xkcd: 562k Accounts breached according to haveibeenpwned
twitter.comI wonder how many of those passwords are correcthorsebatterystaple
I'm one of them :/
The haveibeenpwned description says password hashes are md5, which sucks. But phpBB has used bcrypt by default since version 3.1 (2014)... I wonder if all the hashes are md5 or only those for older accounts?
Impacted as well, but I'm happy to be part of it. Either they'll crack an old password or, more likely, this is a new style password and they waste a lot of cracking time on it. Using a password manager for everything except a few offline things and my bank account was definitely the right move.
What do you use for your bank account?
Same as for my master password: a randomly generated, memorized password.
The trick to remembering them is to use them regularly. This is also why I don't use a passphrase: a password is much shorter and less frequently typo'd, thus less annoying for frequent use.
phpBB... I wonder how many of those accounts are just fake spam bot accounts.
This sucks. But on the bright side, we can expect an XKCD comic about it in the future.
Who has an 'account' with xkcd? Confused.
Looks like there is a forum for the site, which is now down due to the breach. I had no idea it existed, let alone had half a million accounts.
They have forums where you can discuss the comics and other things.
The XKCD forum is surprisingly well trafficked, and there's a pretty large crossover between their forums and Hackernews.
I used to like it back in the day; I even met my roommate (when I had one) there.
Me, too. I mean, a xkcd forum is not that surprising but half a million users while I never heard about it existing?
Could that have been a honeypot? At least partly? That's something xkcd would do.
No, it's real. It used to be prominently on the site sidebar, but it got very big around the time xkcd first got popular, and the link was subsequently removed. After that, you had to know it existed and just go directly to forums.xkcd.com, so the only people who knew of it were generally the people who were early xkcd readers or people invited by them. Imho it's one of the better open "offtopic" discussion forums on the web, partly because of insular culture trending towards thoughtfulness.
I ran into it by Googling, so it was not hidden well.