Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Doomworld (Probably) Got Hacked

This announcement is no longer active


As you may have heard by now, Doomworld (probably) got pwned by a script kiddie. I don't know what databases were accessed but they claim email addresses and password hashes, at the least. I will be looking into this further of course.


To summarize what you should know about your account:


  • We don't store your password directly, but the output of a salted and hashed one-way algorithm. You can change your password if you wish but no one should be able to decrypt it anyway.
  • If you signed up using an OpenID service like Twitter, Google etc, we only store some sort of token, no password or password-related data ever touches our end, so you shouldn't have to worry.
  • The forum's admin panel uses 2-factor authentication so I don't particularly think that anything sensitive could have been accessed or changed that way, but if someone exfiltrated the database via other means it wouldn't really matter.
  • As the admin, this is ultimately my fault, and I am very sorry it has happened. I will have to consider this and consult with others to decide what sort of site changes need to be made to help fix this situation. In general this is a good opportunity to consider your password hygiene and begin using a password manager with unique passwords if you haven't done so.