Announcements - Potential User Data Breach - Forum

I want my breaches to stay open for over a week as well. :( Thanks for the heads-up though and good luck on fixing whatever problems were responsible for this. Last edited by Jagaimo#2993 on Mar 29, 2017, 2:39:24 AM	Posted by Jagaimo#2993 on Mar 29, 2017, 2:38:53 AM Quote this Post
" demonachizer wrote: What hashing algorithm do you use? I hope its not MD5. Otherwise Ill have to change a lot of passwords.	Posted by Kaw#5407 on Mar 29, 2017, 2:56:22 AM Quote this Post
Chris, I have always wondered, what password is assigned/used by steam client users? I ask as I've never entered one for the game that I recall anyway.	Posted by Punkdog#0952 on Mar 29, 2017, 3:06:03 AM Quote this Post
thanks for transparency!	Posted by Kien#6624 on Mar 29, 2017, 3:08:11 AM Quote this Post
They have attempted to take an email account of mine from russian and south korean sources on the 25th and 26th. The account is linked to this one, and I can't imagine it's unrelated. Just fyi	Posted by colto2312#2003 on Mar 29, 2017, 3:12:18 AM Quote this Post
Whats the point in having IP check for accounts if your own servers are not secure enough and any hacker can get the info both the IP and the passwords.	Posted by Hukas#2876 on Mar 29, 2017, 3:17:35 AM Quote this Post
confidence is as high as 0 right now league stone exploits and not knowing who is on your networks and what there doing is shameful u should get warning messages when someone attempts to connect and u can then give permission to them if u know them at least i am very disappointed its the end of the world as we know it and I feel fine R.E.M.	Posted by runemaster12#6223 on Mar 29, 2017, 3:44:53 AM Quote this Post
Thanks for letting us know. I'm working on something for the PoE community! 👀	Posted by Sarno#0493 on Mar 29, 2017, 4:07:02 AM Quote this Post
" What hashing algorithm do you use? Lets just give them all the info shall we. Its like me asking you what number is your house when I know your street name. hey GGG, I know your server IP, If I SSH to it can I please have your root pass. pretty please.	Posted by shaunaclies#6767 on Mar 29, 2017, 4:10:05 AM Quote this Post
I see the question on what strong/weak password, hashes and the like are in quite a few previous replies, so I compiled a short list of video explanations on the topic: How NOT to store Passwords: a quick insight into why GGG uses hashes and salts instead of just writing the passwords to their database in plain text. Password Cracking: A demonstration on how a possible attacker would likely attempt to extract passwords from the previously mentioned hashes and salts (although somewhat rudimentary, but the concept is shown very nicely). Password Choice: Basically how to create strong Passwords that you can actually remember. (All Videos © by Computerphile) A question @GGG: I only ever connected to your site and game through my steam account. I suppose there's no worries here since the authentification happens through an external provider? That is not an avatar, that's how I really looked when I wrote this post! Last edited by I_ysk#3668 on Mar 29, 2017, 4:33:29 AM	Posted by I_ysk#3668 on Mar 29, 2017, 4:22:26 AM Quote this Post