09-6-2016, 06:41 AM | #1 |
FFR Oldie McOlderton
Join Date: Jun 2006
Posts: 20
|
FFR Hacked.
Here's what's known about the breach:
Breach: Flash Flash Revolution Date of breach: 1 Feb 2016 Number of accounts: 1,771,845 Compromised data: Email addresses, Passwords, Usernames Description: In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes. You can also run a search for breaches of your email address again at any time to get a complete list of sites where your account has been compromised. |
09-6-2016, 06:54 AM | #2 |
♩♪♫♬♭♮♯
|
Re: FFR Hacked.
Wot
__________________
|
09-6-2016, 07:02 AM | #3 |
[Nobody liked that.]
Join Date: Sep 2012
Posts: 3,359
|
Re: FFR Hacked.
Already had the JOY of doing a very large password change binge.
Siiiiiiiiiiiiiigh Not that in the long run it does any good. Unless you have literally a different password for EVERYTHING it's kinda pointless. |
09-6-2016, 07:02 AM | #4 |
The Dominator
Join Date: Sep 2005
Location: North Bay, ON
Age: 34
Posts: 8,987
|
Re: FFR Hacked.
iirc most organizations are required by law to notify their clients when confidential information has been obtained from a breach.
gg it's been months Last edited by Dynam0; 09-6-2016 at 07:03 AM.. |
09-6-2016, 07:10 AM | #5 | |
FFR Oldie McOlderton
Join Date: Jun 2006
Posts: 20
|
Re: FFR Hacked.
Quote:
Hacks/breaches aren't always apparant and may not come to light until months later. Data that is stolen is not always immediately sold and may not be put onto the black market until long after the attack. |
|
09-6-2016, 07:11 AM | #6 |
FFR Oldie McOlderton
Join Date: Jun 2006
Posts: 20
|
Re: FFR Hacked.
Run your email address here: https:// haveibeenpwned .com
|
09-6-2016, 08:06 AM | #7 |
FFR Player
Join Date: Sep 2014
Location: Michigan
Posts: 1,047
|
Re: FFR Hacked.
GG site says I've been "pwned"
Not gonna lie it's hard to take it seriously when the site tells me I've been pwned. |
09-6-2016, 08:43 AM | #8 |
FFR Player
Join Date: Feb 2007
Posts: 458
|
Re: FFR Hacked.
*sigh* So now that I've logged into this site and changed my password, can any admin/moderator tell me why nobody was notified? Other sites that get their information stolen notify every single user so that those users can hopefully replace all common passwords before a issue arises with another account such as banking. This didn't affect me since I use different passwords for everything except a select few, but still, this doesn't look good when there are so many people potentially affected and they don't even know. I've looked at the news feed for the past ~8 months and see nothing from Feb 01 onward. You cannot cover this up, this is a huge problem that needs to be addressed.
Edit: After all these years, I still didn't get a different forum rank eh? Funny. Last edited by Saik0Shinigami; 09-6-2016 at 08:55 AM.. |
09-6-2016, 09:13 AM | #9 |
Snivy! Dohoho!
Join Date: Mar 2006
Age: 33
Posts: 6,161
|
Re: FFR Hacked.
Huh... guess that's why some users before reported they suddenly couldn't get in their accounts.
Makes sense I guess. |
09-6-2016, 09:14 AM | #10 | |
Private Messages, please.
|
Re: FFR Hacked.
Today, 6:56 AM
Greetings, We were informed by one of our information intelligence services that your e-mail address was compromised in a breach of the Flash Flash Revolution site. This does not necessarily mean that your BSU credentials have been exposed; however, if you use the same password for multiple sites it is possible. If you believe you've used the same password, please proceed with changing your BSU password by visiting https://password.bsu.edu/ If you have any questions, please let us know. The Office of Information Security Services Ball State University Muncie, IN 47306 765-285-4390 security@bsu.edu Email from my University. I guess this is real. -o24
__________________
Quote:
|
|
09-6-2016, 09:42 AM | #11 |
TWG Chaos
|
Re: FFR Hacked.
Pro tip:
Literally have passwords for everything. It's annoying as fuck but hell, it's great when you only need to change one password but not all. Just keep a book by your desk or the passwords in your phone or something.
__________________
|
09-6-2016, 09:42 AM | #12 |
Can't handle my ÆØÅ
|
Re: FFR Hacked.
Oh no Well as it turns out I've used a temporary pw for almost a year, and that actually saved me from being at risk on other sites
|
09-6-2016, 10:33 AM | #13 |
Picker @ JAX2
Join Date: Aug 2011
Posts: 505
|
Re: FFR Hacked.
hmm, i searched on both my main emails and neither came up for this breach, so i guess i used a throwaway when i registered this account. that actually makes sense, thinking back.
regardless, changing pw and probably my recovery email too to be in line |
09-6-2016, 10:47 AM | #14 |
Administrator
User Administrator
Join Date: Dec 2007
Location: Vancouver, BC
Age: 29
Posts: 3,902
|
Re: FFR Hacked.
