gsingh2011 Posted June 10, 2016 Report Share Posted June 10, 2016 A password dump consisting of hashed passwords for this forum was posted here: Admin linked- removed. I'd recommend everyone change their passwords. Admins, please send out an email to everyone to change their passwords. Also, use a more secure hashing scheme other than MD5. I'd recommend scrypt/bcrypt. Link to comment Share on other sites More sharing options...
SAadmin Posted June 10, 2016 Report Share Posted June 10, 2016 We were advised by application security department about this hack about 7 months ago, patches have been applied after the security breach by our security department at invision power services. Many steps have been taken by invision board so it does not happen again in new update builds. As a result, our forum version is fully up to date at all times. I have already contacted google to have it removed but i do like to point out in the text file it does not have raw passwords as it has its hash which is quite hard to brute force into. But as a precaution, we do advise our users do change their password. Link to comment Share on other sites More sharing options...
SAadmin Posted June 10, 2016 Report Share Posted June 10, 2016 3 hours ago, gsingh2011 said: I'd recommend scrypt/bcrypt. Please send your recommendation to https://invisionpower.com/ directly as we have no say on preference on hashing scheme of the password at the backend application level. Link to comment Share on other sites More sharing options...
Recommended Posts