@18001767679, please change your password

18001767679 · March 17, 2021, 5:05pm

Hello everyone,

@18001767679 needs to change his password. And for everyone else, please keep your login info secure.
This started when @18001767679 leaked his login info somewhere. I won't say here where, but I can say that it was in a insecure PHP login program that stored passwords in PLAINTEXT (this is why you should hash your passwords). I wondered whether the password that he used for that program was his Snap! password, so I tested it, and to my surprise, it actually worked. He just happened to use the exact same password for his Snap! accounts and probably many more (this is why you shouldn't use the same passwords for very sites, it makes you vulnerable to credential stuffing which is what happened here.
I could've done worse things than this (I really wanted to fix @18001767679's grammar and spelling) but I didn't
@18001767679, please change your passwords, as your old one is publicly visible.

- (you know who)

helicoptur · March 17, 2021, 5:13pm

I was real confused for a second, I thought you were them

4cwefgtw9e587 · March 17, 2021, 5:49pm

So everybody can see my password? I don't understand.

programmer_user · March 17, 2021, 5:52pm

I think it means that @18001767679 leaked his password somewhere

4cwefgtw9e587 · March 17, 2021, 5:53pm

oh, i don't leak my passwords. I just use the same username

18001767679 · March 17, 2021, 11:11pm

Changed

Changed
(I got $2y$10$GoOWj4cAcd7ETynL2N2juOQSBF2HK/SEe3Hn.jXC0VKW/CJ/qhL1y!
What is this?)

Yes but some times I am too lazy to type the pasword so I make it like "WseWEF!@#sdd123" (not actually this one)

Whoops

I'll make it better

bh · March 18, 2021, 12:48am

Everyone should use a password manager, such as 1Password or LastPass, which takes care of all that for you. You get a different password on every web site, but you only have to remember and type one password, the one for the password manager itself.

programmer_user · March 18, 2021, 12:59am

You should probably logout whoever created this post, there's an option in settings.
(I wonder who that is)
Edit: it looks like that person has been logged out

18001767679 · March 18, 2021, 1:06am

Looks like it didn't log me out on the main site.

Cryptographic hash function - Wikipedia

18001767679 · March 18, 2021, 10:28am

Ouch

I mean is it sha 256 or sha 512?

18001767679 · March 18, 2021, 12:41pm

If the attacker had already gotten in, you can't log them out which means that they can change your password and email and takeover your account (I didn't do this luckily for you) which is why we need

and

18001767679 · March 18, 2021, 12:49pm

By the way, I tested your password on your Scratch account and it worked, but then I was taken to this page:

How is a NUMBER an inappropriate username?
Now I can see you coming to Snap! for three reasons:

Snap! has better JS integration
Not just this
You were banned from Scratch
No.I just made a new account WITH THE SAME PASSWORD (you are free to use it because the next reason )
Because of the CCP block (as in GFW block, not Snap! block)
yes
(@bh this isn't really a scratch rant, I'm just pointing out that the password works for his scratch account and that he was banned, feel free to delete or edit this)

18001767679 · March 18, 2021, 12:55pm

How am I supposed to know?

pumpkinhead · March 18, 2021, 1:19pm

probably because it looks like a phone number
+1 800 176 7679
but since he claimed he doesn't live in the United States, that's probably not his phone number since the country code for the U.S. is 1. I don't know why he decided to make his username a phone number.

helicoptur · March 18, 2021, 5:55pm

Considering it starts with 1-800, it could be a phone number of a company or something