Looks like the @devkitPro accounts DB (with hashed passwords) just got dumped on Pastebin (https://pastebin.com/0A775EZt caught by @haveibeenpwned). If you haven't changed any reused passwords yet, better get on that now.
-
Spreading the password dump is going to result in increasing the chances of people's email addresses being noticed and passwords being bruteforced. Please delete the original tweet in this thread.
Anyone who wants to crack the passwords and own people already has the dump. Pretending they don't is security theatre. There is more benefit to be had by causing alarm and urging people to change their passwords *now*.
-
-
And anyone who didn't have the dump before now does, due to this weak argument. Please retweet this without the pastebin dump. Your audience aren't just your followers on Twitter; there are abusive lurkers who do not hack for ethical reasons which follow you.
-
Anyone who didn't have the dump can go to https://haveibeenpwned.com/ , type in the email address of *any* devkitpro forum user (e.g. mine, which is public), and follow the link to the pastebin. Sorry, I don't do security theatre. It's out there. Any and all attackers will have it.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.