Search Unity

  1. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

The forum hack

Discussion in 'Meta-forum Discussion' started by GilesDMiddleton, May 1, 2017.

  1. GilesDMiddleton

    GilesDMiddleton

    Joined:
    Aug 12, 2015
    Posts:
    91
    One thing that alarmed me is the statement you made that indicated no passwords have been stolen.

    This worries me. That indicates that passwords COULD be stolen. Rather than a statement saying it's impossible because you don't store them.

    For your services, at a minimum you should be storing strong hashes with random salt values, and never the passwords themselves.

    Can you give any statement that reassures people that you are not storing plain text, and not storing reversible passwords (symmetric encryption) in your systems.

    Kind regards
     
  2. SaraCecilia

    SaraCecilia

    Joined:
    Jul 9, 2014
    Posts:
    675
    We don't store passwords in plain text or reversible hash, and no passwords have been compromised.
     
    GilesDMiddleton and neoshaman like this.
  3. Baste

    Baste

    Joined:
    Jan 24, 2013
    Posts:
    6,274
    The blog post is really, really confusing.

    What in the world does 2FA have to do with the forums getting hacked? The two things are completely unrelated! Why are you announcing something that's designed to make the user's accounts safe as a fix for you F***ing up your security?

    None of the things you announce that you will do to "help protect your data" sounds like things that would've prevented what happened. Am I missing something?


    Also, your login already straight up breaks all the time. I have no confidence that you'll manage to implement a 2FA feature when just staying logged in to the forums while I'm reading them stops working at regular intervals.
     
    MrEsquire likes this.