Homebrew 3dsthemes.com is GONE?

[Deleted User]

How so? Anyone can get this data - WHOIS lookup 3dsthemes.com and then use the link and CAPTCHA.

 

[Wolfy]

I don't know who he is, but I will find him, and kill him...

 

[ric.]

How so? Anyone can get this data - WHOIS lookup 3dsthemes.com and then use the link and CAPTCHA.

Yeah, but you did kinda post sensitive information about someone (like address and phone number) on a public forum. Not cool.

 

[Xenon Hacks]

Did you just inadvertedly dox someone?

Do you know what doxxing is? Thats just a simple who is database entry.

 

[Deleted User]

I did just redact it,so you can all stop complaining at me xD

 

[ric.]

Do you know what doxxing is? Thats just a simple who is database entry.

According to Wikipedia, doxing is:

Doxing (from dox, abbreviation of documents),[1] or doxxing,[2][3] is the Internet-based practice of researching and broadcasting personally identifiable information about an individual.[3][4][5][6]

The methods employed to acquire this information include searching publicly available databases and social mediawebsites (like Facebook), hacking, and social engineering. It is closely related to internet vigilantism and hacktivism.

So yeah, this *is* doxing, technically. I know @PokeAcer didn't do it out of malice, but posting someone's personal information on a public forum is not cool.

 

[Suwazo]

So is my password and stuff compromised or what?

 

[Xenon Hacks]

So is my password and stuff compromised or what?

Assuming that email's were visible in plain text like stated in the main thread it's safe to assume passwords were aswell so im going to assume yes.

 

[Deleted User]

It might be, but people probably destroyed the DB instead of stealing passwords.
@ric. well I edited the post, you never edited my quote so now you and @Wolfy both have the data in it.

 

[Tjessx]

So is my password and stuff compromised or what?

If it was saved as plain text,

 

[ric.]

It might be, but people probably destroyed the DB instead of stealing passwords.
@ric. well I edited the post, you never edited my quote so now you and @Wolfy both have the data in it.

Done, I edited mine too.

 

[Deleted User]

*facepalm*
SHA256 takes like 4 seconds extra to add into PHP, and then you just make it check the db.
AND MAKE IT USE A SALT

 

[Tjessx]

*facepalm*
SHA256 takes like 4 seconds extra to add into PHP, and then you just make it check the db.
AND MAKE IT USE A SALT

Don't use SHA356, to easy to crack, they could have used "password_hash()" and "password_verify()", uncrackable

 

[Deleted User]

Don't use SHA356, to easy to crack, they could have used "password_hash()" and "password_verify()", uncrackable

Better than cleartext, and with a salt it'd be pretty good.

 

[Wolfy]

Well I'm not too cruel so I edited mine as well.

 

[porkiewpyne]

Not at all.
That's like saying 'sorry your password was stolen, we didn't expect anyone to go into our MySQL database and read them in clear text, even though we KNEW people could do it and we left thtat in!'

I think you guys are disagreeing on different grounds. Could the site have done better? Yeah, definitely. They are to share part of the blame due to their negligence. Having said that, it doesn't mean that the hacker(s) aren't to blame either. If anything, they are more to blame due to the difference in intent, i.e. the hacker actively did what he did out of ill will. A more fitting analogy would be someone having his car stolen because he left the keys inside. Stupid thing to do, no doubt but it does not make it any less wrong to steal the said car.

But yea, just my 2 cents with regards to the proportion of blame. Kinda going off topic. Do proceed

 

[xfade59691]

most passwords were safe like they did a password check or some shit. some looked like md5, some were something else, and some were clearly plain txt. maybe older accounts stored in plain txt

emails, ip, display names, and tons of other data is not safe.

i recommend updating passwords as we were not the first ones to get this data.

also ps, yor files are safe

proof http://3dsthemes.com/themes/2059371da185de5debc4ec7bbcbe7686/Preview.png

 

[Arubaro]

If the webmaster don't have a backup, maybe the hacker? 8D

And the db is gone, so I wouldn't worry too much about the personal information
(unless you were enough unfortunate to be one of the users whose account was stolen)

 

[Wolfy]

most passwords were safe like they did a password check or some shit. some looked like md5, some were something else, and some were clearly plain txt. maybe older accounts stored in plain txt

emails, ip, display names, and tons of other data is not safe.

i recommend updating passwords as we were not the first ones to get this data.

also ps, yor files are safe

proof http://3dsthemes.com/themes/2059371da185de5debc4ec7bbcbe7686/Preview.png

Great! This means the themes aren't gone, now they just need to get it back up and of course fix the vunerability.

 

[xfade59691]

the db was wiped clean, so if they dont have back up, themes will be nothing but files on the server.

i dont have a back up so you guys beter hope the devs do

i also advise that you worry about personal data because i was not the first one to find this exploit. so someone else might have the data