[PSA] WhiskChat Hack Analysis - CHANGE YOUR PASSWORDS IF YOU USED WHISKCHAT!

[whiskers75]

So, WhiskChat got hacked.
Read my hypotheses on the hack at http://whiskers75.com/hacked - I'll update this with info as it comes.
A database dump was posted to http://pastebin.com/d1Wafvab (now removed, thankfully ) on this account (it was hacked at that moment in time) containing ALL user emails and HASHED passwords.
However, hashed passwords may not be as safe as we think: I believe that this hash was used to hack into my other accounts, so change your passwords! (you should do this regularly anyway, mkay?)
I recommend LastPass for managing your passwords - JUST MAKE SURE YOU USE A SECURE (and I mean secure) MASTER PASSWORD!
Sorry for the hack, it could happen to anyone - hopefully, it won't happen again.
-whiskers75

Update: See how easy it is to crack SHA256 hashes: http://www.dailymail.co.uk/sciencetech/article-2331984/Think-strong-password-Hackers-crack-16-character-passwords-hour.html

[whiskers75]

bump

[Remember remember the 5th of November]

What was the hashing algorithm for the passwords? Did you employ at least 7500 rounds of SHA512? Did you not check for holes in your website?

[whiskers75]

What was the hashing algorithm for the passwords? Did you employ at least 7500 rounds of SHA512? Did you not check for holes in your website?

I used Node.js' crypto functions. TradeFortress coded the hashing bit, he should know more about it. Holes (if any) would not yield password hashes due to the way whiskchat is coded.