Thoughts Media.com

 


Windows Phone Thoughts

Loading feed...

Digital Home Thoughts

Loading feed...

Apple Thoughts

Loading feed...




Go Back   Thoughts Media Forums > Thoughts Media Status Updates

Reply
 
Thread Tools Display Modes
  #1  
Old 04-10-2008, 02:30 PM
Jason Dunn
Executive Editor
Jason Dunn's Avatar
Join Date: Aug 2006
Posts: 29,160
Default Post-Hack Note Regarding Your Accounts

A community member brought up an interesting point that I hadn't thought much about: although there's no indication that the hacker copied our user database, it is of course possible that he looked up individual user entries and copied data from them. The most sensitive user information we store is your email address (and your password if you didn't use a password unique to this site), which we never share with anyone else, but it's technically possible that the hacker got his hands on it. Unlike some of the other previous hacks we've dealt with, this one didn't seem to be motivated by profit or a desire to distribute spyware. I highly doubt anyone will start to get any spam to the address in their profile from this incident, but I felt it best to bring this issue to your attention in case something unusual does start to happen. Hopefully this is much-ado about nothing.<br /><br /><strong>UPDATE:</strong> I've been informed that vBulletin encrypts the user passwords in it's database, so it's highly unlikely that anyone's passwords were compromised. Good news!
__________________
Want to contact me personally? Use this. Want to read my personal blog? Check it out. Want to follow me on Twitter? Here you go.
 
Reply With Quote
  #2  
Old 04-10-2008, 04:03 PM
subzerohf
Intellectual
subzerohf's Avatar
Join Date: Aug 2006
Posts: 156

I presume that our passwords are encryted, and as long as the hacker does not have the private key, (s)he won't be able to resolve the password ?
__________________
Why, oh why didn't I take the blue pill?
 
Reply With Quote
  #3  
Old 04-10-2008, 06:35 PM
Rocco Augusto
Editor Emeritus
Rocco Augusto's Avatar
Join Date: Aug 2006
Posts: 2,432

Good to hear! To my knowledge, doesn't VBulletin MD5 hash the users selected password twice and than randomly selects a key to encrypt it? If so, it just seems like more trouble than its worth to try and crack the passwords.
__________________
Follow me on Twitter - @therocco
 
Reply With Quote
  #4  
Old 04-10-2008, 09:31 PM
Jason Dunn
Executive Editor
Jason Dunn's Avatar
Join Date: Aug 2006
Posts: 29,160

Quote:
Originally Posted by subzerohf View Post
I presume that our passwords are encryted, and as long as the hacker does not have the private key, (s)he won't be able to resolve the password ?
Yes, that would seem to be correct. The only private data exposed would be your email address...
__________________
Want to contact me personally? Use this. Want to read my personal blog? Check it out. Want to follow me on Twitter? Here you go.
 
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 03:57 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Copyright Thoughts Media Inc. 2009