ROM Hack PSA: "That ISO site" was hacked, exposing emails, usernames, IP addresses, and salted passwords!

Rhapsody

Well-Known Member
OP
Member
Joined
Jan 4, 2016
Messages
252
Trophies
0
Age
26
Location
United States
Website
www.google.com
XP
619
Country
United States
Information has recently come to light that "that ISO site" has been hacked (both the Wii U and 3DS variants), leaking emails, usernames, IP addresses, and salted MD5 passwords. This breach occurred in September of 2015. While this is a big deal, you're probably wondering, why post this here?

I realize that, even though we don't like to admit it, a lot of people download CIAs and ISOs from that site. From that, you can make a logical connection that most people are probably going to share their username and password with their GBATemp account and their "that ISO site" account, and sometimes even their email account. With that being said, this is a warning; if you use the password you use on "that ISO site" ANYWHERE else, you need to change the password immediately, or risk your account being compromised. I personally think that getting hacked because of a piracy site leaking details is a terrible way to go, but that's up to you if it happens.

"But Rhapsody," you ask, "you said the passwords are encrypted with MD5 and salted. There's nothing to worry about, right"? In a way, yes; CrackStation puts it best;

CrackStation said:
A password hashed using MD5 and salt is, for all practical purposes, just as secure as if it were hashed with SHA256 and salt. Nevertheless, it is a good idea to use a more secure hash function like SHA256, SHA512, RipeMD, or WHIRLPOOL if possible.

In other words, while your passwords aren't technically out there in plain text, it's still a good idea to change them. On the off-chance "that ISO site" was salting improperly, your password is easily crackable. To be safe, you should take the following steps;
  1. Use a password manager like KeePass or LastPass so you can use unique passwords on each site.
  2. Change your password on any site where you shared a password with "that ISO site", especially your email and GBATemp account if they do.
  3. Ensure that your account hasn't been hacked. If it has, assess the damage, and, if possible, start cleaning it up.
  4. Subscribe to https://haveibeenpwned.com/ on any email addresses you use to be aware of new major breaches.
I know that this is a lot more effort than normal internet users will want to put forward, but for the sake of keeping your accounts secure, you should really change your passwords now and make sure they're all unique, so something like this won't worry you. It's a lot easier when it's all set up.
 
Last edited by Rhapsody,

Scarlet

Soy Consoomer
Editorial Team
GBAtemp Patron
Joined
Jan 7, 2015
Messages
4,522
Trophies
2
Location
Middleish North-Right
XP
11,342
Country
United Kingdom
;___________;

dkRglHF.png


Of all the bad times to have joined eh? Ah well, pretty sure the password I have there is unique anyway. Gonna start using alias addresses in future and just delete them once I've made an account.
 
  • Like
Reactions: RemixDeluxe

Rhapsody

Well-Known Member
OP
Member
Joined
Jan 4, 2016
Messages
252
Trophies
0
Age
26
Location
United States
Website
www.google.com
XP
619
Country
United States
I don't remind when I subscribed there but I hink I have som work to do when I get home ... I think the pass are different but I don't remember XD


how this works?

Haveibeenpwned is a site that looks through information leaked in large website breaches, and tells people who search their email address what leaks they were involved in. It doesn't provide any of this information to anyone else.
 
  • Like
Reactions: Sliter
D

Deleted-379826

Guest
I don't remind when I subscribed there but I hink I have som work to do when I get home ... I think the pass are different but I don't remember XD


how this works?
They will send you emails about all breaches they know about
 
  • Like
Reactions: Sliter

Dimensional

Well-Known Member
Member
Joined
Dec 7, 2008
Messages
978
Trophies
1
Age
32
Location
Texas
XP
2,275
Country
United States
It's a good thing I've never been on there. Kind of hard to have an account to be breached if you don't go there. Then again... I have no clue what the site's name is, so.... *shrugs* Not that I'm going to ask around.
 

You may also like...

General chit-chat
Help Users
    K3N1 @ K3N1: https://youtube.com/shorts/LbCYxWgi9hw?feature=share