JimJams said:
Already affected me, wads of money started disappearing out of my bank account. I managed to put a stop to it, but it's still gonna take a few weeks to get the money back. I've already gone and changed my password on ALL of the MILLION BILLION sites I use.

looking at your favorites, I suppose you could say your bank account was mangled

https://www.youtube.com/watch?v=_tWC5qtfby4


notawerewolf said:
looking at your favorites, I suppose you could say your bank account was mangled

https://www.youtube.com/watch?v=_tWC5qtfby4

I laughed so hard at this joke.


Thanks, this helps, just in case.
I looked through the list of sites using this and I use none of them, phew.


Cakemix said:
Thanks, this helps, just in case.
I looked through the list of sites using this and I use none of them, phew.

Well, hate to break it to you, but you're on one of those sites.


fewrahuxo said:
remember your NUCs (never use Cloudflare).

@above poster, having a single hard-to-guess password is many orders of magnitude unsafer than having multiple easy-to-guess passwords. best thing is to have many hard-to-guess passwords, which is why you use a password manager like Master Password (the app).

Furrin_Gok said:
Calm down. Literally something as easy as "synonym for theme or name of site" followed by "something I really enjoy" (Especially if it can relate to the site as well) and finally just a number you like is better than a master password. Like, "Big_Salted_Boobs_11", where e621 is another term for salt, and your favorites include large boobs, with your joindate being 2011.
...Though I'd definitely recommend a tad more personalization than two things directly visible from your profile, of course. Another way to look at the theme of e621 is porn of whatever sort, blue/yellow, hexagons, or any of the mascots. You can even go a bit indirect: The San Diego Chargers use both blue and yellow in their team colors, which would make Chargers or Charging a viable word for use, if your mind can process mnemonics that way.

Don't care. I'm NOT changing it again. I have nothing worth stealing in any of my internet accounts, and I already have too much crap to deal with in my life as it is. I don't need to add 'trying to remember exactly which password or variation of my master password I use on X website' on top of it all-- especially considering the fact that I'm stuck using a mobile phone to access the internet at this time, and I have to manually enter all passwords on a fucking touchscreen keyboard that intermittently crashes and takes up to five minutes to open up again. The list of affected websites (at least from what I read on the list of potentially affected sites) did NOT include e621, so I'm not really concerned about it. If e621 was affected after all, that's a risk I'm willing to take. And if my account ends up being hacked, well then I'll be a stubborn idiot who should've listened and it'll suck to be me.


The_Masked_Newfag said:
especially considering the fact that I'm stuck using a mobile phone to access the internet at this time, and I have to manually enter all passwords on a fucking touchscreen keyboard that intermittently crashes and takes up to five minutes to open up again.

Open up your apps menu and actually close your apps. Having multiple apps open at the same time is what causes the keyboard sub-app to crash, and it's generally unhealthy for the phone to try and multitask so much in the first place. Even factory default apps (Calculator, Clock, calendar, memo) can cause trouble. Close everything except for one or two apps and your keyboard should be fine.
As for how to open up that list, well, just google it. It'll require too much back and forth here for any of us tell you how to handle it on your exact phone model (It's different for different brands and models).


notawerewolf said:
looking at your favorites, I suppose you could say your bank account was mangled

https://www.youtube.com/watch?v=_tWC5qtfby4

FUCKING TRIGGERED.


Genjar said:
Like I said, not worth talking about. He hasn't been active after his troll-group (and main gaming account) got banned on Steam, anyway.

v He's a troll. Admin of a trolling-group on Steam, and all that.

If he seriously considers what he does as trolling... That's baby/edgy tween tier shit. For something really good, you gotta make yourself appear as one of them. I don't feel like elaborating more.
But it'll never be seen coming.


The_Masked_Newfag said:
Don't care. I'm NOT changing it again. I have nothing worth stealing in any of my internet accounts, and I already have too much crap to deal with in my life as it is. I don't need to add 'trying to remember exactly which password or variation of my master password I use on X website' on top of it all-- especially considering the fact that I'm stuck using a mobile phone to access the internet at this time, and I have to manually enter all passwords on a fucking touchscreen keyboard that intermittently crashes and takes up to five minutes to open up again. The list of affected websites (at least from what I read on the list of potentially affected sites) did NOT include e621, so I'm not really concerned about it. If e621 was affected after all, that's a risk I'm willing to take. And if my account ends up being hacked, well then I'll be a stubborn idiot who should've listened and it'll suck to be me.

e621 has been (somewhat) affected, we do use CF, but all traffic is encrypted before it goes over CF servers, so they only leaked encrypted garbage as far as we are aware.

