this post was submitted on 10 Oct 2024
130 points (98.5% liked)

PC Gaming

8568 readers
558 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
130
Change your passwords: Attackers claim a 'catastrophic security breach' of the Internet Archive, with 31 million emails and hashed passwords captured [also Archive.org under DDoS] (www.pcgamer.com)
submitted 1 month ago by [email protected] to c/[email protected]
24 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 month ago* (last edited 1 month ago) (7 children)

I managed to get in and change mine last night. So you just have to keep hammering that refresh button until you overcome whoever this asshole is that's DOSing the site. Maybe even do it on several computers, and write a script to help.

Edit: Joke, don't do.

[–] [email protected] 14 points 1 month ago (6 children)

You're contributing to the DDoS attack. Just wait, if your password is good enough and not in use elsewhere it should take a while to crack the hash.

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (3 children)

This might be a silly question but it might not - if let's say 5 (or even 50) people use the same username and password in multiple sites, and they have another site's leak. Would they be able to easily crack the hash?

[–] [email protected] 3 points 1 month ago

Not a silly question! The answer is technically yes, but not really.

Considering there are still sites that store plaintext passwords, there has to be some that just hash it and call it a day. For those, once you crack the hash, you know everyone with the same hash has the same password. Any real site does some more complex stuff to "personalise" each hashed password.

The real issue is when you reuse the password and it gets cracked once, people will try that with your email for other leaks and live sites. If a lot of people use the same password (like "password123"), they're likely to try it as one of the first guesses to crack any new leaks.

I'm oversimplifying my already oversimplified knowledge of basic cryptography, but it's a really interesting topic!

load more comments (2 replies)
load more comments (4 replies)
load more comments (4 replies)