Russian Hackers Steal Over 1,000,000,000 (A Billion) Usernames and Passwords

[hoo]

Oh boy.
www.nbcnews.com/#/tech/security/russian-hackers-said-haul-over-billion-stolen-emails-passwords-n173401
Let's hope none of us got our stuff stolen.

[CrypticQuery]

If you use the same password for everything that you've ever done on the internet, now would be a good time to change that.

[hoo]

Yes, yes it would. :P

[LazerMaster5]

This is some scary shit right here. I certainly hope this site was not affected, even though I doubt the Russians care about what goes on in the forums.

[hoo]

Yeah, they probably won't do anything here, but you can't be too sure.

[Jimmy Darnell]

So the Russians stole usernames and passwords that were already stolen? Sloppy sloppy sloppy.

[hoo]

Small typo. Had other things on my mind at the time.

[Jimmy Darnell]

I know, couldnt resist. XD

[Gestalt]

-=How to Forum=-

 

LESSON 62: Edit Thread/Topic Titles

 

- to edit the title of your thread/topic, click the "Edit" on the first post then click "Use Full Editor" 

 

next time on HtF,

 

LESSON 63: Avoiding Ban Hammers

-------

 

Not to worry, I was just about to retire some of my better passwords.

[Flare]

*bank account is empty* *email only gets spam anyway*

For some reason this doesn't bother me. Wonder why.

[Scourge]

Bank accounts fine

 

website passwords all re-assigned random numbers and letters

 

Steam account still mine

 

facebook (the aging old thing that I never touch) is fine

 

 

...think I came out un-scathed.

[Ori]

Finally a good enough reason I get rid of FB.

 

Changing my passwords as we speak before I get weird shit showing up at dA.

^{oh wait}

[Vulvokunvrii]

Well I don'y even remember my password for this site. The change email land password thing keeps saying the password is incorrect. Oh well I guess.

[Gestalt]

Well I don'y even remember my password for this site. The change email land password thing keeps saying the password is incorrect. Oh well I guess.

 

I know it is a bit buggy and confusing, but this actually means that your password was prolly changed to the new one that was just submitted. You should prolly sign out and check both.

[DZComposer]

Not sanitizing data input to prevent SQL injection is just plain incompetence.

Yet it happens everywhere. Even big multinational companies get data stolen this way.

It's 2014, people, THIS IS WEBDEV 101 SHIT!

Relevant XKCD:

http://xkcd.com/327/

Also, for the love of God, HASH PASSWORDS. People still store them in plain text. Also, everything's better with SALT. This shit isn't hard, they just need to fucking do it: Hash the password. Don't use MD5. Use a good, randomized, salt. Fuck, there are pre-built algorithms for this shit in just about every framework out there! There is no excuse for this!

How many times does shit like this need to happen before developers learn this? IT'S BEEN MADE EASY! THERE IS NO EXCUSE TO DO A SHIT JOB WITH SQL SANITIZATION. THERE IS NO EXCUSE TO DO A SHIT JOB STORING PASSWORDS.

[Vulvokunvrii]

I know it is a bit buggy and confusing, but this actually means that your password was prolly changed to the new one that was just submitted you should prolly sign out and check both.

Well I told it I "forgot" my password. Now my password is a jumble of crap. So maybe that'll be okay.

[Patch93]

I just changed both of my Google passwords.

[Vulvokunvrii]

I don't even know how to do anything to my google account. Thanks to Google plus fucking everything up, nothing makes sense to me now.