[Tycho]

I think it'll take quite some computational power to actually brute force crack every hashed password on this site. Time is on the side of the users of this site to secure themselves up, unless the hacker has the power of Google's servers at their disposal (which they won't have).

[madders94]

(Original post by Tycho)
Anyone who has access to your password from this site will also have access to your email address. Any websites where you have used the same password as here you should change your password. You should also change the password of your email account.

Thanks Tycho

[TheHansa]

OK I've changed this thing, but still have the message, has it happened again?

[fluteflute]

(Original post by TheHansa)
OK I've changed this thing, but still have the message, has it happened again?

Click the X in the top right corner of the message.

[Tycho]

(Original post by TheHansa)
OK I've changed this thing, but still have the message, has it happened again?

Not to my knowledge. The message on the top of the site is a generic message which isn't specifically tied to your account.

[TheHansa]

(Original post by ChrisN)
Just the current one

Posted from TSR Android App

If we've used multiple email addresses in the past on our TSR account do they have them all?

[Tycho]

(Original post by TheHansa)
If we've used multiple email addresses in the past do they have them all?

No, they won't have.

[TheHansa]

(Original post by Tycho)
No, they won't have.

You know an awful lot about this

suspicious

[Tycho]

(Original post by TheHansa)
You know an awful lot about this

suspicious

I'm a web developer.

[Mr Dangermouse]

Should we continue to change passwords regularly over the next 24-48 hours?

[Tycho]

(Original post by Mr Dangermouse)
Should we continue to change passwords regularly over the next 24-48 hours?

No, this is taking it a bit far. Just change all your passwords everywhere and make your password on here different to your other ones. This means that any subsequent cracks on here will result in them only being able to access your account here, which isn't such a huge problem. What they gonna do - login and post a message?

[GenerationX]

Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.

Sloppy sloppy sloppy to risk members passwords like that

[TheHansa]

(Original post by electriic_ink)
One of the first things these people will do, once they've worked out your password, is search your email address on FB to find out who you are IRL. I would make sure you have this feature turned off if you haven't already.

For identity theft or for the lulz?

[TheHansa]

(Original post by tufc)
Probably wouldn't have happened if the staff spent more time working on security, instead of warning people for literally every pro-Israel post there is. Typical, farcical TSR really, and someone should be sacked over this.

There's always one.

Empire Total War people moaned they were releasing DLC when there were still bugs, not the same people dude, not the same people.

[Flyteryder]

I use my TSR password for everything else on the internet. Do I really need to change all my passwords? Like do they know my ebay and Amazon user name and can use my password with it? I don't see how they could know my other user names for other sites, but the TSR message is telling me to change all my passwords for everything.

[Tycho]

(Original post by Flyteryder)
I use my TSR password for everything else on the internet. Do I really need to change all my passwords? Like do they know my ebay and Amazon user name and can use my password with it? I don't see how they could know my other user names for other sites, but the TSR message is telling me to change all my passwords for everything.

Do you really want to take the risk of not changing them? If I were you I'd change them all, but if you really don't want to then at least secure up sites like Amazon, Ebay, Paypal etc... and definately change your email account password.

The inconvenience of changing your passwords is far less than the inconvenience if someone gains access to them.

[Flyteryder]

(Original post by Tycho)
Do you really want to take the risk of not changing them? If I were you I'd change them all, but if you really don't want to then at least secure up sites like Amazon, Ebay, Paypal etc... and definately change your email account password.

The inconvenience of changing your passwords is far less than the inconvenience if someone gains access to them.

But how on Earth could they have my Amazon and Paypal usernames if they've only stolen information from this site?

[fluteflute]

(Original post by GenerationX)
Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.

Sloppy sloppy sloppy to risk members passwords like that

Encryption (by definition) guarantees that the passwords can be recovered.

[Tycho]

(Original post by GenerationX)
Its pretty sloppy of web site owners and developers to rely on hashing paswords as some idea of security. Hashing is not encryption and the site should have used proper encryption in the first place instead of something that many websotes can decode for you in a minute or two.

Sloppy sloppy sloppy to risk members passwords like that

Hashing is a very common method of storing passwords, and it's not as easy to crack as you are suggesting. It's specifically designed to not be decrypted, and indeed can't be. To the best of my knowledge the only way to crack a password which is hashed using md5 is via a brute force method.

[fluteflute]

(Original post by Flyteryder)
But how on Earth could they have my Amazon and Paypal usernames if they've only stolen information from this site?

If there is a link through your email addresses I guess.