"scrambled" passwords? Are we talking properly salted/hashed or some simple brute-forced reversible encryption?
Comment has been collapsed.
Are there really sites that still encrypt passwords with MD5 in 2016?
Come on, it's surely better than no encription at all, but not by much...
Comment has been collapsed.
SHA1... Which is still a weak and outdated protocol, by the way...
Well, nevermind. At worst, the hackers could have stolen a few keys for free games, as well as fictitious personal data.
Comment has been collapsed.
Ye, last month Valve dev.dota2 site was hacked and all passwords used MD5 encription, many people who reused passwords were hacked, even 1 pro dota player facebook was hacked, Valve didn't even know about hack untill leakedsource site posted PSA, only then they did password reset (however now many people can't login to dev.dota2 site because passwords were reseted and recover password does not work for everyone)
Comment has been collapsed.
The last time I wrote that, there were idiots bitching not to trust Cloud. So yeah....
Comment has been collapsed.
Well, I don't trust my important password database to cloud storage either, but that shouldn't stop people from using a password manager. I keep a KeePass database on a thumbdrive that stays with me at all times like a set of physical keys.
Comment has been collapsed.
I think because lastpass was hacked last year , if I remember correctly.
Use a master password and keep a copy on a usb or something like that .
Comment has been collapsed.
yea, trust a service for store password which hacked last year lol
Comment has been collapsed.
The only service I trust my passwords to, is a notebook.
A plain old (not literally) paper notebook.
Comment has been collapsed.
yup, its the best :) I'm using a password style for different websites, so it's both easy to remember and hard to guess :P
Comment has been collapsed.
Fair enough, I don't trust my important passwords to any 3rd party servers so I should probably edit LastPass out of my first comment -- I didn't realize they were fully server-based with no local option like KeePass. KeePass is not cloud-based and is a lot more convenient as well as secure than other methods.
Comment has been collapsed.
well, i used same password for unimportant site like DLH and HRK, but i always use different password for email, steam and forums
Comment has been collapsed.
It's still a better idea to use a unique password for every site. email/steam/forums, no matter how big, are not 100% immune to data breaches. Sony is a good example of that several years ago... no one imagined that such a big company would have been so stupid to store passwords in plaintext.... but there you go! The lesson is that you never know with 100% certainty how safe your data is on any site, and that even the NSA can get hacked.
Comment has been collapsed.
We reached out to Chase Faucheux, the site's chief editor, to comment prior to publication, but did not hear back. But after this piece went live, spokesperson Dirk Hassinger denied that the site had been hacked, and disputed the number of members the site has. "We checked our server log files and did not find any unusual activity within the past four weeks," he said.
ok... then...
Comment has been collapsed.
Maybe hacking into DLH is considered usual activity then.
Comment has been collapsed.
How does this hack affect DLH users who sign in through Facebook?
Comment has been collapsed.
"Facebook access tokens were stolen for those who signed in with their social account. "
Comment has been collapsed.
They can not do that much with the access token , but can get your user data ( Name , Email , ...) , but not post like you.
Just in case, remove the token from your fb account
Comment has been collapsed.
Go to settings / Apps , search for dlh.net and remove it .
Direct Link https://www.facebook.com/settings?tab=applications
Comment has been collapsed.
your FB account is safe, it is safer to log in via FB than creating new accounts on websites, an access token is nothing, you do NOT need to change your FB password.
Comment has been collapsed.
But after this piece went live, spokesperson Dirk Hassinger denied that the site had been hacked, and disputed the number of members the site has. "We checked our server log files and did not find any unusual activity within the past four weeks," he said.
Valve, which owns and operates the Steam platform, also did not respond to a request for comment.
Maybe it is not true.
Comment has been collapsed.
That site is so scummy that I wouldn't believe them if they said the sky was blue and the sun was hot.
Comment has been collapsed.
The sky isn't actually blue...
We see it blue because that's the only colour that gets reflected, so it's actually every colour BUT blue.
Comment has been collapsed.
DLH.net Main site has: 1 result(s) found. This data was hacked on approximately 2016-07-31 00:00:00 What is in this database?
DLH.net has: 1 result(s) found. This data was hacked on approximately 2016-07-31 00:00:00 What is in this database?
Yeah, nice response from this spokesperson Dirk Hassinger.
Comment has been collapsed.
Huh, ehm... I should be worried, right? Cause for some reason I'm not, like at all.
I don't think they can do much with my email adress other than sending me more spam.
Comment has been collapsed.
