PDA

View Full Version : All user data and passwords are leaked, this site has been hacked in 2017



Lalli
15-05-2019, 07:55 AM
Just found my username and email address on this page through a quick google search:

https://cdn.databases.today/random/vbulletindump/pascalgamedevelopment.com-vb-2017.txt

The site's security should really be checked ASAP!

Thankfully I'm not using the password I have here on any other places since ages.

AthenaOfDelphi
16-05-2019, 03:57 PM
Hi Lalli,

1) You should use different passwords for every site you log in to, if you share a password across multiple sites you make it easy for hackers if one site is compromised
2) The last user on that list signed up in 2016, if I recall correctly I did a site upgrade around that time due to the possibility the site had been compromised
3) Whilst the list appears to contain passwords, these are hashed, so even if they have the salt for the hash, reversing a password is a long process as you effectively have to start with a guess, hash it and compare that to what you have in the list. Getting a password from that list could take years

Hope that clarifies a few things for you.

Ñuño Martínez
22-05-2019, 10:57 AM
That file is from 2017. I changed my password so...

farcodev
24-05-2019, 06:04 AM
Same here. I don't even have this old email address anymore :D

davido
04-06-2019, 03:04 PM
Fortunately I changed my password too :)

de_jean_7777
05-06-2019, 07:08 AM
Afair, there was a notification on PGD about the leak. The poster is just a bit late to it. But many other leaks and hacks were the reason why I started using a password manager like LastPass. Looking into Firefox Lockwise now (not that LastPass is bad, I just prefer Mozilla software).

SilverWarior
05-06-2019, 04:37 PM
But many other leaks and hacks were the reason why I started using a password manager like LastPass.

And you think that your online browsing is now safer?:no:

What happens if someone gets a hold of your password manager login information? Wouldn't that give them access to any site whose password are you managing though this password manager? Not to mention that this password manager also hold information of which sites are you visiting which is information that they would not be able to get from you if they would managed to somehow get a hold of password for just one site that you are visiting.

Personally I trust to only one password manager and that is my brain ;)

de_jean_7777
07-06-2019, 07:44 AM
And you think that your online browsing is now safer?:no:
Probably a lot more than it was before since I reused a password for many sites.



What happens if someone gets a hold of your password manager login information? Wouldn't that give them access to any site whose password are you managing though this password manager? Not to mention that this password manager also hold information of which sites are you visiting which is information that they would not be able to get from you if they would managed to somehow get a hold of password for just one site that you are visiting.
In which case I'm mostly f@!#$$% but as my email password is in my brain and not in the manager I can recover 95% of them.


Personally I trust to only one password manager and that is my brain ;)
Too many sites to remember them, and too many shared passwords. Someone got ahold of my Skrill, Vimeo and Netflix accounts, and some others. There is just no way I can remember all the logins, especially business accounts which have weird access passwords.

It's not the "be all, end all" security measure, which is why I still have 2FA for many sites, but it turned out more reliable than my brain :D