Remove ads, unlock a dark mode theme, and get other perks by upgrading your account. Experience the website the way it's meant to be.

43 Million Passwords Hacked in Breach

Discussion in 'Article Discussion' started by Melody Bot, Sep 2, 2016.

  1. Melody Bot

    Your friendly little forum bot. Staff Member

    This article has been imported from for discussion. All of the forum rules still apply.

    John Mannes, writing at TechCrunch:

    The number of passwords and the severity of the hack were not uncovered until today. The passwords were stored using unsalted MD5 hashing. Rather than storing passwords in plaintext, nearly every site that stores critical user information utilizes some form of hashing. Hashing is a method for encrypting data, but some methods are far superior to others.

    These are some really bad password practices and if you have an account at, you should go change your password. Also, LeakedSource is a good resource to see if your information has shown up in any of these information database dumps over the past few years. You can search by your email address.

  2. doubledribble


    Thanks @Jason Tate

    I didn't see that this had happened. Changed my password immediately.
    Raku and Jason Tate like this.
  3. Tylar


    Damn this crazy, kudos for linking to LeakedSource, just found out about a few of my other accounts on other websites that were leaked.
    Raku likes this.
  4. Fronnyfron

    Woke Up Right Handed Prestigious

    Yeah good source. My email is safe but my old school email address got two hits from 2012-2013 huh
  5. Richard

    Trusted Prestigious

    It's crazy, really. Systems have always lagged behind in password security practices even though the technology has always been there.
  6. Eric Wilson

    Trusted Prestigious

    Will be keeping LeakedSource bookmarked. Really useful.
    Paul and Jason Tate like this.
  7. ioev

    I'm a kid I'm a squid

    More important than changing your password on, is to change your password anywhere else you suspect you may have used the password that was leaked. Your username and email can be used to find accounts you have on other services, and if you had used the same password, those accounts will be compromised as well.
    doubledribble, Tylar and Jason Tate like this.
  8. mynamesgeneric


    MD5 is not to be used for password hashing, unbelievable.
  9. Supernova

    Prayers/Triangles Prestigious

    Thanks for posting this. Also didn't know about Leaked Source so glad I checked that out. Had 7 things pop up and changed a few of those already. Good thing my password was unique to most of my other stuff....
  10. thevheissu

    that's not how the force works Prestigious

    My MySpace, Tumblr, Dropbox and Last.FM all on there. Yikes.
  11. skogsraet

    Trusted Supporter

    I change email addresses, usernames and passwords so frequently that I shouldn't have been as surprised as I was when nothing showed up for me on LeakedSource.

    Edit: also the most used password was 123456? Seriously? I thought users would be tech savvy enough to know better.
  12. Thanks for that link which lets you check to see if your email address was hacked @Jason Tate -- found out 2 of my emails have been hacked on numerous sites.

    More has 43 million users???
    Jason Tate likes this.
  13. Raku


    Yeah, unfortunately I got hit by this =/
  14. Paul


    Jason Tate likes this.
  15. Turkeylegz


    I remember that you posted a link to LeakedSource before but I forgot where it was. It is a great resource and I'm glad you are sharing it! Luckily, I was safe in this instance but it never hurts to check!
    Jason Tate likes this.
  16. Kiana Sep 2, 2016
    (Last edited: Sep 2, 2016)

    Goddamn, man child Prestigious

    Surprisingly my two current emails didn't show up with anything. My old email pinged from 3 years ago with and Neopets lmao. That email was abandoned long ago tho and nothing important is associated with it, that I know of at least and back then password requirements were so weak that I don't think I use many of the same ones. Either way I'm locked out of that email so oop
  17. Luroda

    Consistently Lurking

    Thank you for the LeakedSource link! Just checked my most active email accounts and got a few hits from way back 2012-13. I have changed since, but I guess I should change again just as a precaution.

    And weird that my email address was in Ashley Madison database. Like, wtf.
  18. shawnhyphenray


    I didn't really think was still a thing
  19. supernovagirl

    Poetic and noble land mermaid

    great resource, I apparently had my hacked in 2012 which sounds accurate as the last time I used it hah. Myspace, and tumblr and neopets (ayyy @Kiana lmao) as well. Whoops
    Jason Tate and Kiana like this.
  20. irthesteve

    formerly irthesteve Prestigious

    I had an ancient password on here, definitely going to change it, thanks
    Dirty Sanchez likes this.
  21. Dirty Sanchez

    Prestigious Prestigious

  22. CyberInferno Sep 4, 2016
    (Last edited: Sep 4, 2016)

    Line below my username Supporter

    This should serve as yet another reminder of why you should use randomized passwords and a password manager. Otherwise, someone who compromises one of your accounts can get them all.

    I personally use KeePass (free) and keep the encrypted file in my OneDrive. Got apps for all my devices. My encryption password is 20+ characters long, so brute forcing it would take forever even if someone were to get access to the file itself.

    While LastPass/Dashlane are fine, I like the additional security of requiring people to compromise both my OneDrive and then have to figure out how to hack my KeePass file. If you're going to use a cloud service, make sure to at least set up some kind of two-factor authentication with it.