March 2025 Data Breach

Jane · March 27, 2025, 2:55pm

I’m trying to figure out if it’s maybe only a partial breach because nothing I know of says my password is breached.

Daeron · March 27, 2025, 2:56pm

They’ll have their own crawlers that pull data from breaches all over the internet.

orangeandblack5 · March 27, 2025, 2:56pm

that’s what we’re working on

carbonated · March 27, 2025, 2:56pm

It should just be partial since most people seem unaffected

in other news i finally got aegis 2fa to work so

Daeron · March 27, 2025, 2:57pm

BitWarden, dehashed & haveIbeenpwned have found nothing on any of my accounts so
Shrug

orangeandblack5 · March 27, 2025, 2:58pm

same here but I’m not afraid to have acted overly zealously just in case

will be REALLY funny if Ash just got phished tho

orangeandblack5 · March 27, 2025, 2:59pm

like I would much rather false alarm and get people to use better passwords than think a real alarm is false and have somebody’s life adversely affected for it

Daeron · March 27, 2025, 2:59pm

Or Ash has installed a shady browser extension or some sort of keylogger

Daeron · March 27, 2025, 3:00pm

Me, knowing full well it’s my orangeandblack5 blocker script I posted in Drama Mill Thread:

legally it’s not but it’d be funny if it was

Jane · March 27, 2025, 3:00pm

Also curious to know how the security breach happened.

Every site should at the very least store hashed passwords. Salted hashes are much better but just hashed is maybe borderline acceptable.

If they’re plaintext or encoded it would be severe malpractice IMO.

Daeron · March 27, 2025, 3:01pm

The MU data breach did!! It’s just they hashed them in unsalted md5.

orangeandblack5 · March 27, 2025, 3:03pm

discourse uses one-way-encrypted passwords that are considered impossible to decrypt, so the odds that someone a) got to the database and b) was able to decrypt the passwords would be very small

but we decided it was better to assume either that happened or somebody found some other vulnerability with our discourse version and later be proven wrong than to not act and have it turn out somebody did do one of those things

soweli · March 27, 2025, 3:09pm

maybe this is all part of orange’s big plan to make everybody use better passwords (for evil reasons)

orangeandblack5 · March 27, 2025, 3:10pm

bro i am so chill with that possibility

Marshal · March 27, 2025, 5:44pm

i have a unique fol password that still isn’t listed as breached, and another non-unique that could feasibly have been breached outside of fol but woulda had to been relatively recently (past month or so)

orangeandblack5 · March 27, 2025, 11:06pm

yeah

im starting to come around to the idea that ash just had somebody else use his password on some other website, and that rando and you both got breached elsewhere

but we’re still looking into things

CRichardFortressLies · March 27, 2025, 11:07pm

These days, using the same password on multiple accounts is asking for trouble.

InsanityUwU · March 28, 2025, 1:35am

Amogus

DatBird · March 28, 2025, 4:06pm

If theres any update, please update the announcement in the discord too. Cause like I check that way more ty for informing us though. TBH don’t even remember which password this one is

orangeandblack5 · March 28, 2025, 5:02pm

yeah once we have everything sorted we’ll re-ping and also prolly send out an e-mail if that seems helpful