PSA: "That ISO site" was hacked, exposing emails, usernames, IP addresses, and salted passwords!

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by Rhapsody, Sep 6, 2016.

  1. Rhapsody
    OP

    Rhapsody GBAtemp Regular

    Member
    210
    87
    Jan 4, 2016
    United States
    United States
    Information has recently come to light that "that ISO site" has been hacked (both the Wii U and 3DS variants), leaking emails, usernames, IP addresses, and salted MD5 passwords. This breach occurred in September of 2015. While this is a big deal, you're probably wondering, why post this here?

    I realize that, even though we don't like to admit it, a lot of people download CIAs and ISOs from that site. From that, you can make a logical connection that most people are probably going to share their username and password with their GBATemp account and their "that ISO site" account, and sometimes even their email account. With that being said, this is a warning; if you use the password you use on "that ISO site" ANYWHERE else, you need to change the password immediately, or risk your account being compromised. I personally think that getting hacked because of a piracy site leaking details is a terrible way to go, but that's up to you if it happens.

    "But Rhapsody," you ask, "you said the passwords are encrypted with MD5 and salted. There's nothing to worry about, right"? In a way, yes; CrackStation puts it best;

    In other words, while your passwords aren't technically out there in plain text, it's still a good idea to change them. On the off-chance "that ISO site" was salting improperly, your password is easily crackable. To be safe, you should take the following steps;
    1. Use a password manager like KeePass or LastPass so you can use unique passwords on each site.
    2. Change your password on any site where you shared a password with "that ISO site", especially your email and GBATemp account if they do.
    3. Ensure that your account hasn't been hacked. If it has, assess the damage, and, if possible, start cleaning it up.
    4. Subscribe to https://haveibeenpwned.com/ on any email addresses you use to be aware of new major breaches.
    I know that this is a lot more effort than normal internet users will want to put forward, but for the sake of keeping your accounts secure, you should really change your passwords now and make sure they're all unique, so something like this won't worry you. It's a lot easier when it's all set up.
     
    Last edited by Rhapsody, Sep 6, 2016


  2. DeslotlCL

    DeslotlCL GBAtemp's Saint Holy Sword Dragon

    Member
    1,902
    2,096
    Oct 28, 2015
    Chile
    under your bed
    Time to change my passwords :v
     
  3. Raylight

    Raylight Paranoid Temper

    Member
    984
    359
    May 10, 2014
    United States
    Who wants to know?
    that was a year ago if you signed up after that event your safe
     
    Subtle Demise likes this.
  4. Pacheko17

    Pacheko17 かっこい男の子

    Member
    1,171
    1,085
    Jan 31, 2015
    Brazil
    Southern Confederation
    Oh, that was in 2015. You bloody scared me mate. I signed up in January 2016.
     
    Subtle Demise, Darkyose and Raylight like this.
  5. Raylight

    Raylight Paranoid Temper

    Member
    984
    359
    May 10, 2014
    United States
    Who wants to know?
    lol same
     
  6. AshleyCummings

    AshleyCummings Gamer Girl

    Member
    506
    102
    Dec 14, 2011
    United States
    Simmers Nation
    Wait I log into that site with my Facebook x.x great ...
     
  7. Rhapsody
    OP

    Rhapsody GBAtemp Regular

    Member
    210
    87
    Jan 4, 2016
    United States
    United States
    If you log in via alternative methods, that shouldn't be an issue, since it never shares your password with the site (only a unique identifier). If you've ever signed into a website with Steam, it's just like that.
     
  8. Sliter

    Sliter GBAtemp Psycho!

    Member
    3,027
    789
    Dec 7, 2013
    Brazil
    ᕕ( ᐛ )ᕗ
    I don't remind when I subscribed there but I hink I have som work to do when I get home ... I think the pass are different but I don't remember XD

    how this works?
     
  9. Scarlet

    Scarlet Phone Charm

    Member
    GBAtemp Patron
    Scarlet is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    1,790
    1,866
    Jan 7, 2015
    United Kingdom
    Middleish North-Right
    ;___________;

    [​IMG]

    Of all the bad times to have joined eh? Ah well, pretty sure the password I have there is unique anyway. Gonna start using alias addresses in future and just delete them once I've made an account.
     
    RemixDeluxe likes this.
  10. Rhapsody
    OP

    Rhapsody GBAtemp Regular

    Member
    210
    87
    Jan 4, 2016
    United States
    United States
    Haveibeenpwned is a site that looks through information leaked in large website breaches, and tells people who search their email address what leaks they were involved in. It doesn't provide any of this information to anyone else.
     
    Sliter likes this.
  11. TheVinAnator

    TheVinAnator GBATemp's Greatest Vin

    Member
    3,551
    2,556
    Jan 10, 2016
    Canada
    NO COFFEI!
    They will send you emails about all breaches they know about
     
    Sliter likes this.
  12. Justinde75

    Justinde75 VGM Addict

    Member
    1,654
    2,071
    Feb 14, 2016
    Germany
    Iwatodai Dorm
    Good that I joined back in Febuary
     
    TheVinAnator likes this.
  13. BasedIndex

    BasedIndex Hey, that's pretty good!

    Member
    304
    98
    Dec 18, 2015
    Russia
    sysnand
    I knew this would happen.
    That's why I use a simpler password. Always use simpler passwords for hacking communities/warez etc.
    Cheers.
     
  14. Lilith Valentine

    Lilith Valentine GBATemp's Wolfdog™ Cuddle lesbian

    Member
    19,788
    20,605
    Sep 13, 2009
    Antarctica
    Between insane and insecure
    Eh, I may have joined after the hack, but it was time to change my passwords anyways.
     
  15. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    15,843
    12,299
    Oct 11, 2011
    Antarctica
    В небо
    Another reminder why I don't sign up quickly.
     
  16. ThunderbInazuma

    ThunderbInazuma Pocket Rotom

    Member
    443
    113
    Aug 31, 2015
    Portugal
    Really? I signed in in October xD
     
  17. Dimensional

    Dimensional GBAtemp Advanced Fan

    Member
    597
    84
    Dec 7, 2008
    United States
    Texas
    It's a good thing I've never been on there. Kind of hard to have an account to be breached if you don't go there. Then again... I have no clue what the site's name is, so.... *shrugs* Not that I'm going to ask around.
     
  18. hyprskllz

    hyprskllz Gashatto!!

    Member
    542
    174
    Apr 19, 2016
    Indonesia
    Auldrant
    What about the PSP and PS3 site? Is it hacked too?
    My PSP site account has been since about 7 years ago.
     
  19. yuyuyup

    yuyuyup GBAtemp Psycho!

    Member
    3,336
    773
    Apr 30, 2006
    United States
    USA MTN timezone
    hooray I used a burner email but thanks for the reminder
     
  20. Thunder Kai

    Thunder Kai #TeamRem

    Member
    1,345
    369
    Sep 4, 2015
    United States
    With Rem
    Joined 1-6-2016 :)
     
    Pacheko17 and Raylight like this.