The forum hack

One thing that alarmed me is the statement you made that indicated no passwords have been stolen.

This worries me. That indicates that passwords COULD be stolen. Rather than a statement saying it’s impossible because you don’t store them.

For your services, at a minimum you should be storing strong hashes with random salt values, and never the passwords themselves.

Can you give any statement that reassures people that you are not storing plain text, and not storing reversible passwords (symmetric encryption) in your systems.

Kind regards

We don’t store passwords in plain text or reversible hash, and no passwords have been compromised.

2 Likes

The blog post is really, really confusing.

What in the world does 2FA have to do with the forums getting hacked? The two things are completely unrelated! Why are you announcing something that’s designed to make the user’s accounts safe as a fix for you fucking up your security?

None of the things you announce that you will do to “help protect your data” sounds like things that would’ve prevented what happened. Am I missing something?

Also, your login already straight up breaks all the time. I have no confidence that you’ll manage to implement a 2FA feature when just staying logged in to the forums while I’m reading them stops working at regular intervals.

1 Like