1. Updated Resource Submission Rules: All model & skin resource submissions must now include an in-game screenshot. This is to help speed up the moderation process and to show how the model and/or texture looks like from the in-game camera.
    Dismiss Notice
  2. DID YOU KNOW - That you can unlock new rank icons by posting on the forums or winning contests? Click here to customize your rank or read our User Rank Policy to see a list of ranks that you can unlock. Have you won a contest and still havn't received your rank award? Then please contact the administration.
    Dismiss Notice
  3. The 18th Icon Contest is ON! Choose any ingame unit and give him/her Hero abilities. Good luck to all.
    Dismiss Notice
  4. The Secrets of Warcraft 3 have revealed interesting works. The RESULTS for Abelhawk's Mini-Mapping Contest #15 have come out!
    Dismiss Notice
  5. Contestants are to create a scene set in the Stone Age. Come and see what you can come up with. We wish you the best of luck!
    Dismiss Notice
  6. Colour outside the lines! Techtree Contest #13 is a go. The contest is optionally paired.
    Dismiss Notice
  7. Night Rider gained several songs for his journey. The poll for the 12th Music Contest has started. Check it out!
    Dismiss Notice
  8. Greetings cerebrates, our Swarm needs new spawners that will have numerous children. Join the HIVE's 31st Modeling Contest - Spawners and Spawned! The contest is optionally paired.
    Dismiss Notice
  9. Join other hivers in a friendly concept-art contest. The contestants have to create a genie coming out of its container. We wish you the best of luck!
    Dismiss Notice
  10. Check out the Staff job openings thread.
    Dismiss Notice
Dismiss Notice
60,000 passwords have been reset on July 8, 2019. If you cannot login, read this.

The 2016 Hack

Discussion in 'Latest Updates and News' started by Ralle, Jul 8, 2019.

  1. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,195
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    Hey all,

    Today I was contacted by a good samaritan on Discord who had found that a list of usernames and passwords for The Hive Workshop had been leaked from the hack back in 2016. I did not reset people's passwords back then, so I have done it now.

    If you cannot login:
    Use the 'Forgot your password?' feature.

    If you don't have access to the email account or don't get an email:
    Use this 'Contact Us' link.

    Do not create a new account.

    I have deleted the passwords for around 60,000 accounts on the site because they were leaked. I am sorry if this is an inconvenience to you.

    If you used your password and email from 2016 on any other site, I highly recommend you change it. Go to this site to get a quick overview of the status of whether any of your emails or passwords are in the hands of someone else.

    I also recommend using LastPass for storing randomized passwords for each site instead of re-using the same old ones.
     
    Last edited: Jul 11, 2019
  2. YetAnotherYoutuber

    YetAnotherYoutuber

    Video Producer

    Joined:
    Jun 9, 2015
    Messages:
    210
    Resources:
    0
    Resources:
    0
    a password reset, hmm, so upon trying to log-in next time, the affected will be prompted to select a new password?
    or is there something more elaborate that the affected will have to do
     
  3. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,195
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    All users with old passwords will be instantly logged out and have to do password recovery, the 'I forgot my password' feature.
     
  4. Mister_Haudrauf

    Mister_Haudrauf

    Model Reviewer

    Joined:
    Mar 14, 2014
    Messages:
    1,053
    Resources:
    58
    Models:
    53
    Icons:
    2
    Packs:
    3
    Resources:
    58
    Well i checked.... I am apparently save. Was not found in any way.
     
  5. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,195
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    Try for fun searching for my old Gmail "ralleab at gmail .com" on haveibeenpwned and see what happens when you register on forums for 15 years.

    Progress:
    Code (Text):
    Processing (48346/61968) - 0 failed, 853 already changed
     
  6. LeP

    LeP

    Joined:
    Feb 13, 2008
    Messages:
    437
    Resources:
    0
    Resources:
    0
    yeah i cant login and i cant access the old email address.

    e: smooth operated.
     
    Last edited: Jul 8, 2019
  7. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,195
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    You didn't read the thread. It said to use Contact Us, not create a new account, that's kinda against the rules man.
     
  8. Darklycan51

    Darklycan51

    Joined:
    Jan 12, 2011
    Messages:
    1,323
    Resources:
    3
    Maps:
    3
    Resources:
    3
    hope the passwords aren't stored in plain text anymore :p at least bcrypt
     
  9. Mister_Haudrauf

    Mister_Haudrauf

    Model Reviewer

    Joined:
    Mar 14, 2014
    Messages:
    1,053
    Resources:
    58
    Models:
    53
    Icons:
    2
    Packs:
    3
    Resources:
    58
    The Passwords should be encrypted so much, that the Hacker would need an entire day just to decrypt one password. It would be a Nightmare for him/her. That's for sure.
     
