ROM Hack PSA: "That ISO site" was hacked, exposing emails, usernames, IP addresses, and salted passwords!

[Capitán Retraso]

Thats another idiot that has nothing better to do with his life.... feelsbadman
Edit: Troll post is gone now

 

[yacepi15]

Information has recently come to light that "that ISO site" has been hacked (both the Wii U and 3DS variants), leaking emails, usernames, IP addresses, and salted MD5 passwords. This breach occurred in September of 2015. While this is a big deal, you're probably wondering, why post this here?

I realize that, even though we don't like to admit it, a lot of people download CIAs and ISOs from that site. From that, you can make a logical connection that most people are probably going to share their username and password with their GBATemp account and their "that ISO site" account, and sometimes even their email account. With that being said, this is a warning; if you use the password you use on "that ISO site" ANYWHERE else, you need to change the password immediately, or risk your account being compromised. I personally think that getting hacked because of a piracy site leaking details is a terrible way to go, but that's up to you if it happens.

"But Rhapsody," you ask, "you said the passwords are encrypted with MD5 and salted. There's nothing to worry about, right"? In a way, yes; CrackStation puts it best;



In other words, while your passwords aren't technically out there in plain text, it's still a good idea to change them. On the off-chance "that ISO site" was salting improperly, your password is easily crackable. To be safe, you should take the following steps;

1. Use a password manager like KeePass or LastPass so you can use unique passwords on each site.
2. Change your password on any site where you shared a password with "that ISO site", especially your email and GBATemp account if they do.
3. Ensure that your account hasn't been hacked. If it has, assess the damage, and, if possible, start cleaning it up.
4. Subscribe to https://haveibeenpwned.com/ on any email addresses you use to be aware of new major breaches.

I know that this is a lot more effort than normal internet users will want to put forward, but for the sake of keeping your accounts secure, you should really change your passwords now and make sure they're all unique, so something like this won't worry you. It's a lot easier when it's all set up.

I have forgotten my password when GW 9.2 was launched and i used one that was sent to my email, only for the 3DS site. In the WiiU site i used directly that password. That website wrotten by the OP says me that only my WiiU site account its compromised. Im safe.

 

[Thunder Kai]

I have forgotten my password when GW 9.2 was launched and i used one that was sent to my email, only for the 3DS site. In the WiiU site i used directly that password. That website says me that only my *delet* Site account its compromised. Im safe.

Edit out the site names, it's against the rules

 

[yacepi15]

Edit out the site names, it's against the rules

Done.

 

[Februarysn0w]

posted wrong thread. sorry.

 

[Rhapsody]

I have forgotten my password when GW 9.2 was launched and i used one that was sent to my email, only for the 3DS site. In the WiiU site i used directly that password. That website wrotten by the OP says me that only my WiiU site account its compromised. Im safe.

The website says only one of them, but they both use the same login details; if you sign up for one, you're signed up for the other. You're compromised.

 

[Joom]

Why did it take a year for this to come to light?

 

[Sliter]

Haveibeenpwned is a site that looks through information leaked in large website breaches, and tells people who search their email address what leaks they were involved in. It doesn't provide any of this information to anyone else.

They will send you emails about all breaches they know about

nice! thanks

 

[Rhapsody]

Why did it take a year for this to come to light?

Sometimes there's a delay between when someone releases the info they hacked the site for, and sometimes there's a delay from when the site owners inform the users about it. It happened that one of those two conditions took a year to come to light. I took a look through the site to see if the webmasters even informed people about this, and it seems like they didn't; chances are they weren't even aware they were hacked.

 

[Sliter]

I got problem on tumblr, linkedin (this sheet only serve do disturb me xp) adobe and that wiiu ... i had account on wiiu site? õ3o lol

 

[Rhapsody]

I got problem on tumblr, linkedin (this sheet only serve do disturb me xp) adobe and that wiiu ... i had account on wiiu site? õ3o lol

Logins between the two ISO sites (for Wii U and for 3DS) are shared since they're run by the same people. If you're compromised on one, you're compromised on both.

 

[Sheimi]

I changed my password idk how many times from when sites get hacked. Now all are written on paper.

 

[Sliter]

Logins between the two ISO sites (for Wii U and for 3DS) are shared since they're run by the same people. If you're compromised on one, you're compromised on both.

oh I see o-o

 

[migles]

glad that i started to use a stupid dumb basic passwords on sites that i barely use like that 3ds iso site, if someone gets my password from there, hope it's good use for ya

bugmenot is a really cool website, i don't get the "you must login or create an account to download one file"
a "guest account" is a really good idea, it prevents spam and you don't need to create an entire new account to use it for 5 minutes...
i know, they want people to participate and show some support for free stuff but come on.. if i require 5 posts or 10 posts to download just that single file, either i go away or create 5 "almost helpfull" with no real content coments...

 

[Luckkill4u]

It's funny because I created a thread on that iso site about the breach quite a while ago but the admin deleted my thread.
Kinda gave me a feeling that either the site owner doesn't care or was in on it.

Sent from my Samsung Galaxy S7

 

[Futurdreamz]

Which site? Are we talking about R*****t***? I checked haveibeenpwned and my email address is still clear. I checked it's home page and there's no indications of a hack.

 

[BADDINOROX99]

I barely joined this year in January I think....so I'm pretty sure it's fine since it happened last year anyway why post until now if nothing has happened to anyone here as far as I can tell

Sent from my Nexus 6 using Tapatalk

 

[AgentChet]

All ISO sites were hacked and released. A better source to find this info is https://www.leakedsource.com/
For only pennies, you can see your real password, email address, IP address, etc. from the database breach.

Very disappointed in the management of the site over there. No public announcement to alert the users. Really a lot of CHAOS if you ask me.
From now on folks, if you see a site running Vbulletin, RUN!

Update: Actually glad Gbatemp moved to Xenforo and away from VB honestly Great call team

 

[Hanafuda]

I just registered there last week. I'm just ..

 

[Lightyose]

I thought I was an endangered specie...
Thank God it was last year! '_'