Jump to content

Database Breach - An Update

Dark0ne

By Dark0ne
in Site Updates

 Share

Recommended Posts

MartineV Apprentice

MartineV

Posted
Posted
Another reminder to adopt some best security practices. Use a different password for every website. Use complex passwords. Use 2 factors identification whenever it's available. This way when the unavoidable leak happens, your other sites are secure. A password manager makes this easy and will even warn you of potential breaches, like mine did for this site.
Link to comment
Share on other sites
  • Replies 547
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

shehriyari Newbie

shehriyari

Posted
Posted
That's very stupid to say "some users may have invalid emails" really. It's their responsibility. You just don't want to do that because you might lose potential big players (content creators) which is bad for business. Again, a website who values the value of business above privacy of its users.
Link to comment
Share on other sites
feltrockni Rookie

feltrockni

Posted
Posted
So I just want to say, thank you. You guys have had THE BEST response of any company ever to a security breach. You notified the users appropriately. You had the appropriate apologetic attitude. You even are properly reorienting toward getting the system even better prepared for a critical breach. It sounds so simple but you've also kept us aware of everything in the process and I love you guys for it. *Hugs for your entire staff*
Link to comment
Share on other sites
Orosaki Contributor

Orosaki

Posted
Posted
In response to post #33828210.


feltrockni wrote: So I just want to say, thank you. You guys have had THE BEST response of any company ever to a security breach. You notified the users appropriately. You had the appropriate apologetic attitude. You even are properly reorienting toward getting the system even better prepared for a critical breach. It sounds so simple but you've also kept us aware of everything in the process and I love you guys for it. *Hugs for your entire staff*


yea they're the exact opposiye of sony who notified users 3 days a AFTER a security breach was detected.
Link to comment
Share on other sites
Dragonetti Apprentice

Dragonetti

Posted
Posted
In response to post #33625910.


corvus_cherub wrote: I went to change my password and got re-directed to the forums. I was presented with a forum page that told me "Sorry, you don't have permission for that!" appeared.

Odd, since I've been registered on the forums and the site since 2006. So I thought, I'd pm someone about it... redirected to "Sorry, you don't have permission for that!".

Then I thought i'd click on 'help documentation' - got fired back to "Sorry, you don't have permission for that!". so cant contact anyone bit of a catch 22..


Same here i can't login or get support. :(
Link to comment
Share on other sites
NouvelleVoix Newbie

NouvelleVoix

Posted
Posted
In response to post #33296525.


Thandal wrote:

Regarding Two-factor Authentication:

<snip>

It also gives Nexus access to my phone number, something I am NOT comfortable with. Freely handing out data to prevent the theft of said data is illogical. Requiring users to use a device they may not own is illogical. Linking yet more data to a database that has already been hacked is illogical.

All that being said, mandatory Two-Factor Authentication would be the end of my using the Nexus website.

My two-cents.

 

Guess you missed the part about the authenticators (passwords, in this case) having been hashed and salted, so not compromised, even though other data was. If a mobile phone were to be used as a piece of a 2FA solution those numbers would be similarly protected. In other words your concern, while not entirely baseless, is misplaced.

 

I'm constantly surprised at the ways in which people misunderstand the fundamentals of encryption and its correct implementation.

 

As usual, xkcd has a great example:

Password Strength

 

http://imgs.xkcd.com/comics/password_strength.png


Just wanted to say that I saw that comic ages ago, but I still haven't been able to forget that password!
Link to comment
Share on other sites
rt7998 Newbie

rt7998

Posted
Posted (edited)
In response to post #33296525. #34080460 is also a reply to the same post.


Thandal wrote:

Regarding Two-factor Authentication:

<snip>

It also gives Nexus access to my phone number, something I am NOT comfortable with. Freely handing out data to prevent the theft of said data is illogical. Requiring users to use a device they may not own is illogical. Linking yet more data to a database that has already been hacked is illogical.

All that being said, mandatory Two-Factor Authentication would be the end of my using the Nexus website.

My two-cents.

 

Guess you missed the part about the authenticators (passwords, in this case) having been hashed and salted, so not compromised, even though other data was. If a mobile phone were to be used as a piece of a 2FA solution those numbers would be similarly protected. In other words your concern, while not entirely baseless, is misplaced.

 

I'm constantly surprised at the ways in which people misunderstand the fundamentals of encryption and its correct implementation.

 

As usual, xkcd has a great example:

Password Strength

 

http://imgs.xkcd.com/comics/password_strength.png

NouvelleVoix wrote: Just wanted to say that I saw that comic ages ago, but I still haven't been able to forget that password!


unfortunately, there are now thousands of people out there whose password is exactly "correcthorsebatterystaple"....because they read that it's hard to guess! Edited by rt7998
Link to comment
Share on other sites
TerraKitsune Rookie

TerraKitsune

Posted
Posted (edited)

My password is generated by password handler, so it's purely random with roughly 1e30 possible space. I'm not overly worried about someone cracking it from the hash. Well I /am/ a bit paranoid about privacy and data security, for a reason.. so of course I'm going to change it. =^.^=

 

Actually scratch that, I joined after that date. Well I'll probably change it anyway. Heh.

 

Stuff like this happens. It happens to smaller sites, and it happens to large companies. Of course it means security needs to be tightened, but it's not like it's the end of the world. Heck, it means nexus is popular enough for someone to go to the trouble of doing it in the first place. :P

 

Edited by TerraKitsune
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...