We have no record of any data breaches of this scale being made, only attempts to compromise individual staff accounts. Since July, I have been focusing most of my attention on preparing the development site, so we can make the necessary upgrades to improve account security without breaking the site. We are continuing to dig around to find more details, as we currently know as much about the breach as haveibeenpwned.com provides.
Last edited by PrawnSkunk; 09-6-2016 at 11:11 AM.. Reason: compressed post info |
09-6-2016, 11:09 AM | #15 |
Keepin it Real since '05
Join Date: Mar 2005
Location: Steamboat Springa, CO
Age: 34
Posts: 549
|
Re: FFR Hacked.
uggggghhhhh i was pwned twice apparently. ffr and tumblr. password changes here we go
__________________
|
09-6-2016, 11:11 AM | #16 |
longing
Join Date: Dec 2007
Location: Ontario, Canada
Posts: 2,680
|
Re: FFR Hacked.
Development site = site we can go to and view and comment and help with the development of FFR??
Am I dreaming Jk I realize now you just mean create a test environment so you can make changes without it affecting the main site As long as there's no code in it that causes it to crash when you try to change from debug -> release lol (I'm lookin at you, FFR engine...) Edit: also lol somehow didn't get pwned which is funny to me.. Honestly I'm not worried if they just have md5 hashes lol, hell if they get passwords from those I'll actually be happy, maybe then I can learn how lolz cause as far as I'm concerned it's impossible. Edit2: alright maybe not "impossible" but it's pretty likely nothing would come of it.. Lol makes me wonder why they even use md5 for passwords, oh well Last edited by Dinglesberry; 09-6-2016 at 11:22 AM.. |
09-6-2016, 11:38 AM | #17 |
Washed and Irrelevant D7
Join Date: May 2012
Age: 26
Posts: 1,804
|
Re: FFR Hacked.
february? ive changed my password twice since then lol. spose i shouldnt be too worried then.
|
09-6-2016, 12:14 PM | #18 |
D7 Elite Keymasher
Join Date: Aug 2006
Age: 33
Posts: 6,003
|
Re: FFR Hacked.
Dam, hopefully they AAA things for me.
__________________
|
09-6-2016, 12:16 PM | #19 |
FFR Player
Join Date: May 2007
Posts: 1
|
Re: FFR Hacked.
MD5 is broken. There are rainbow tables available that will instantly reverse many passwords, and because the hash function is so cheap, tools like hashcat will rape MD5 even with salt. Say your password is "xsoekcnm" - random characters. But it's too short and can be instantly reversed, just search for md5 reverse and enter 4ecf096b453a0760b02bd0aa0f3740fa.
|
09-6-2016, 01:11 PM | #20 | |
longing
Join Date: Dec 2007
Location: Ontario, Canada
Posts: 2,680
|
Re: FFR Hacked.
Quote:
For example, lets get a real example in here for what we want to do: Lets say we have a database of 1,954,977 members. If the password isn't salted, it's literally a matter of running your tool or whatnot, iterating through the list for each "word", and see if any passwords match.. Sure, we need to check almost 2 million data entries like 70 million times, but I mean, it's not TOO bad.. Not only that, since the passwords are represented in our table, we actually don't need to hash anything or call anything to check it -> we just access the table and make our comparisions Essentially, imagine: we check the first word in the table, scan the "leak" for matches in the list of hashes, if so, boom, easy. If the password is salted however, NOTHING in that table is going to match anymore. Obviously, we know the salt - it's written right in the MD5 hash (since salted hash is just hash:salt or salt:hash or whatever), the person trying to crack knows the salt.. Despite this, the amount of work that has to be done is like freakin n^2 compared to n! lol.. If the passwords are salted, your table mapping "xsoekcnm" -> 4ecf096b453a0760b02bd0aa0f3740fa suddenly does not match - xsoekcnm doesn't hash to that anymore, so you would need to calculate md5($salt, $plaintextpw), and remake the table. Regardless, it's gonna slow it the hell down.. Now suddenly instead of: - for each word in the rainbow table - Parse hashes for match you are suddenly: - for each word in the rainbow table - calculate what hash would be generated using a given salt ---> (note, you might realise - in order to calculate what the hash would be for a given salt, they would need to know #1 a plaintext password and #2 the hash that is generated that corresponds to this plaintext password) - parse hashes for matches Regardless, I doubt anyone would bother doing this for this game.. there is literally no motivation behind trying to access anyone account here, to be honest. I can see if someone would want to hack the admins password or something, but even so, there really isn't a gain to that - what you should be worried about is using the same password for different websites, registered with that username/email. To be honest, I don't even think the leak was specifically regarding flashflashrevolution, but obviously I don't know for sure - probably related to this: https://haveibeenpwned.com/PwnedWebsites#VBulletin EDIT: lol nvm theres a specific section for just FFR https://haveibeenpwned.com/PwnedWebs...lashRevolution INTERNET FAMOUS BOIZ Last edited by Dinglesberry; 09-6-2016 at 01:27 PM.. |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|