Notification of data breach in 2016

LadyPsychic · Aug 2, 2019

To be honest, I never change my password. Then again, I don't buy stuff online, use credit cards, or even look up my bank account online precisely so stuff like this won't affect me. Anyways, I'm kind of concerned about the password change. You see, I haven't been able to get in my email account for the past few months (I never read my email anyways so I just left it alone). I'm worried that I might not be able to change my password if I can't get into my email (and thus, be locked out of my account). Is there anything I can do?

sothis · Aug 2, 2019

LadyPsychic said:
To be honest, I never change my password. Then again, I don't buy stuff online, use credit cards, or even look up my bank account online precisely so stuff like this won't affect me. Anyways, I'm kind of concerned about the password change. You see, I haven't been able to get in my email account for the past few months (I never read my email anyways so I just left it alone). I'm worried that I might not be able to change my password if I can't get into my email (and thus, be locked out of my account). Is there anything I can do?

Update your email address on file to one that you can access, then change your password.

LadyPsychic · Aug 2, 2019

sothis said:
Update your email address on file to one that you can access, then change your password.

The problem is that I only have one email address and I don't know how to get a new one (I've had my email since I was a teen and my mother set that one up for me. I'm technologically inept.)

Fluffs · Aug 3, 2019

LadyPsychic said:
The problem is that I only have one email address and I don't know how to get a new one (I've had my email since I was a teen and my mother set that one up for me. I'm technologically inept.)

https://support.google.com/mail/answer/56256?hl=en Instructions on how to create a Gmail account
or you can sign up here for a Microsoft account
https://signup.live.com/?lic=1 (these would be @hotmail, @outlook)

(any other provider would work as well, think Gmail is your best option as they have step by step instructions ^^)

Starra · Aug 3, 2019

A dumbass question: I reset my password the other day (I think I've changed it since 2016, but, being a moderator, I wanted to be extra careful). Will I have to reset it again when the forced reset comes around, or am I okay since I've already changed it since this announcement?

It's not that I mind changing it again, I just can't work it out lol.

Kari5 · Aug 3, 2019

LadyPsychic said:
The problem is that I only have one email address and I don't know how to get a new one (I've had my email since I was a teen and my mother set that one up for me. I'm technologically inept.)

Just go to any email system and hit 'new account'. Its just like opening an AP account, just choose 'username' and password.
Gmail, Outlook (hotmail), Yahoo...there are options but they all basically do the same.

LadyPsychic · Aug 4, 2019

Fluffs said:
https://support.google.com/mail/answer/56256?hl=en Instructions on how to create a Gmail account
or you can sign up here for a Microsoft account
https://signup.live.com/?lic=1 (these would be @hotmail, @outlook)

(any other provider would work as well, think Gmail is your best option as they have step by step instructions ^^)

Kari5 said:
Just go to any email system and hit 'new account'. Its just like opening an AP account, just choose 'username' and password.
Gmail, Outlook (hotmail), Yahoo...there are options but they all basically do the same.

Thanks for the suggestions. I think I'll see if I can get my current email to work first, but if I can't then I'll see about getting a Gmail account or something.

joey007 · Aug 4, 2019

The problem is that I only have one email address and I don't know how to get a new one (I've had my email since I was a teen and my mother set that one up for me. I'm technologically inept.)

Grizz · Aug 4, 2019

joey007 said:
The problem is that I only have one email address and I don't know how to get a new one (I've had my email since I was a teen and my mother set that one up for me. I'm technologically inept.)

Two people have stated how to do that above.

https://support.google.com/mail/answer/56256?hl=en Instructions on how to create a Gmail account
or you can sign up here for a Microsoft account
https://signup.live.com/?lic=1 (these would be @hotmail, @outlook)

(any other provider would work as well, think Gmail is your best option as they have step by step instructions ^^)

Just go to any email system and hit 'new account'. Its just like opening an AP account, just choose 'username' and password.
Gmail, Outlook (hotmail), Yahoo...there are options but they all basically do the same.

GlennMagusHarvey · Aug 5, 2019

OmegaYami said:
it's no secret (anymore) that all data people thought "private" are actually public domain.

Well, I agree but not for passwords.

