CAG Defacing/Hacking News & Updates

aardarf said:
Thanks CheapyD!

And thanks that I finally hear about a breach in which the passwords stored are actually PROPERLY SALTED AND HASHED instead of just plaintext or whatever.
Click to expand...
+infinity for this. Was going to post the same thing.

Thank you for knowing how to properly store passwords!

 
Using Firefox, cleared cookies for CAG and still getting logged out if I look at another tab and then come back. Aaaahhhhh.....

Edit - Nevermind, I didnt clear enough cookies before. Now it works.

 
Last edited by a moderator:
Firefox on PC. Will not save the login or update the password. This is the only site that is giving the problem and it was fine before the attack.

 
Fixes have gone live to sort out the login issues. If you're still having problems, log out manually (hover over your avatar top-right and click "Log Out", then log in again. (Make sure you check "Remember me".) Please let me know here if it makes a difference for you.

 
Just want to say my Netflix and PSN account were effected by this, only accounts with same info. I would like to know exactly how these hashes were being made and what form of encryption was being used? Myself being an information security professional I am disappointed in the steps that were taken to protect us. I'll still be a member of the site but you better be beefing up security.

 
Blade3D said:
Just want to say my Netflix and PSN account were effected by this, only accounts with same info. I would like to know exactly how these hashes were being made and what form of encryption was being used? Myself being an information security professional I am disappointed in the steps that were taken to protect us. I'll still be a member of the site but you better be beefing up security.
Click to expand...
A hash of a 5 character alphanumeric (and random symbol) salt concatenated with a hash of the password, all hashed. There's no encryption because the password is not stored in any form, only a hash of two other hashes stuck together. Even a weak 6 character password would take years to brute force with a typical desktop CPU, so even if you were specifically targeted it's extremely unlikely that this intrusion was the cause.

(And yes, security has been completely overhauled since the attack.)

 
Still having the login problems, but it might be a firefox and chrome browser issue. They have trouble with "annotated password websites." Is that what CAG does now?

EDIT: I wonder if there is a way for you to kill our logins from everything, then we can try to login again? Like how facebook shows all of your logins? I just checked FF, and chrome on my tablet and I am not logged in. I use non histroy/cookie browsers on my PC, so I do not show any other logins.

 
Last edited by a moderator:
I did not read all pages but I have to login multiple times on desktop, even on messenger. On mobile everything is ok. Is it normal now?

 
Hi John,

Still having the issue on firefox.  I clicked the link above and after I close the window, I log out of CAG and need to relogin... Any other fix?  *EDIT* Think that deleting my cookies twice fixed it.

EDIT#2  I take it back.  I just shut my computer down and when I came back to the site, I was logged out again.

I cleared my cookies and clicked the link you provided above.  Neither fixed the auto log out issue.

Thanks!

 
Last edited by a moderator:
billyrox said:
Hi John,

Still having the issue on firefox. I clicked the link above and after I close the window, I log out of CAG and need to relogin... Any other fix? *EDIT* Think that deleting my cookies twice fixed it.

EDIT#2 I take it back. I just shut my computer down and when I came back to the site, I was logged out again.

I cleared my cookies and clicked the link you provided above. Neither fixed the auto log out issue.

Thanks!
Click to expand...
Sent you a PM.

 
Got a surprising email from Best Buy that my new 4k Retina iMac was shipped!

Too bad I never ordered it.

If you use shared passwords, change them now.

 
John said:
Let me know the next time you get logged out on desktop. It should be fixed, but you never know.

If you still have issues, clear your cookies (or we can do this for you if you go to https://www.cheapassgamer.com/cookiefix.php), then log in again.
Click to expand...
OK, I have to login again on desktop (on mobile I'm signed in already). So, it's time to clear cookies :)

--

Nothing's changed. After reboot I have to login again. It might depends on IP, I have dynamic (but still the same as on mobile device).

 
Last edited by a moderator:
Just had a notification that my Social Club password was changed. Before I could reset it the account was reset to Russian. Not sure if I used the same password there but it seems strangely "coincidental..."
 
Renegade Moose said:
Just had a notification that my Social Club password was changed. Before I could reset it the account was reset to Russian. Not sure if I used the same password there but it seems strangely "coincidental..."
Click to expand...
It is a coincidence. We don't store passwords. The hash we store is unique. The only way to get the password is to brute force the hash, and unless someone with a vast amount of computing power is specifically targeting you (and you have a weak password), even then it would take years to achieve that. Nobody is doing anything with your old CAG password.

 
Thanks for the reassurance. I think the few others posting then suddenly seeing it on another account has me paranoid. Just to be safe I changed a bunch of passwords again...
 
On mobile (iPhone) and this seems to be the only board I can get to. When in the deals or movie boards, I think I see current topics, but when clicking on one it just takes me to a page that looks like a bunch of ads.
 
John said:
And if that doesn't work, we're bringing back Deadpool.
Click to expand...
deadpool__not_amused_by_ascending_1-d46s2cf.jpg


 
You must log in or register to reply here.
bread's done
Back
Top