possible data breach?

[Grouch]

was view another site and seen a news article regarding a data breach here. is this true?
I'd post the link but I'm not sure it's allowed here.

[Zaladane]

was view another site and seen a news article regarding a data breach here. is this true?
I'd post the link but I'm not sure it's allowed here.

Post it in Retro.

[Grouch]

will do that

[WorkNoFun]

The breach is over a year old, and as far as I can tell Emupara forces password changes every year also, so it's pretty much a non issue.

[iambreakingthelaw]

It should be clarified that it was salted MD5 hashes that were exposed - a little different from plaintext passwords, though MD5 is considered a joke these days. Not the hugest of deals if you don't use the same login details everywhere - the list will probably end up used for location-targetted spam.

[Ragnar]

Yeah, this was news here when it happened. Every single user had their password reset and emails were sent out. So, uhh, ya'll should already know.

[iambreakingthelaw]

That explains why my password didn't work when logging in recently and I had to reset it. These emails get lost in the post, you know.

[Grouch]

Yeah, this was news here when it happened. Every single user had their password reset and emails were sent out. So, uhh, ya'll should already know.

funny because I don't remember ever receiving an email or even seeing an announcement I'm here literally everyday. it also seems strange that the story is out now rather than a year ago.

[deadlegion]

funny because I don't remember ever receiving an email or even seeing an announcement I'm here literally everyday. it also seems strange that the story is out now rather than a year ago.

I can't remember if there was a public forum announcement/thread about it tbh, but all members had a forced password reset iirc.

[iambreakingthelaw]

funny because I don't remember ever receiving an email or even seeing an announcement I'm here literally everyday. it also seems strange that the story is out now rather than a year ago.

I must agree. Couldn't find anything using the site's search function, and I've just checked through my EmuParadise emails - there isn't a single email about it, either in the EmuParadise newsletters or EPForums emails. It's possible it was swept away in spam.

[Cookie Monster]

We didn't announce it publicly but we forced everyone to change their password. And we enforce that measure twice every year. This is old news.

[iambreakingthelaw]

If you didn't announce it and forced password changes are the norm, how is it old news? News is news when it's first reported.

[deadlegion]

If you didn't announce it and forced password changes are the norm, how is it old news? News is news when it's first reported.

Old news as in the owner was aware of it and so were staff. It was reported but not publicly.

[Ragnar]

If you didn't announce it and forced password changes are the norm, how is it old news? News is news when it's first reported.

Forced password changes weren't the norm before, that's how the hack occurred.

Yes, spam probably got eaten before it reached many members. But this was discussed here (not sure specifically where), and widely across the net. I heard about this hack elsewhere on the net before popping over here and noticing that I was logged out. It's good that the news story is re:circulating again, because clearly people here still don't know, and everyone should be aware of password security basics. The take away is, you need to use unique passwords everywhere. Everything will be hacked/leaked. Most large forums have been hacked by now, and other bigger better businesses. Fuck, from one business I'm pretty sure hackers have a picture of my drivers license, my credit card information and plaintext password.

[Cookie Monster]

If you didn't announce it and forced password changes are the norm, how is it old news? News is news when it's first reported.

It's old news because that happened back in April last year. That's when we first heard about this and when we took measures about it.