Blockland Glass is compromised [update: contained] [CHANGE YOUR PASSWORDS]

Author Topic: Blockland Glass is compromised [update: contained] [CHANGE YOUR PASSWORDS]  (Read 9072 times)

Yea i saw ur email but this doesnt rlly look that bad? the only damage i can tell so far is the torin dox but thats 1 idiot out of thousands of ppl that have ever used blg

regardless, we're confident that in time all add-ons can be restored as the ones that are missing can easily be found elsewhere.  what might be gone forever are all the add-on pages' screenshots since they were also stored on the cdn and it is unlikely anyone would have saved those specifically.
It's funny, a few months ago I thought about archiving glass for the hell of it but never got around to it.
Regretting that decision now as it would have been useful.

Yea i saw ur email but this doesnt rlly look that bad? the only damage i can tell so far is the torin dox but thats 1 idiot out of thousands of ppl that have ever used blg
stuffloads of people reuse passwords and put all their accounts on one email so yes, its bad.

I'm seeing some people saying they got e-mails being informed about the data breach, but I don't even remember if I made a Glass account or what, but since I'm stupid and keep reusing passwords, I'm gonna ask anyways: If I did make a Glass account, would I just have been sent an e-mail to the one I used to make it?

I'm seeing some people saying they got e-mails being informed about the data breach, but I don't even remember if I made a Glass account or what, but since I'm stupid and keep reusing passwords, I'm gonna ask anyways: If I did make a Glass account, would I just have been sent an e-mail to the one I used to make it?
yes. if you didn't get an email you didnt have an account associated with the email you checked.

in addition, your blid associated with your forum account doesnt show up in the database, so unless you were using a different one you are fine.

yes. if you didn't get an email you didnt have an account associated with the email you checked.

in addition, your blid associated with your forum account doesnt show up in the database, so unless you were using a different one you are fine.
Got it! My passwords are super outdated so I might change them anyways. Thank you for answering!

If any of yall compsci people want to learn from this:
* If users have passwords, hash them with a minimum of scrypt to slow brute force.
* Use a zero-knowledge password proof, such as SRP, so that offline copies of the DB are effectively useless.
* For the love of god stop allowing SQL injection attacks, sanitize your inputs.

out of curiosity, how does zero knowledge make offline attacks of the database impossible? ive only heard of it being used in authentication protocols to allow clients to prove knowledge of the password without transmitting it, not in password storage

Ah sorry I was mistaken about that part, it usually just makes bruteforce/dictionary attacks harder due to extra information involved. Using strong password hashing is still king.

glad i dont have a glass account

Heads up, I got an alert from my bank that my email password appeared in a darkweb dump. The password was fortunately super old, I don't use it anymore, but it's definitely the password I would have used for Blockland Glass. So it seems like all the login info has been dumped on some hacker forums already.

Heads up, I got an alert from my bank that my email password appeared in a darkweb dump. The password was fortunately super old, I don't use it anymore, but it's definitely the password I would have used for Blockland Glass. So it seems like all the login info has been dumped on some hacker forums already.

Same here but not from my bank. Glass passwords are done.

Hey while ur trying to get the website fixed can u add save uploading