Like, all those silly blogposts and status posts and blathering on social media, all that is stuff that many people are used to being relatively "private" in the sense of being only known to friends, but are actually known to the entire world if anyone wants to dig for them, because they're on the internet and like a permanent record of a person's activity.

But stuff like passwords explicitly should not be part of that.

(Also, "public domain" has a specialized legal meaning that is not related to privacy but rather is related to copyright.)

OmegaYami · Aug 6, 2019

GlennMagusHarvey said:
Well, I agree but not for passwords.

Like, all those silly blogposts and status posts and blathering on social media, all that is stuff that many people are used to being relatively "private" in the sense of being only known to friends, but are actually known to the entire world if anyone wants to dig for them, because they're on the internet and like a permanent record of a person's activity.

But stuff like passwords explicitly should not be part of that.

(Also, "public domain" has a specialized legal meaning that is not related to privacy but rather is related to copyright.)

I was not pointing what should or shouldn't be, I am merely stating a fact. Unless people have been living under a rock for the past years, they know -even in a superficial and non-technical way- how personal, and often private, data are all available on Internet.
Privacy issues and data breaches have burnt billion dollars this past year alone (tech and finance are part of my daily routine), so there is no surprise in gaining awareness of the fact that even if you think something is not available on the Internet, in truth it is.

Demonskid · Aug 6, 2019

I had gotten an email from I have been pwned a few weeks ago about this and changed my password then. o3o
I hate that hackers target my favorite anime websites.

You all do a good job keeping up with these things, thank you. OvO

chad28 · Aug 6, 2019

so the hashed password are not safe, they can be decoded, correct?
and therefore we should change our password, right?

GlennMagusHarvey · Aug 6, 2019

chad28 said:
so the hashed password are not safe, they can be decoded, correct?
and therefore we should change our password, right?

Ideally, a hashed password can't be decoded, but that depends on how they're encoded.

(I don't know the technical details.)

StarsMine · Aug 6, 2019

chad28 said:
so the hashed password are not safe, they can be decoded, correct?
and therefore we should change our password, right?

Generally no, they cant be decoded, but if you know the hash function you can brute force small character/character sets and past that its usually using LUTs (look up tables) from previous hacks.

ChalamiuS · Aug 6, 2019

chad28 said:
and therefore we should change our password, right?

In general when a data breach occurs anywhere it makes sense to change your passwords on sites related to the place that was breached. And any similar passwords that you have.

GlennMagusHarvey said:
Ideally, a hashed password can't be decoded, but that depends on how they're encoded.

Cryptographic hashes are what's known as one-way functions, their explicit purpose is to not be possible to "decode".

However, with enough computing power (say... a lot of graphics cards in a rack or a few p3 instances with graphics cards on AWS) you can bruteforce the hashes by performing the same operations that would be performed to check the password's validity to try to match with the hashes you are trying to break. Either by brute-forcing combinations or (more commonly) by using known password lists and mutating them.

This is why, in general it's better to have a long and complex password as it makes guessing it harder. Which is quite relevant when hardware is capable of hundreds of thousands or billions of guesses a second (depending on what hashing method was used).

Also, the password reset mentioned in the first post of this thread has now been pushed to accounts registered up to and including 2016.

StarsMine · Aug 6, 2019

For a basic overview

sothis · Aug 6, 2019

Prefer if this thread could be kept to announcements or questions about the event only. Please discuss fundamentals or other general topics in the General section

Tsubyaki · Aug 6, 2019

Did not appreciate being forced to change my password AGAIN because of this.

Grizz · Aug 6, 2019

Tsubyaki said:
Did not appreciate being forced to change my password AGAIN because of this.

If you had already changed your password and dont wish to have to learn a new password, change it back after doing the forced change.

Notification of data breach in 2016

LadyPsychic

Well-Known Member

sothis

LadyPsychic

Well-Known Member

Fluffs

Starra

Well-Known Member

Kari5

LadyPsychic

Well-Known Member

joey007

New Member

Grizz

GlennMagusHarvey

Well-Known Member

OmegaYami

Active Member

Demonskid

Well-Known Member

chad28

Active Member

GlennMagusHarvey

Well-Known Member

StarsMine

Well-Known Member

ChalamiuS

Squisher of Bugs

StarsMine

Well-Known Member

sothis

Tsubyaki

New Member

Grizz