Obsidian Posted January 27 According to this article, there was a recent data breach that has potentially exposed billions of records across a significant number of websites across the internet. As you may be able to infer from this post, Doomworld is among the websites listed. In the wake of this breach, changing your DW password is highly recommended to protect your account from potential hijacking. Be sure to check the linked article to see if any other websites you frequent may been affected. 18 Quote Share this post Link to post
Shepardus Posted January 27 The article says that most of the data is compiled from past breaches, so the Doomworld data is likely that from the 2022 breach. Can't say for sure though. If you're using a password manager (which you should) changing your password and using different passwords for different sites shouldn't be much trouble anyway, so may as well. 11 Quote Share this post Link to post
DNSKILL5 Posted January 27 Can’t wait for all the airline travel spam posts to return! 11 Quote Share this post Link to post
rita remton Posted January 27 (edited) i once read a post from an admin/mod that hackers could not possibly get user passwords because in doomworld the passwords are in "hash", therefore the passwords are safe? i don't know what "hash" means though in such context (for clarification, the only "hash" i know are "hash browns", "#" sign and "hash tags"). Edited January 27 by rita remton 1 Quote Share this post Link to post
SilverMiner Posted January 27 45 minutes ago, rita remton said: i don't know what "hash" means though in such context There is a function, to which a password is feeded and the func's output is hash. The hash is stored. The user's input is hashed and the result is compared to what's in the database. If they equal - success, not - fail 3 Quote Share this post Link to post
DavidN Posted January 27 1 hour ago, rita remton said: i once read a post from an admin/mod that hackers could not possibly get user passwords because in doomworld the passwords are in "hash", therefore the passwords are safe? i don't know what "hash" means though in such context (for clarification, the only "hash" i know are "hash browns", "#" sign and "hash tags"). Tom Scott explains it really well! A hash is the result of a function that's performed on your password before it's stored - unlike encryption, the transformation is one-way so you can't retrieve the original password by looking at the hash. So an attacker might not know your password, but there are some other vulnerabilities described in the video. 4 Quote Share this post Link to post
Hebonky Posted January 27 Well that sucks! welp, time for a new password! I also think doing a phone verification or a code from something like google authenticator can help minimize damage. 0 Quote Share this post Link to post
TheMagicMushroomMan Posted January 27 I bet you it was that fucker 4chan again. 11 Quote Share this post Link to post
SleepyVelvet Posted January 28 Tachyeres pteneres It still doesn't hurt to change your password though if you're up to the effort. 1 Quote Share this post Link to post
esselfortium Posted January 28 FYI, this is apparently the same Doomworld breach from 2022, not a new one. 20 Quote Share this post Link to post
fraggle Posted January 29 On 1/27/2024 at 11:10 AM, rita remton said: i once read a post from an admin/mod that hackers could not possibly get user passwords because in doomworld the passwords are in "hash", therefore the passwords are safe? i don't know what "hash" means though in such context (for clarification, the only "hash" i know are "hash browns", "#" sign and "hash tags"). The brief summary is that any competently-run websites do not store passwords, only a big random number that is generated using your password (called a hash). It's why you always have "password reset" rather than something like a "show me the password I forgot" option - the website is literally incapable of telling you what your password is. If the hashes are leaked, an attacker can try running millions of guesses against them to see if they can discover any passwords. But it's slow and requires a lot of computing power. If you use a weak password it's easier to crack. 4 Quote Share this post Link to post
Rudolph Posted January 29 I tried searching for my current Doomworld password on Have I Been Pwned, but nothing came out of it. Does that mean I am in the clear? 0 Quote Share this post Link to post
Kinsie Posted January 30 23 hours ago, Rudolph said: I tried searching for my current Doomworld password on Have I Been Pwned, but nothing came out of it. Does that mean I am in the clear? As previously mentioned, the data that was leaked (over a year ago!) was encrypted hashes that'd probably require state-sponsored amounts of computing power to crack. You should be fine, but if changing your password makes you feel better, then go ahead. 3 Quote Share this post Link to post
Biodegradable Posted January 31 (edited) These giant password/data leak/breaches are becoming insanely common at this point. I change all my passwords for my most frequently used accounts/visited sites annually now because I don't trust the integrity of the security of any major website these days. Edited January 31 by Biodegradable 2 Quote Share this post Link to post
DoomPlayer00 Posted February 5 Joke's on the hackers, I changed my password from 123Password to 321Password. That'll show 'em! 6 Quote Share this post Link to post
DiceByte Posted February 6 19 hours ago, DoomPlayer00 said: Joke's on the hackers, I changed my password from 123Password to 321Password. That'll show 'em! Jokes on you, now we know your new password! And we have already done horrible things using your account! :3 0 Quote Share this post Link to post
ClumsyCryptid Posted February 7 On websites where I don't care about the account get assigned my most pwned password. 1 Quote Share this post Link to post
Dark Pulse Posted February 11 Looks like I changed my password right after the breach, so if it's still the same data, even if someone got my password out of it, it'd be functionally worthless to them. 0 Quote Share this post Link to post
DoomGater Posted February 13 (edited) I was going to change my password to "P3n1s" but system says, my password is to short. Edited February 13 by DoomGater 6 Quote Share this post Link to post
JoeyKelastiof Posted February 14 So if you recently registered on the forum, you don't need to change the password? 0 Quote Share this post Link to post
Murdoch Posted February 14 2 hours ago, JoeyKelastiof said: So if you recently registered on the forum, you don't need to change the password? Correct, but given that the stolen data was password hashes, not passwords, it's very improbable it's of use to anybody. 1 Quote Share this post Link to post
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.