March 2025 Data Breach

Jane · March 27, 2025, 3:00pm

Also curious to know how the security breach happened.

Every site should at the very least store hashed passwords. Salted hashes are much better but just hashed is maybe borderline acceptable.

If they’re plaintext or encoded it would be severe malpractice IMO.

Daeron · March 27, 2025, 3:01pm

The MU data breach did!! It’s just they hashed them in unsalted md5.

orangeandblack5 · March 27, 2025, 3:03pm

discourse uses one-way-encrypted passwords that are considered impossible to decrypt, so the odds that someone a) got to the database and b) was able to decrypt the passwords would be very small

but we decided it was better to assume either that happened or somebody found some other vulnerability with our discourse version and later be proven wrong than to not act and have it turn out somebody did do one of those things

soweli · March 27, 2025, 3:09pm

maybe this is all part of orange’s big plan to make everybody use better passwords (for evil reasons)

orangeandblack5 · March 27, 2025, 3:10pm

bro i am so chill with that possibility

Marshal · March 27, 2025, 5:44pm

i have a unique fol password that still isn’t listed as breached, and another non-unique that could feasibly have been breached outside of fol but woulda had to been relatively recently (past month or so)

orangeandblack5 · March 27, 2025, 11:06pm

yeah

im starting to come around to the idea that ash just had somebody else use his password on some other website, and that rando and you both got breached elsewhere

but we’re still looking into things

CRichardFortressLies · March 27, 2025, 11:07pm

These days, using the same password on multiple accounts is asking for trouble.

InsanityUwU · March 28, 2025, 1:35am

Amogus

DatBird · March 28, 2025, 4:06pm

If theres any update, please update the announcement in the discord too. Cause like I check that way more ty for informing us though. TBH don’t even remember which password this one is

orangeandblack5 · March 28, 2025, 5:02pm

yeah once we have everything sorted we’ll re-ping and also prolly send out an e-mail if that seems helpful

orangeandblack5 · March 28, 2025, 5:03pm

as of right now our hosting provider is pretty sure that we just got hit by a funny coincidence

orangeandblack5 · March 28, 2025, 5:04pm

but I’m going to give it the weekend to see if anybody else starts getting “password compromised” notifications before officially announcing it as a false alarm

Chomps · March 31, 2025, 10:05pm

can we have a new one for april

Garfooled · April 1, 2025, 1:33am

Social Security # leak next!!!

orangeandblack5 · April 1, 2025, 1:33am

please do not put your SSN anywhere near our site

we don’t want it

Garfooled · April 1, 2025, 1:34am

Rip whoever has been keeping notes by dming themselves (definitely not me)

Ash · April 1, 2025, 1:44am

Am I allowed to put your SSN near this site?

orangeandblack5 · April 1, 2025, 7:27am

Update

Squirrel2412 · April 4, 2025, 7:59am

I’m a bit late, but the link is using the fortressoftruth.net domain, which doesn’t load for me (and might not for others)

You can also click the original link and manually change it to fortressoflies.com