Tech site closes forums after passwords are stolen – but where they encrypted or not?
TechRadar has had its user registration password database hacked, with usernames, emails, dates of birth and encrypted passwords stolen.
The technology news and reviews website, which is owned by Future Publishing, said its IT team had identified the cause and was working on rectifying it.
Related TechRadar forums have been closed until the publication is happy there is no risk for users.
“In the meantime, although passwords are encrypted, we are contacting all registered users of the site and the forums today to let them know that if they use the same password on TechRadar for other websites then we strongly advise them to change these passwords immediately,” read a note from Nick Merritt, publisher of TechRadar.
“We will contact registered users shortly with instructions on how to update their password details for the site.
“TechRadar includes a number of old Future Publishing computing magazine forums that were migrated onto the TechRadar forum software a while ago, so if you have received the TechRadar Support alert email, it will be because you have an account with us, whether current or unused.”
Chester Wisniewski, a senior security advisor at Sophos, wondered what TechRadar meant by “encrypted” passwords. “Were they hashed? Were they salted? How many rounds? Saying ‘encrypted’ raises more questions than answers,” he said in a blog post.
“Rather than debate the correct way to hash/salt/store passwords, I would like to suggest preventing your database from being compromised should be the first priority.”
LinkedIn was recently hit by a major password theft, which saw over six million passwords . The company subsequently both hashed and salted its passwords.
Yet the company is facing a $5 million lawsuit, in which LinkedIn has been accused of not adequately protecting its users’ information.
Are you a security geek? Try our quiz!