Doomworld has been compromised.

[Poxel12]

Well, this is terrible. Time to change my password to be more polish.

[Ludi]

Before anyone starts blaming anyone, let's remember that no one here owns the site, not even the head mods. 

Edited October 13, 2022 by Ludi

[SFFlowerBoy]

2 minutes ago, Dragonfly said:

 I've several services linked with Authy and not ever encountered this issue before.

 

 

^{(Also the CSS could do with some work in this part of the site 😅)} 

Thats weird when I did it an hour ago there was no problem at all.

[SFFlowerBoy]

2 minutes ago, Ludi said:

Before anyone starts blaming anyone, let's remember that no one here owns the site, not even the head mods. 

How does that work. Is the Owner just inactive?

[Mr. Freeze]

Yeah I can't set up 2FA, it keeps saying there's a problem. 

[Cozy]

Damn, I just joined

Does it mean I'm doomed(hehe, doomed, get it?😎) too? :(

[Herr Dethnout]

15 hours ago, Mr. Freeze said:

bronies smh

The worst part is that I didn't realized that the guy made this has a MLP pic until this post.

lol

[TheFocus]

well, then. if the admins haven't made a statement yet, i guess i'll just wait around.

 

 

patiently.

[Dragonfly]

5 minutes ago, Rykz said:

I don't remember that you need to enter your birthday to sign up doomworld.

 

I think you used to prior to the move to Invision Community forum software - I recall a prompt on account creation that you had to confirm you're above age, I can't remember if this was a simple check box, or a full date entry. Regardless, what's the worst that can happen with that information? Unexpected birthday wishes, oh noes!

[Solmyr]

34 minutes ago, Mr Masker said:

If anyone has music suggestions for the End Of Doomworld Credits Segment, then I'm open to it.

"Adagio for Strings" by Samuel Barber.

[Zom-B]

Everyone talks about passwords being hashed, but no one yet said whether they are also salted? Salted passwords are still considered completely safe from cracking, whereas unsalted are completely unsafe. (There are sites out there that look up hashes in a database generated from leaked passwords and generated phrases, and others can do a rainbow attacks on the hash)

 

So are the hashes salted, and is the salt trusted to be random enough?

 

A final note, it's definitely worth changing your password now, opposed to what some say, and just change it again when the leak is closed.

[DrinkyBird]

1 minute ago, Zom-B said:

Everyone talks about passwords being hashed, but no one yet said whether they are also salted? Salted passwords are still considered completely safe from cracking, whereas unsalted are completely unsafe.

Apparently the passwords use bcrypt, so yes they will be salted.

[Kinsie]

Just now, Zom-B said:

Everyone talks about passwords being hashed, but no one yet said whether they are also salted? Salted passwords are still considered completely safe from cracking, whereas unsalted are completely unsafe. (There are sites out there that look up hashes in a database generated from leaked passwords and generated phrases, and others can do a rainbow attacks on the hash)

 

So are the hashes salted, and is the salt trusted to be random enough?

 

A final note, it's definitely worth changing your password now, opposed to what some say, and just change it again when the leak is closed.

The post in the OP says it's Bcrypt, and the Bcrypt Wikipedia page says it uses salts in the second sentence.

[YoshizinGordin]

i've just sucessfully changed my password to a jumble of all existent accents in brazilian portuguese. 

[Mr. Freeze]

Where are the admins on this? Or even the mods? 

[7Mahonin]

Removed 

Edited October 14, 2022 by 7Mahonin

[Ludi]

8 minutes ago, SFFlowerBoy said:

How does that work. Is the Owner just inactive?

 

No, the site I believe is owned by a third party. That's what I remember anyways, don't take that as gospel.

[A Nobody]

I swear if something happens to my email...

[NoXion]

2 minutes ago, 7Mahonin said:

Whoever’s responsible is low life scum who will never amount to anything of any significance in their lifetime.

 

Not just that, but it seems like a lot of effort for little reward. It's not like this is the kind of site where people are going to be chucking around their bank details.

[Zom-B]

5 minutes ago, Kinsie said:

The post in the OP says it's Bcrypt, and the Bcrypt Wikipedia page says it uses salts in the second sentence.

I don't see it

 

[edit] Of I had to click through to the twit. I hate twitter.

Edited October 13, 2022 by Zom-B

[Kinsie]

1 minute ago, Zom-B said:

I don't see it

[Mauzki]

Gasp

Change ya password, that's really all you need to do.

[Misty]

1 minute ago, A Nobody said:

I swear if something happens to my email...

Nothing will happen to your email, now just go to touch some grass. 

[Mauzki]

1 minute ago, NoXion said:

 

Not just that, but it seems like a lot of effort for little reward. It's not like this is the kind of site where people are going to be chucking around their bank details.

This is a no to the nudes thread, then?

[mrthejoshmon]

I just realised that there's a 100% chance I lied about my age when signing up, outside of my IP (which is constantly changing) and my email (that someone has already signed up to several newsletters before this) they ain't copping much.

Edited October 13, 2022 by mrthejoshmon

[nkl]

Changed password, enabled 2fa. So what now?

[Rykzeon]

Random Password Generator (incase you lazy to search it):

• https://passwords-generator.org/
• https://www.passwordsgenerators.net/

Maybe try to turn off the internet when you generating the password with the online password generator :p
BTW, I'm not a technician or programmer so eh.

[Herr Dethnout]

I will only accept that hack as real if @John Carmack makes a post.

[Gez]

19 minutes ago, Poxel12 said:

Well, this is terrible. Time to change my password to be more polish.

Change it to "hasło".

[Poxel12]

1 minute ago, Gez said:

Change it to "hasło".

There is not enough polishness in this password.