  10. The_Silent

    The_Silent

    Joined:
    Feb 4, 2008
    Messages:
    2,832
    Resources:
    159
    Models:
    49
    Icons:
    89
    Packs:
    8
    Skins:
    12
    Maps:
    1
    Resources:
    159
    Got pwned apparently. First time i had to change password since joining, so was probably about time, haha.

    Either way,
    should probably sent a notification to all affected parties just in case. If that is plausible. I was expecting a 'reset' mail, not that I had to generate it myself :p

    They could just 'pass-the-hash' it. The encryption is primarily to ensure that they wouldn't be able to use it on all other sites you use the same password on.
     
  11. Kyrbi0

    Kyrbi0

    Joined:
    Jul 29, 2008
    Messages:
    7,768
    Resources:
    1
    Models:
    1
    Resources:
    1
    Woah dang
     
  12. map designer

    map designer

    Joined:
    May 2, 2011
    Messages:
    896
    Resources:
    1
    Maps:
    1
    Resources:
    1
    is my username on the list? :p
     
  13. Dr Super Good

    Dr Super Good

    Spell Reviewer

    Joined:
    Jan 18, 2005
    Messages:
    25,427
    Resources:
    3
    Maps:
    1
    Spells:
    2
    Resources:
    3
    One cannot just move emails like that and should not need to. As long as you have unique passwords it should be fine.

    That site is also useless since it just mentions generic compromises. If it showed what passwords were associated with your email then you would know which sites to reset. For example my email had 3 matches from 2017 and 2018 but those could be either my THW password, my UPlay password or even my email password as all those were compromised by hacks (server hacks, not my fault) at some stage and forced to be changed.

    Password managers are just another way to mess you over. I know someone who used Apple's in built password manager and had to move computers due to a soldered GPU failure. I swapped the drives between the computers, both identical models and specs, and although the OS loaded perfectly all passwords were discarded and the password manager forgot everything. All passwords had to be recovered or retrieved from other less secure sources which fortunately existed.
     
  14. RED BARON

    RED BARON

    Joined:
    Oct 9, 2006
    Messages:
    5,122
    Resources:
    42
    Models:
    37
    Icons:
    3
    Packs:
    1
    Skins:
    1
    Resources:
    42
    Ah, figured there was a reason why my pass suddently didn't work, got somewhat worried for a second. :grin:

    Comparing it with my own mail and it shows up with the exact same numbers :grin:

    Depends on the password managers, I personally would recommend something KeePas. Its open source, works well and the highly encrypted datafile can be saved to external storage or backup location and isn't bound to a computer.
     
  15. Chaosy

    Chaosy

    Joined:
    Jun 9, 2011
    Messages:
    10,600
    Resources:
    18
    Maps:
    1
    Spells:
    11
    Tutorials:
    6
    Resources:
    18
    Been considering to use lastpass for a while anyway as I have been running out variations of my usual password.
    Better late than never I suppose.
     
  16. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,195
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    I agree. But most of these accounts haven’t changed passwords since 2016 where we were running a version of forum software practically 10 years out of date. And you can’t re-hash passwords if a user hasn’t logged in. You need the plain text password to store it in a harder hashing mechanism.
     
  17. Misha

    Misha

    Joined:
    Jun 9, 2008
    Messages:
    7,183
    Resources:
    71
    Models:
    62
    Icons:
    1
    Packs:
    2
    Skins:
    4
    StarCraft II Resources:
    2
    Resources:
    71
    I.. seem to be okay? still logged in Ouo
     
  18. WhiteFang

    WhiteFang

    Joined:
    Jul 6, 2014
    Messages:
    3,302
    Resources:
    0
    Resources:
    0
    Still logged in,that means my weird profile pictures in 2016 terrified the hackers too much
     
    Last edited: Jul 9, 2019
  19. A Void

    A Void

    Joined:
    Mar 29, 2011
    Messages:
    2,484
    Resources:
    10
    Models:
    2
    Spells:
    1
    Tutorials:
    7
    Resources:
    10
    I can still login *phew*
     
  20. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,195
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    I'm helping people who can't. Typically if they were logged in yesterday, I can do an IP match with the Contact Us form mail and confirm identity.