NGL, I swiped the archive link from the story posted on Plebbit to Half-KIA, but I figured it needed a signal boost over here, too, as a just in case.
tl;dr - Gab got hacked, attackers got the password hashes. Shouldn't amount to anything, but probably wouldn't hurt to change your password over there, as well as any accounts that used the same one if you double-dipped
You can't (without simply brute forcing) unhash a hashed value, that's the entire point.
If the hashes were salted (adding a randomized value to the hash function) then stolen password hashes are essentially useless (in terms of guessing the real password) unless you got a really weak password (something below a quadrillion combinations). Unless someone really wants your account hacked for some reason and is ready to pay some cash for it, then you need a few orders of magnitude more.
If they were not salted then that is another matter, much easier to get to the real password (especially if weak) then.
Exactly. I'm not that worried about the hashed passwords. Probable worst case scenario is that someone posted something embarrassing or illegal over there and the group that got the data could use it as blackmail material.
NGL, I swiped the archive link from the story posted on Plebbit to Half-KIA, but I figured it needed a signal boost over here, too, as a just in case.
tl;dr - Gab got hacked, attackers got the password hashes. Shouldn't amount to anything, but probably wouldn't hurt to change your password over there, as well as any accounts that used the same one if you double-dipped
You can't (without simply brute forcing) unhash a hashed value, that's the entire point.
If the hashes were salted (adding a randomized value to the hash function) then stolen password hashes are essentially useless (in terms of guessing the real password) unless you got a really weak password (something below a quadrillion combinations). Unless someone really wants your account hacked for some reason and is ready to pay some cash for it, then you need a few orders of magnitude more.
If they were not salted then that is another matter, much easier to get to the real password (especially if weak) then.
Exactly. I'm not that worried about the hashed passwords. Probable worst case scenario is that someone posted something embarrassing or illegal over there and the group that got the data could use it as blackmail material.