Posted: Sep 26, 2012 10:22 am
Made of Stars wrote:If we tried to log in during the pwnage, should we change passwords?
Technically.... yes if it is simple. Also if you use this SAME password on other forums or social sites with the SAME email then change them EVERYWHERE.
Why ? With ability to change site files the hackor will have downloaded the mysql access password and will have got the user table which has the user passwords as md5 hashes. They are not salted so they can do a dictionary attack and look at rainbow tables and work out your passwords if these are simple.
With a list of emails and some passwords they can then try out other social sites to see if they get bites.
Winrar.