0 Members and 3 Guests are viewing this topic.
It appears probable that plaintext passwords were stolen as well, so be aware of that. My and geekboy's accounts elsewhere were both attempted compromised elsewhere. Change your password.Edit: It's also worth pointing out that if plaintext passwords were stored or logged somewhere, you should NOT change your password to anything you use elsewhere, because nothing about password storage has changed.
We shouldn't have had any plaintext passwords. It looks like SMF doesn't salt+hash their passwords in a very secure way. Sorunome is looking into cleaning that up.
Luckily it looks like the damage was contained to Omnimaga's database itself and they didn't get at any of our other databases or anything. There is a lot of data they can sort through though and possibly some personal information.
Quote from: Eeems on December 05, 2015, 06:36:13 pmWe shouldn't have had any plaintext passwords. It looks like SMF doesn't salt+hash their passwords in a very secure way. Sorunome is looking into cleaning that up. Given how quickly my account was attacked last night (with my Omnimaga password), and geekboy's account was attacked today (ditto), I'm concerned.
Quote from: Eeems on December 05, 2015, 06:36:13 pmWe shouldn't have had any plaintext passwords. It looks like SMF doesn't salt+hash their passwords in a very secure way. Sorunome is looking into cleaning that up. Given how quickly my account was attacked last night (with my Omnimaga password), and geekboy's account was attacked today (ditto), I'm concerned.Quote from: Eeems on December 05, 2015, 06:36:13 pmLuckily it looks like the damage was contained to Omnimaga's database itself and they didn't get at any of our other databases or anything. There is a lot of data they can sort through though and possibly some personal information. Geekboy said that nothing in the admin forum was particularly sensitive, but I guess PMs and the Private Matters subforum are of concern?
Seriously, plain text passwords in 2015 ?