- Joined
- Jan 4, 2016
- Messages
- 252
- Trophies
- 0
- Age
- 28
- Location
- United States
- Website
- www.google.com
- XP
- 1,023
- Country
Information has recently come to light that "that ISO site" has been hacked (both the Wii U and 3DS variants), leaking emails, usernames, IP addresses, and salted MD5 passwords. This breach occurred in September of 2015. While this is a big deal, you're probably wondering, why post this here?
I realize that, even though we don't like to admit it, a lot of people download CIAs and ISOs from that site. From that, you can make a logical connection that most people are probably going to share their username and password with their GBATemp account and their "that ISO site" account, and sometimes even their email account. With that being said, this is a warning; if you use the password you use on "that ISO site" ANYWHERE else, you need to change the password immediately, or risk your account being compromised. I personally think that getting hacked because of a piracy site leaking details is a terrible way to go, but that's up to you if it happens.
"But Rhapsody," you ask, "you said the passwords are encrypted with MD5 and salted. There's nothing to worry about, right"? In a way, yes; CrackStation puts it best;
In other words, while your passwords aren't technically out there in plain text, it's still a good idea to change them. On the off-chance "that ISO site" was salting improperly, your password is easily crackable. To be safe, you should take the following steps;
I realize that, even though we don't like to admit it, a lot of people download CIAs and ISOs from that site. From that, you can make a logical connection that most people are probably going to share their username and password with their GBATemp account and their "that ISO site" account, and sometimes even their email account. With that being said, this is a warning; if you use the password you use on "that ISO site" ANYWHERE else, you need to change the password immediately, or risk your account being compromised. I personally think that getting hacked because of a piracy site leaking details is a terrible way to go, but that's up to you if it happens.
"But Rhapsody," you ask, "you said the passwords are encrypted with MD5 and salted. There's nothing to worry about, right"? In a way, yes; CrackStation puts it best;
CrackStation said:A password hashed using MD5 and salt is, for all practical purposes, just as secure as if it were hashed with SHA256 and salt. Nevertheless, it is a good idea to use a more secure hash function like SHA256, SHA512, RipeMD, or WHIRLPOOL if possible.
In other words, while your passwords aren't technically out there in plain text, it's still a good idea to change them. On the off-chance "that ISO site" was salting improperly, your password is easily crackable. To be safe, you should take the following steps;
- Use a password manager like KeePass or LastPass so you can use unique passwords on each site.
- Change your password on any site where you shared a password with "that ISO site", especially your email and GBATemp account if they do.
- Ensure that your account hasn't been hacked. If it has, assess the damage, and, if possible, start cleaning it up.
- Subscribe to https://haveibeenpwned.com/ on any email addresses you use to be aware of new major breaches.
Last edited by Rhapsody,