Bitcoin Forum
July 08, 2024, 02:34:51 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [PSA] WhiskChat Hack Analysis - CHANGE YOUR PASSWORDS IF YOU USED WHISKCHAT!  (Read 635 times)
whiskers75 (OP)
Hero Member
*****
Offline Offline

Activity: 658
Merit: 502


Doesn't use these forums that often.


View Profile
November 06, 2013, 04:27:36 PM
Last edit: November 07, 2013, 05:43:02 PM by whiskers75
 #1

So, WhiskChat got hacked.
Read my hypotheses on the hack at http://whiskers75.com/hacked - I'll update this with info as it comes.
A database dump was posted to http://pastebin.com/d1Wafvab (now removed, thankfully Tongue) on this account (it was hacked at that moment in time) containing ALL user emails and HASHED passwords.
However, hashed passwords may not be as safe as we think: I believe that this hash was used to hack into my other accounts, so change your passwords! (you should do this regularly anyway, mkay?)
I recommend LastPass for managing your passwords - JUST MAKE SURE YOU USE A SECURE (and I mean secure) MASTER PASSWORD!
Sorry for the hack, it could happen to anyone - hopefully, it won't happen again.
-whiskers75

Update: See how easy it is to crack SHA256 hashes: http://www.dailymail.co.uk/sciencetech/article-2331984/Think-strong-password-Hackers-crack-16-character-passwords-hour.html

Elastic.pw Elastic - The Decentralized Supercomputer
ELASTIC ANNOUNCEMENT THREAD | ELASTIC SLACK | ELASTIC FORUM
whiskers75 (OP)
Hero Member
*****
Offline Offline

Activity: 658
Merit: 502


Doesn't use these forums that often.


View Profile
November 06, 2013, 07:15:58 PM
 #2

bump

Elastic.pw Elastic - The Decentralized Supercomputer
ELASTIC ANNOUNCEMENT THREAD | ELASTIC SLACK | ELASTIC FORUM
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
November 06, 2013, 08:36:28 PM
 #3

What was the hashing algorithm for the passwords? Did you employ at least 7500 rounds of SHA512? Did you not check for holes in your website?

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
whiskers75 (OP)
Hero Member
*****
Offline Offline

Activity: 658
Merit: 502


Doesn't use these forums that often.


View Profile
November 07, 2013, 05:43:58 PM
 #4

What was the hashing algorithm for the passwords? Did you employ at least 7500 rounds of SHA512? Did you not check for holes in your website?
I used Node.js' crypto functions. TradeFortress coded the hashing bit, he should know more about it. Holes (if any) would not yield password hashes due to the way whiskchat is coded.

Elastic.pw Elastic - The Decentralized Supercomputer
ELASTIC ANNOUNCEMENT THREAD | ELASTIC SLACK | ELASTIC FORUM
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!