Jump to content

Mother Of All Breaches


Recommended Posts

The article says that most of the data is compiled from past breaches, so the Doomworld data is likely that from the 2022 breach. Can't say for sure though. If you're using a password manager (which you should) changing your password and using different passwords for different sites shouldn't be much trouble anyway, so may as well.

Share this post


Link to post

i once read a post from an admin/mod that hackers could not possibly get user passwords because in doomworld the passwords are in "hash", therefore the passwords are safe? i don't know what "hash" means though in such context (for clarification, the only "hash" i know are "hash browns", "#" sign and "hash tags").

Edited by rita remton

Share this post


Link to post
45 minutes ago, rita remton said:

i don't know what "hash" means though in such context

There is a function, to which a password is feeded and the func's output is hash.

The hash is stored.

The user's input is hashed and the result is compared to what's in the database.

If they equal - success, not - fail

Share this post


Link to post
1 hour ago, rita remton said:

i once read a post from an admin/mod that hackers could not possibly get user passwords because in doomworld the passwords are in "hash", therefore the passwords are safe? i don't know what "hash" means though in such context (for clarification, the only "hash" i know are "hash browns", "#" sign and "hash tags").

 

Tom Scott explains it really well! A hash is the result of a function that's performed on your password before it's stored - unlike encryption, the transformation is one-way so you can't retrieve the original password by looking at the hash. So an attacker might not know your password, but there are some other vulnerabilities described in the video.

 

 

Share this post


Link to post

Well that sucks! welp, time for a new password!

 

I also think doing a phone verification or a code from something like google authenticator can help minimize damage.

Share this post


Link to post
On 1/27/2024 at 11:10 AM, rita remton said:

i once read a post from an admin/mod that hackers could not possibly get user passwords because in doomworld the passwords are in "hash", therefore the passwords are safe? i don't know what "hash" means though in such context (for clarification, the only "hash" i know are "hash browns", "#" sign and "hash tags").

The brief summary is that any competently-run websites do not store passwords, only a big random number that is generated using your password (called a hash). It's why you always have "password reset" rather than something like a "show me the password I forgot" option - the website is literally incapable of telling you what your password is. If the hashes are leaked, an attacker can try running millions of guesses against them to see if they can discover any passwords. But it's slow and requires a lot of computing power. If you use a weak password it's easier to crack.

Share this post


Link to post
23 hours ago, Rudolph said:

I tried searching for my current Doomworld password on Have I Been Pwned, but nothing came out of it. Does that mean I am in the clear?

As previously mentioned, the data that was leaked (over a year ago!) was encrypted hashes that'd probably require state-sponsored amounts of computing power to crack. You should be fine, but if changing your password makes you feel better, then go ahead.

Share this post


Link to post

These giant password/data leak/breaches are becoming insanely common at this point. I change all my passwords for my most frequently used accounts/visited sites annually now because I don't trust the integrity of the security of any major website these days.

Edited by Biodegradable

Share this post


Link to post
19 hours ago, DoomPlayer00 said:

Joke's on the hackers, I changed my password from 123Password to 321Password. That'll show 'em!

Jokes on you, now we know your new password! And we have already done horrible things using your account! :3

Share this post


Link to post

Looks like I changed my password right after the breach, so if it's still the same data, even if someone got my password out of it, it'd be functionally worthless to them.

Share this post


Link to post

I was going to change my password to "P3n1s" but system says, my password is to short.

Edited by DoomGater

Share this post


Link to post
2 hours ago, JoeyKelastiof said:

So if you recently registered on the forum, you don't need to change the password?

 

Correct, but given that the stolen data was password hashes, not passwords, it's very improbable it's of use to anybody.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...