Besides that, if you're on android have a look at Keepass2Android, it offers one of the best password managers, and comes with a keyboard that will enter your username and passwords for you, so no need to stupidly copy and paste stuff around all the time. Also it has a counterpart on all OS, so you can use the password database on your PC, Mac, and other devices.
Depending on which standard keyboard you're using have a look at Swiftkey, that keyboard is/was a lot faster on my old and rather weak device, so maybe it'll make your life easier as well.
Besides, check if you can uninstall garbage apps that most vendors force on you, a good chunk can either be removed outright, or at least disabled without issue. Before doing that however definitely check on the internet if the app is actually critical or not, some apps do fuck you over if they're removed. Restarting your device once a month also helps a lot in speeding things up, android does a little house cleaning every boot.


Thanks for the heads up. Due to the severity of this breach (although everything was encrypted), wouldn't it be worth forcing users to change their password on the next login? Even if it allowed them to keep it the same as last time, it just seems proactive, and that way all users are definitely 100% sure of the issue.

I know it's common sense, but it's just a though. That way no users are at risk unless it's their own doing, rather than because of CF.


wisp_the_husky said:
Thanks for the heads up. Due to the severity of this breach (although everything was encrypted), wouldn't it be worth forcing users to change their password on the next login? Even if it allowed them to keep it the same as last time, it just seems proactive, and that way all users are definitely 100% sure of the issue.

I know it's common sense, but it's just a though. That way no users are at risk unless it's their own doing, rather than because of CF.

Not a bad idea, though I'm not sure if the site staff have the immediate tools to do so without programming. And of yet, there's only been one report of a password potentially being stolen. I'd say the notion's rather up in the air


I will change now.


NotMeNotYou said:
e621 has been (somewhat) affected, we do use CF, but all traffic is encrypted before it goes over CF servers, so they only leaked encrypted garbage as far as we are aware.

But the encryption isn't end-to-end, I don't think. e621-to-Cloudflare traffic is encrypted separately from Cloudflare-to-visitor traffic. So the Cloudflare servers still have an unencrypted view of all traffic. After all, that's what makes Cloudflare's caching work. Right?


I should probably do that.


CatGod said:
Thanks better safe than sorry

Aye. That's why I changed my password from "password" to "password134".


DankMeme7 said:
Aye. That's why I changed my password from "password" to "password134".

Mine is "mypassword" No ones going to guess that!


rhyolite said:
Mine is "mypassword" No ones going to guess that!

LOL like we'd put our actual passwords here.


DankMeme7 said:
LOL like we'd put our actual passwords here.

Wait. You weren't supposed to do that?


kamimatsu said:
Wait. You weren't supposed to do that?

Nope.


DankMeme7 said:
Nope.

I made that post on April 1st.


Haha! My password is my real world name followed by the now defunct phone number at my nan and pops old house that has since burnt down! And for important stuff it's my real name followed by my old houses numbers! And both numbers don't exist in the phone book any more, and I live in Australia! Try working them out!


SmartGenius85 said:
Haha! My password is my real world name followed by the now defunct phone number at my nan and pops old house that has since burnt down! And for important stuff it's my real name followed by my old houses numbers! And both numbers don't exist in the phone book any more, and I live in Australia! Try working them out!

If there has been leakage like this, it actually doesn't matter how hard your password is, because nobody has to guess it as it's already on their hands. Just that in this case it wasn't just one site but millions of them.

This is the reason why it's highly recommended to use differend password in all places and change them regularly at least on more important services. If there is hole, security issues or bug in code with one service, you don't automatically lose them all.

Also reason why I hate services which require you to have security questions is insane at this day where many state their personal affairs online. Even if using some old unused phone number, that number still exsisted at some point, so if someone is really good at social engineering, they can easily get it.


Neferpitou said:
This guy?

HypnoBitch said:
Just looked at his comments... This guy is nuts. I can't tell if he's delusional or just trolling.

he's not nuts, that guilmon is being absolutely abused

no but this shit is funny AF to me. mostly because seeing furries get worked up over shit like this is hilarious to me


it's not polite to post in an old thread to share bad opinions.