aristotlealexander

Naughty America (possibly) hacked

6 posts in this topic

http://www.forbes.com/sites/thomasbrewster/2016/04/14/naughty-america-fappening-hacked-porn-sites/#3a2e8fc1294c

 

Does say some of the passwords were strongly encrypted so they're unlikely to be cracked (good job there, guys, and that's not sarcasm). In any case, check your accounts and bank statements to make sure nothing funny is going on (i.e. people logging in as you and accessing the side sites).

1 person likes this

Share this post


Link to post
Share on other sites

http://www.forbes.com/sites/thomasbrewster/2016/04/14/naughty-america-fappening-hacked-porn-sites/#3a2e8fc1294c

 

Does say some of the passwords were strongly encrypted so they're unlikely to be cracked (good job there, guys, and that's not sarcasm). In any case, check your accounts and bank statements to make sure nothing funny is going on (i.e. people logging in as you and accessing the side sites).

 

My debit card was physically copied by someone in China a month ago. I know my situation is not related to this hack. However, I do have sound advice to avoid being hacked and losing a lot of money. My bank issued a new debit card along with a pre-card debit card. Talk to your bank to see if they offer pre-paid debit cards. I transfer funds to my pre-paid card as it is my card for online shopping. It's not a huge problem if someone hacks the pre-card because I put a limited amount of funds on it.

Share this post


Link to post
Share on other sites

That is good advice, actually.

 

As far as the tangential relation to this, as the article mentions, NA doesn't have/store any payment info for any members, so there's no way that's included in the hack. From what I've seen floating around the web, it's literally just a database of e-mail addresses, username, hashed/encrypted passwords, and some other info that hackers probably wouldn't care about.

Share this post


Link to post
Share on other sites

That is good advice, actually.

 

As far as the tangential relation to this, as the article mentions, NA doesn't have/store any payment info for any members, so there's no way that's included in the hack. From what I've seen floating around the web, it's literally just a database of e-mail addresses, username, hashed/encrypted passwords, and some other info that hackers probably wouldn't care about.

if they have the user names and passwords......anyone could go in ....change your username and password just out of spite

Share this post


Link to post
Share on other sites

if they have the user names and passwords......anyone could go in ....change your username and password just out of spite

 

Passwords seem to be encrypted.

 

The value in selling these databases (and the article I linked touches on it a little bit) is actually in having a list of known e-mail addresses and passwords. Because what people do with these lists isn't really try to log on to the site they got them from. They go around to more important sites and use the e-mail address or the login name and password to try to log into those sites, because the vast majority of people reuse their passwords for bunch of different things. So if someone were to buy NA's database, they wouldn't be that interested in using your NA account. They'd want to take your Gmail address and the password you're using here and see if that logs them into your Gmail account. Or your Paypal account. Or the account for your local bank's website. The fact that NA encrypted some of their passwords means they can't even do that, which makes the database much less valuable.

1 person likes this

Share this post


Link to post
Share on other sites
On 4/14/2016 at 11:38 PM, aristotlealexander said:

 

Passwords seem to be encrypted.

 

The value in selling these databases (and the article I linked touches on it a little bit) is actually in having a list of known e-mail addresses and passwords. Because what people do with these lists isn't really try to log on to the site they got them from. They go around to more important sites and use the e-mail address or the login name and password to try to log into those sites, because the vast majority of people reuse their passwords for bunch of different things. So if someone were to buy NA's database, they wouldn't be that interested in using your NA account. They'd want to take your Gmail address and the password you're using here and see if that logs them into your Gmail account. Or your Paypal account. Or the account for your local bank's website. The fact that NA encrypted some of their passwords means they can't even do that, which makes the database much less valuable.

Well said, Aristotle. I know our Mods are way too smart to use the same password at Naughty Canada and the Naughty Canada Forums. Many people use the same password on different sites. The Naughty Canada breach had passwords in the database that were not encrypted.

There are bruteforce methods to crack encrypted passwords: https://null-byte.wonderhowto.com/how-to/hackers-take-your-encrypted-passwords-crack-them-0130638/ I've also heard of hacking tools to crack passwords/hashes advertised on Dark Web sites.

Edited by BadArtie
1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now