Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wine HQ Password Database Compromised

Posted by Unknown on from the assailant-reportedly-doped-up-on-php dept.

With his first accepted submission, tyler.russell writes with a report that the WineHQ database systems were compromised. Quoting the official announcement: "We are sorry to report that recently our login database for the Wine HQ Application Database was compromised. We know that the entire contents of the login database was stolen by hackers. The password was encrypted, but with enough effort and depending on the quality of your old password, it could be cracked. We have closed the hole in our system that allowed read access to our database tables. To prevent further damage we have reset your password to what is shown below. We strongly suggest that if you shared your AppDB password on any other sites that you change that password as soon as possible.". He adds: "A new username and password were included with this email."

4 of 124 comments (clear)

  1. Oh that's secure by theswade · · Score: 4, Interesting

    So their solution to a security breach is to send out everyone's logins via clear text?

  2. Re:Ah Hell by Anonymous Coward · · Score: 4, Funny

    entire contents of the login database was stolen by hackers

    Dammit. They didn't steal it. They made a copy. Okay?!

  3. Dropbox+KeePassX by Maquis196 · · Score: 3, Interesting

    If you accept that the internet will spit out your details at some point do this;

    1. Sign up to dropbox (it's free and works on all platforms - including mobiles)
    2. Get a copy of Keepassx, mac/windows version might have different name, never used them.
    3. Store database of keepassx on dropbox so you've always got access to it.
    4. Each website gets own generated password, short passwords for things you might need to type in on phone but still random.

    This way, 1 bad event like this keeps you safe. I have both on my Android as well so it's with me always. /Maq

  4. Re:How secure... by Carnildo · · Score: 3, Insightful

    How secure...is sending out passwords via mass email in plain text?

    Sending passwords in clear-text emails is only a minor security risk: in general, only network providers, system administrators, and three-letter agencies are in a position where they can intercept or read a user's email. If the people who attacked the WineHQ database don't fall into one of those categories, resetting passwords and sending the new ones in clear-text emails represents a dramatic reduction in the impact of the database compromise. If the attackers *do* fall into one of those categories, sending the emails does not increase the impact.

    --
    "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.