ROM Hack PSA: "That ISO site" was hacked, exposing emails, usernames, IP addresses, and salted passwords!

Rhapsody · Sep 6, 2016

Information has recently come to light that "that ISO site" has been hacked (both the Wii U and 3DS variants), leaking emails, usernames, IP addresses, and salted MD5 passwords. This breach occurred in September of 2015. While this is a big deal, you're probably wondering, why post this here?

I realize that, even though we don't like to admit it, a lot of people download CIAs and ISOs from that site. From that, you can make a logical connection that most people are probably going to share their username and password with their GBATemp account and their "that ISO site" account, and sometimes even their email account. With that being said, this is a warning; if you use the password you use on "that ISO site" ANYWHERE else, you need to change the password immediately, or risk your account being compromised. I personally think that getting hacked because of a piracy site leaking details is a terrible way to go, but that's up to you if it happens.

"But Rhapsody," you ask, "you said the passwords are encrypted with MD5 and salted. There's nothing to worry about, right"? In a way, yes; CrackStation puts it best;

CrackStation said:
A password hashed using MD5 and salt is, for all practical purposes, just as secure as if it were hashed with SHA256 and salt. Nevertheless, it is a good idea to use a more secure hash function like SHA256, SHA512, RipeMD, or WHIRLPOOL if possible.

In other words, while your passwords aren't technically out there in plain text, it's still a good idea to change them. On the off-chance "that ISO site" was salting improperly, your password is easily crackable. To be safe, you should take the following steps;

Use a password manager like KeePass or LastPass so you can use unique passwords on each site.
Change your password on any site where you shared a password with "that ISO site", especially your email and GBATemp account if they do.
Ensure that your account hasn't been hacked. If it has, assess the damage, and, if possible, start cleaning it up.
Subscribe to https://haveibeenpwned.com/ on any email addresses you use to be aware of new major breaches.

I know that this is a lot more effort than normal internet users will want to put forward, but for the sake of keeping your accounts secure, you should really change your passwords now and make sure they're all unique, so something like this won't worry you. It's a lot easier when it's all set up.

DeslotlCL · Sep 6, 2016

Time to change my passwords :v

Raylight · Sep 6, 2016

that was a year ago if you signed up after that event your safe

Pacheko17 · Sep 6, 2016

Oh, that was in 2015. You bloody scared me mate. I signed up in January 2016.

Raylight · Sep 6, 2016

Pacheko17 said:
Oh, that was in 2015. You bloody scared me mate. I signed up in January 2016.

lol same

AshleyCummings · Sep 6, 2016

Wait I log into that site with my Facebook x.x great ...

Rhapsody · Sep 6, 2016

AshleyCummings said:
Wait I log into that site with my Facebook x.x great ...

If you log in via alternative methods, that shouldn't be an issue, since it never shares your password with the site (only a unique identifier). If you've ever signed into a website with Steam, it's just like that.

Sliter · Sep 6, 2016

I don't remind when I subscribed there but I hink I have som work to do when I get home ... I think the pass are different but I don't remember XD

Rhapsody said:
Subscribe to https://haveibeenpwned.com/ on any email addresses you use to be aware of new major breaches.

how this works?

Scarlet · Sep 6, 2016

;___________;

Of all the bad times to have joined eh? Ah well, pretty sure the password I have there is unique anyway. Gonna start using alias addresses in future and just delete them once I've made an account.

Rhapsody · Sep 6, 2016

Sliter said:
I don't remind when I subscribed there but I hink I have som work to do when I get home ... I think the pass are different but I don't remember XD

how this works?

Haveibeenpwned is a site that looks through information leaked in large website breaches, and tells people who search their email address what leaks they were involved in. It doesn't provide any of this information to anyone else.

Deleted-379826 · Sep 6, 2016

Sliter said:
I don't remind when I subscribed there but I hink I have som work to do when I get home ... I think the pass are different but I don't remember XD

how this works?

They will send you emails about all breaches they know about

Justinde75 · Sep 6, 2016

Good that I joined back in Febuary

BasedIndex · Sep 6, 2016

I knew this would happen.
That's why I use a simpler password. Always use simpler passwords for hacking communities/warez etc.
Cheers.

The Catboy · Sep 6, 2016

Eh, I may have joined after the hack, but it was time to change my passwords anyways.

DinohScene · Sep 6, 2016

Another reminder why I don't sign up quickly.

ThunderbInazuma · Sep 6, 2016

Really? I signed in in October xD

Dimensional · Sep 6, 2016

It's a good thing I've never been on there. Kind of hard to have an account to be breached if you don't go there. Then again... I have no clue what the site's name is, so.... *shrugs* Not that I'm going to ask around.

hyprskllz · Sep 6, 2016

What about the PSP and PS3 site? Is it hacked too?
My PSP site account has been since about 7 years ago.

yuyuyup · Sep 6, 2016

hooray I used a burner email but thanks for the reminder

Thunder Kai · Sep 6, 2016

Joined 1-6-2016

ROM Hack PSA: "That ISO site" was hacked, exposing emails, usernames, IP addresses, and salted passwords!

Well-Known Member

GBAtemp's scalie trash

Paranoid Temper

Controversial opinions guy.

Paranoid Temper

Gamer Girl

Well-Known Member

Well-Known Member

Onion Soup

Well-Known Member

Deleted-379826

Guest

Well-Known Member

splendid

GBAtemp Official Catboy™: Boywife

Gay twink catboy

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

#TeamRem

Similar threads

Popular threads in this forum