this post was submitted on 27 Jul 2023
73 points (98.7% liked)

Technology

73655 readers
3666 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
73
BreachForums Pwned, exposing 212k records including usernames, IP and email addresses, private messages between site members and passwords stored as argon2 hashes (haveibeenpwned.com)
submitted 2 years ago by Raisin8659@monyet.cc to c/technology@lemmy.world
10 comments fedilink hide all child comments
 

BreachForums

In November 2022, the well-known hacking forum "BreachForums" was itself, breached. Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies. The breach exposed 212k records including usernames, IP and email addresses, private messages between site members and passwords stored as argon2 hashes. The data was provided to HIBP by a source who requested it be attributed to "breached_db_person".

Breach date: 29 November 2022

Date added to HIBP: 26 July 2023

Compromised accounts: 212,156

Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames

comment: I guess the hackers aren't so lucky with their DMs either.

top 10 comments
sorted by: hot top controversial new old
[–] Pons_Aelius@kbin.social 8 points 2 years ago

There is always a bigger fish.

[–] SubPrimeBadger@lemmynsfw.com 4 points 2 years ago

You hear about so many places getting breached that have now leaked out hashed passwords. At least this site had the foresight to use a modern hashing algo like argon2. So many have had weak hashes and could at least take a page out of proper hashing from this. They could have misconfigured argon2 properties but I’m thinking that as long as they at least used the default method, it will give the decent protection from cracking.

[–] MisterMoo@kbin.social 4 points 2 years ago (1 children)

We still say “pwned”?

[–] darkmatterstyx@lemmy.world 3 points 2 years ago

That is the name of the website linked... I hate the word/phrase, but, it is what it is now.

[–] Dave@lemmy.nz 4 points 2 years ago (1 children)

So was the operator of the website arrested because they released the details themself? Is that what's implied?

[–] Holytaco6@lemmy.ml 13 points 2 years ago* (last edited 2 years ago) (1 children)

Looks like he was arrested for all the other cyber crimes he was committing. It doesn't say he wasn't the "leak" but also doesn't imply it either.

https://www.bleepingcomputer.com/news/security/fbi-seizes-breachforums-after-arresting-its-owner-pompompurin-in-march/

[–] Dave@lemmy.nz 6 points 2 years ago

Ah thanks. The way the short HIBP message is phrased made it sound like the events may have been connected.

[–] ezchili@iusearchlinux.fyi 3 points 2 years ago (1 children)

How good is argon2?

[–] Raisin8659@monyet.cc 2 points 2 years ago

It seems to be the most recommended password hashing algorithm at the moment (https://en.wikipedia.org/wiki/Argon2), although this will depend on the version actually used, and the configuration parameters. If they use at least the standard recommendation, it is currently impractical to crack a strong password.