Kinda, there're little variations here and there. But the email I use to log into dlh has a completelly different pass.
Comment has been collapsed.
You really should use a password manager like KeePass to make random and strong passwords for every site.
Comment has been collapsed.
I just use two step verification for most of my important stuff, and Firefox is the one that keeps my passwords.
Comment has been collapsed.
Went to check just to be sure and the password doesn't even has the same number of characters, so my bet is that I never changed the randomly generated one that they gave me the last time I reseted it.
And that mail is not the same one that I use for steam/paypal (I have 4 main email accounts), so I think I'm safe.
Comment has been collapsed.
Finally being lazy paid off.. I was too lazy to change the random password sent from password reset for about 2 years. They can steal and use it as they want.
Comment has been collapsed.
lol me too. I'm still using the random password they generated for me on registration. Also using my spam email account as usual
Comment has been collapsed.
+1, I go to my email to get the password every time I go on DLH xD
Comment has been collapsed.
Myself, I was too lazy to even bother registering with fake data and a disposable e-mail, just for a few free and crappy games.
Bullet skillfully dodged!
Comment has been collapsed.
The good practice for key site/GA site like this is to use secondary email account.
I have personal private account associated with paypal, but have different account (provider even) for Steam. I always have 2FA enabled for these important emails. If you want to hack, you must hack my phone number as well.
And another for DLH and Steamgifts email address. These two for example are using my spam emails.
Comment has been collapsed.
i bet they stole all the gorky 17 keys!
Comment has been collapsed.
Gorky 17 is not that bad game, compared to others like Deadbreed xD
Comment has been collapsed.
A good reminder to think your safety first.
- use one-time passwords
- think about posting substantial id material like names, birthdays and other personal stuff which could compromise you
- try not to cross services to much - get a real login, don't use google / fb for login
I still have a few unspent keys lying there, Might be the best time to activate them now
Comment has been collapsed.
"The data stolen from the forum includes full names, usernames, email addresses, dates of birth, Steam usernames..."
Like people would use their real ones just to get a few free and crappy games...
Comment has been collapsed.
Like people would use their real ones just to get a few free and crappy games...
You know that people actually do this.
Comment has been collapsed.
I never changed the initial random password they gave me :D
Comment has been collapsed.
ahh, so this explains this email i got today
This is an automated message generated by Steam account administration. It is being sent in response to a query made by a Steam user to discover all account names associated with this CD-key.
Comment has been collapsed.
Steam usernames
:0
Now I can't use my username, it's stolen
Many people can use it now
Sad :(
Comment has been collapsed.
they stole your birthday too :( no more birthdays :(
hey wait.... does that mean im no longer going to get older?? :P
Comment has been collapsed.
Well, it a good idea to use fake/extra email ID for giveaway sites like DLH, Indiegala, HRK and many more but not with main account where sites require to login with steam API. I usually do the same and I don't have to worry about either my account is stolen or what.
Comment has been collapsed.
A good advice is to use a fake email, password, id, and persona on the internet. Also be more fake than in real life.
Comment has been collapsed.
[H] 50,000 keys for East India Company Gold [W] $1,000,000
Comment has been collapsed.
The joke is ... DLH is the only site i use their Random Password xDD
But in all other Sites i use my Normal Password even on steam :#
Comment has been collapsed.
ZDNET article is wrong! A jerk named Zack Whittaker from ZDNet posted yesterday an article about DLH.Net was hacked. This is a wrong information. We had no hacker attack and nothing was stolen. It also makes no sense to claim that 9 Mio Steam Keys are stolen, because the Keys our users receive are mostly redeemed by them directly after receipt.
Comment has been collapsed.
It also makes no sense to claim that 9 Mio Steam Keys are stolen, because the Keys our users receive are mostly redeemed by them directly after receipt.
If the article had been correct though, why does used or not make a difference? 9mill is still 9mill. they did go on to say that they were mostly used too.
Comment has been collapsed.
https://www.leakedsource.com/main/databaselist/
Why does my email address appear in this website's database in association with DLH, then?
Comment has been collapsed.
i was using a password generated by the site itself.... so who cares .
Comment has been collapsed.
Millions of Steam game keys stolen after hacker breaches gaming site
http://www.zdnet.com/article/millions-of-steam-game-keys-stolen-after-site-hack/
"The data stolen from the forum includes full names, usernames, scrambled passwords, email addresses, dates of birth, join dates, avatars, Steam usernames, and user activity data."
Comment has been collapsed.