@18001767679, please change your password

Hello everyone,

@18001767679 needs to change his password. And for everyone else, please keep your login info secure.
This started when @18001767679 leaked his login info somewhere. I won't say here where, but I can say that it was in a insecure PHP login program that stored passwords in PLAINTEXT (this is why you should hash your passwords). I wondered whether the password that he used for that program was his Snap! password, so I tested it, and to my surprise, it actually worked. He just happened to use the exact same password for his Snap! accounts and probably many more (this is why you shouldn't use the same passwords for very sites, it makes you vulnerable to credential stuffing which is what happened here.
I could've done worse things than this (I really wanted to fix @18001767679's grammar and spelling) but I didn't
@18001767679, please change your passwords, as your old one is publicly visible.

- (you know who)

I was real confused for a second, I thought you were them

So everybody can see my password? I don't understand.

I think it means that @18001767679 leaked his password somewhere

oh, i don't leak my passwords. I just use the same username

Changed

Changed
(I got $2y$10$GoOWj4cAcd7ETynL2N2juOQSBF2HK/SEe3Hn.jXC0VKW/CJ/qhL1y!
What is this?)

Yes but some times I am too lazy to type the pasword so I make it like "WseWEF!@#sdd123" (not actually this one)

Whoops

I'll make it better :slight_smile:

Everyone should use a password manager, such as 1Password or LastPass, which takes care of all that for you. You get a different password on every web site, but you only have to remember and type one password, the one for the password manager itself.

You should probably logout whoever created this post, there's an option in settings.
(I wonder who that is)
Edit: it looks like that person has been logged out

Looks like it didn't log me out on the main site.

:man_facepalming: https://en.wikipedia.org/wiki/Cryptographic_hash_function

Ouch

I mean is it sha 256 or sha 512?

If the attacker had already gotten in, you can't log them out which means that they can change your password and email and takeover your account (I didn't do this luckily for you) which is why we need


and

By the way, I tested your password on your Scratch account and it worked, but then I was taken to this page:


How is a NUMBER an inappropriate username?
Now I can see you coming to Snap! for three reasons:

  1. Snap! has better JS integration
    Not just this
  2. You were banned from Scratch
    No.I just made a new account WITH THE SAME PASSWORD (you are free to use it because the next reason :frowning: )
  3. Because of the CCP block (as in GFW block, not Snap! block)
    yes
    (@bh this isn't really a scratch rant, I'm just pointing out that the password works for his scratch account and that he was banned, feel free to delete or edit this)

How am I supposed to know?

probably because it looks like a phone number
+1 800 176 7679
but since he claimed he doesn't live in the United States, that's probably not his phone number since the country code for the U.S. is 1. I don't know why he decided to make his username a phone number.

Considering it starts with 1-800, it could be a phone number of a company or something