pouët.net

pain.scene.org password leak from 2004

category: general [glöplog]
Okay so Jesse found a dump of passwords recently that was tagged as "www.scene.org owned" - this is only tangentially true, the db seems to be coming from the old pre-SceneID version of pain.scene.org voting user database which stored passwords in plaintext and had a bunch of old crappy PHP code.

Timeframe-wise, we're talking about up to 2004 here - in that sense, I would say it's fairly innocuous unless you have an abysmal password policy. Still, it's probably best if you have a quick look and see if you're affected. In the meantime I'll be fixing the PHP on the site to make sure this doesn't happen again.
added on the 2017-08-23 15:35:46 by Gargaj Gargaj
I see that some people I know use abysmal passwords :D
added on the 2017-08-23 15:47:14 by Preacher Preacher
It looks to me that everyone on that list has lame passwords... I guess everyone knew that they were plaintext so they didn't bother making them any stronger?
added on the 2017-08-23 15:49:21 by TomoAlien TomoAlien
Yeah, having a lame password for (personally) inconsequential sites is actually good security. Best way to avert damage (in this case further than a few wrong votes).

Fun to see how people's password choices correlate with their character or choice of running jokes tho :)
added on the 2017-08-23 15:52:07 by kb_ kb_
Interesting, I used the name of a Hungarian town as a password. Vigyázz! A kutya harap!
added on the 2017-08-23 15:52:58 by Adok Adok
a lot of those password are kinda... revealing :D
added on the 2017-08-23 15:56:16 by visy visy
ficksau666 > ficksau
fickenficken > ficken
Some people clearly have stronger passwords than others.
Okay break it up people, this is a security bulletin, not an all-you-can-lulz buffet :D
added on the 2017-08-23 15:57:52 by Gargaj Gargaj
Fun fact - the first e-mail password I ever had in 1995 or so was "iguana", because I absolutely loved Heartquake back then.
added on the 2017-08-23 15:59:05 by Preacher Preacher
hey everybody - sorry to see this happen. i was not even aware of the fact that the old pain voting website was still online nor that there were plaintext passwords saved anywhere. thanks gargaj to fix things and shutting the leaks. it's been a while .. :)
added on the 2017-08-23 16:03:49 by unlock unlock
Nomen est omen
added on the 2017-08-23 16:06:47 by pohar pohar
A couple of years ago, there was a leak from LinkedIn. A high-rank Austrian politician from a far-right party was affected by this leak. His password that was revealed in this leak suited what others suspected to be his political views: It was "heilheil".
added on the 2017-08-23 16:06:53 by Adok Adok
The funniest part is that they didn't seem to have used a proxy/vpn - pretty sure I have their real IP address here.
added on the 2017-08-23 16:10:16 by Gargaj Gargaj
Also,
Quote:
It looks to me that everyone on that list has lame passwords... I guess everyone knew that they were plaintext so they didn't bother making them any stronger?

Just think back what your passwords looked like in 2004, when nobody used password managers or generally cared about strong passwords that cannot be cracked by simple dictionary attacks. And yes, plaintext was also still very widespread at that time, too, but it's probably not something site users were aware about.
lol
added on the 2017-08-23 16:38:30 by w00t! w00t!
Please don't post any of the passwords here.
added on the 2017-08-23 18:02:12 by Gargaj Gargaj
Before posting a word, make sure it's not on the password list.
added on the 2017-08-23 19:58:16 by yzi yzi
Fuck! That's also my csdb password. Changed :P
added on the 2017-08-23 20:31:10 by Optimus Optimus
Quote:
Timeframe-wise, we're talking about up to 2004 here - in that sense, I would say it's fairly innocuous unless you have an abysmal password policy.
cpc128
added on the 2017-08-23 22:02:50 by 1in10 1in10
Heh, funny choice for my password.. and fortunately it's not used anywhere else. Diskmag voting security is less of a concern for me than, say, a bank account or facebook. :)
added on the 2017-08-23 22:26:58 by phoenix phoenix
but at least they didn't revealed my password :)
added on the 2017-08-23 22:38:53 by Flashy Flashy
jobe has nice passwd :)
added on the 2017-08-23 22:48:33 by leGend leGend
HRONET aka WSAP? ;-)
added on the 2017-08-24 01:04:51 by RufUsul RufUsul
phoenix: Nice password!
added on the 2017-08-24 07:16:02 by Adok Adok

login