Turbine security breech - passwords leaked

Redwolf

Member # 3665
Joined
Sep 2, 2002
Messages
5,113
Reaction score
43
Location
MA, USA
Country
llUnited States
Turbine's community website had a security hole. Passwords were available to hackers. I have seen them in the wild, this is for real.

The password were encrypted but it is not certain whether they were also salted or not and even if they were whether the salt leaked, too. If they weren't salted or the salt is available to the hackers the encryption is pretty much worthless.

You should change your password right now, and on all sites where you re-used this or a similar password. Although Turbine has taken the forums down you can still change the password on myaccount.turbine.com.
 

Redwolf

Member # 3665
Joined
Sep 2, 2002
Messages
5,113
Reaction score
43
Location
MA, USA
Country
llUnited States
BTW. Casual Stroll Through Mordor has been taken over by hacker attacking visitors in turn.

So, first of all don't visit them right now. Second, speculate whether it has been hijacked based on a reused password from the game?
 

Palantir

Member #86
Joined
Aug 7, 2002
Messages
4,877
Reaction score
1,706
Location
The Heartland
Country
llUnited States
Done!
Thanks for keeping us updated in this stuff RW.
:thumup:

Although I'm not sure what "salt" is in this usage expect maybe a tracer implanted in the code?

Either way I changed mine & hopefully made them stronger in the process.
 

Redwolf

Member # 3665
Joined
Sep 2, 2002
Messages
5,113
Reaction score
43
Location
MA, USA
Country
llUnited States
Although I'm not sure what "salt" is in this usage expect maybe a tracer implanted in the code?
It's a cryptography term. Just encrypting a database of passwords is useless unless you also "salt" it. Without "salting" the encryption cracking one password means you just cracked all passwords in the database.

Whether your password is strong or not has no meaning here when people leak it, sorry :D
 
Top