xkcd: 562k Accounts breached according to haveibeenpwned (opens in new tab)

(twitter.com)

45 pointsphenomax6y ago14 comments

14 comments

I wonder how many of those passwords are correcthorsebatterystaple

I'm one of them :/

The haveibeenpwned description says password hashes are md5, which sucks. But phpBB has used bcrypt by default since version 3.1 (2014)... I wonder if all the hashes are md5 or only those for older accounts?

https://haveibeenpwned.com/PwnedWebsites#XKCD

lucb1e6y ago

Impacted as well, but I'm happy to be part of it. Either they'll crack an old password or, more likely, this is a new style password and they waste a lot of cracking time on it. Using a password manager for everything except a few offline things and my bank account was definitely the right move.

jsjohnst6y ago

What do you use for your bank account?

1 more reply

jarfil6y ago

phpBB... I wonder how many of those accounts are just fake spam bot accounts.

jasoneckert6y ago

This sucks. But on the bright side, we can expect an XKCD comic about it in the future.

JoeAltmaier6y ago

Who has an 'account' with xkcd? Confused.

el_cujo6y ago

Looks like there is a forum for the site, which is now down due to the breach. I had no idea it existed, let alone had half a million accounts.

lambada6y ago

They have forums where you can discuss the comics and other things.

https://forums.xkcd.com/

kchoudhu6y ago

The XKCD forum is surprisingly well trafficked, and there's a pretty large crossover between their forums and Hackernews.

I used to like it back in the day; I even met my roommate (when I had one) there.

bhaak6y ago

Me, too. I mean, a xkcd forum is not that surprising but half a million users while I never heard about it existing?

Could that have been a honeypot? At least partly? That's something xkcd would do.

Tuna-Fish6y ago

No, it's real. It used to be prominently on the site sidebar, but it got very big around the time xkcd first got popular, and the link was subsequently removed. After that, you had to know it existed and just go directly to forums.xkcd.com, so the only people who knew of it were generally the people who were early xkcd readers or people invited by them. Imho it's one of the better open "offtopic" discussion forums on the web, partly because of insular culture trending towards thoughtfulness.

1 more reply

j / k navigate · click thread line to collapse

14 comments

NextHendrix6y ago

I wonder how many of those passwords are correcthorsebatterystaple

cristoperb6y ago

I'm one of them :/

https://haveibeenpwned.com/PwnedWebsites#XKCD

lucb1e6y ago

jsjohnst6y ago

What do you use for your bank account?

1 more reply

jarfil6y ago

phpBB... I wonder how many of those accounts are just fake spam bot accounts.

jasoneckert6y ago

This sucks. But on the bright side, we can expect an XKCD comic about it in the future.

JoeAltmaier6y ago

Who has an 'account' with xkcd? Confused.

el_cujo6y ago

Looks like there is a forum for the site, which is now down due to the breach. I had no idea it existed, let alone had half a million accounts.

lambada6y ago

They have forums where you can discuss the comics and other things.

https://forums.xkcd.com/

kchoudhu6y ago

The XKCD forum is surprisingly well trafficked, and there's a pretty large crossover between their forums and Hackernews.

I used to like it back in the day; I even met my roommate (when I had one) there.

bhaak6y ago

Me, too. I mean, a xkcd forum is not that surprising but half a million users while I never heard about it existing?

Could that have been a honeypot? At least partly? That's something xkcd would do.

Tuna-Fish6y ago

1 more reply

j / k navigate · click thread line to collapse