somewhat bad for us, but honestly if you've already been hacked zeroing in on the how isn't going to be good or bad - it's already too late.

BombsAway Wrote:So do you suggest everyone (even the uncompromised currently) check to see if their passwords are on that site and if so can you give us sort of step by step walkthrough so that we don't accidentally get our passwords added to the list (you said that doing something would cause that but I'm a little to frightened to think clearly about such things)

Just follow the same instructions I originally posted - Create a hash at website #1 (or any other md5 generation site, or snippet that won't cache the cross reference), then check the hash at rednoize. The warning was that you don't want to create the hash at rednoize itself because any hashes it creates it automatically saves, making even the most perfect pass wide open just by having tested it. It's the equivalent of handing them the key to your armored truck full of cash to valet park it. Tongue

For anyone who's pass pops up - yeah, I'd recommend changing it, because if it's there, it's obviously one someone has thought of at some point and can lookup with zero effort.
It's not having what you want - It's wanting what you've got.
Reply


Messages In This Thread
Any recent hacked accounts from Southperry users? - by Eos - 2010-01-16, 07:07 PM
Any recent hacked accounts from Southperry users? - by BDRyan - 2010-01-18, 01:09 AM

Forum Jump:


Users browsing this thread: 2 Guest(s)