Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Winamp Forum Hacked (Read 5361 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Winamp Forum Hacked

Reply #1
I had a very, very, very old account there. Good thing I don't use that password anymore.

Winamp Forum Hacked

Reply #2
Props to them for being open about this, other companies might have tried to hide it as much as possible.

A bit too much spin on the linked post:

Quote
6) What happened?
As a result of our continuous security monitoring, we identified and blocked this attack. Additionally, new security measures have been deployed to help keep this type of breach from happening in the future.


The horse has well gone (with emails and passwords), not much blocking if you were to ask me.

Quote
10) What can I do if I'm receiving spam because my email was leaked?

You can take steps on your own to wipe out spam from your inbox, but you also have legal recourse:


I am sure...works well against the billions of spam emails which are sent.
 

Winamp Forum Hacked

Reply #3
My understanding is that the passwords were hashed.  Still, short and easy passwords can still be extracted out of the data, so it's wise to change your password if you've used it elsewhere.

Winamp Forum Hacked

Reply #4
More important, were they salted? Many sites still don't do that. You can deduce very long, non-trivial passwords from unsalted hashes with rainbow tables.

Winamp Forum Hacked

Reply #5
Quote from: benski on
My understanding is that the passwords were hashed.  Still, short and easy passwords can still be extracted out of the data, so it's wise to change your password if you've used it elsewhere.


Depends how they're hashed really. If it's MD5ed you may as well not have hashed it these days.

Winamp Forum Hacked

Reply #6
Quote from: probedb on
Quote from: benski on
My understanding is that the passwords were hashed.  Still, short and easy passwords can still be extracted out of the data, so it's wise to change your password if you've used it elsewhere.


Depends how they're hashed really. If it's MD5ed you may as well not have hashed it these days.


Looks like it's MD5 hash with a salt.  http://www.vbulletin.com/forum/showthread....l=1#post1265186
But you guys are probably right about even long, non-trivial passwords being attainable.  And it's always better safe than sorry.

Winamp Forum Hacked

Reply #7
A 3 character salt increases computational costs, but far less than, for example, three characters longer passwords. IMHO, the passwords should be considered compromised. The only advantage is that breaking one PW does not automatically break all identical others.

Winamp Forum Hacked

Reply #8
Password changed via LastPass.
Music washes away from the soul the dust of everyday life.