Possible hashed passwords captured by phpBB hack




In an attack on the website of the popular forum software phpBB have the attackers hashed passwords can get. That phpBB disclosed. Previously advised the forum software, users of its website preventively to change passwords.

News about the hack came Monday already out. According phpBB now appears that the attackers gained access to the databases of phpBB.com and Area51, the development of phpBB. That means there are encrypted login data can be captured. The attackers would have installed a sniffer to between 12 and 15 December to log all logins, all of phpBB hashing tool would make it difficult to retrieve the plaintext passwords.

PhpBB has bcrypt algorithm by a factor used to encrypt the passwords. Also present were the passwords in the database include a salt, which can prevent them through rainbow tables can be traced. It is not clear whether this also applies to the sniffed passwords. PhpBB advises users who also use their password elsewhere on phpBB.com or Area51 to change their password.

The attackers have not messed with the installation files phpBB promise the makers of the forum software. The attackers are also not entered through a leak in the forum software, but managed to retrieve the login information of a phpBB team. PhpBB soon promises to come up with more clarity about the measures taken after the hack. At the time of writing the phpBB site is still offline.


Tags: ,

In: Technology & Gadgets Asked By: [15575 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »