Hacker News new | ask | show | jobs
by wiredfool 4892 days ago
Me too, and I've never attached an app to twitter. (I've got an account that I basically have signed into 3 or 4 times in 5 years). I'm curious why my username came up as being compromised, unless they're doing something sneaky about updating all passwords older than x yrs old.

edit: The attacker got salted password hashes. That explains it.
1 comments
0x0 4892 days ago
Maybe they stopped the hackers in the middle of dumping the database and they only got away with the earliest accounts created.
link
kape 4892 days ago
Got also the message. My account was created in January 2007 and user id is about 700k. So this could be the case.
link
wiredfool 4892 days ago
Iirc, my usernumber is ~ 700k. So, probably an early version of the hash, unless they silently upgrade on logins.
link
irq 4892 days ago
I just got the reset email, and my uid is in the 3.8 million range, created 4/2007.
link
wallywax 4892 days ago
Could be. My account dates from 2006, and my userid is sub 50k.
link
taligent 4892 days ago
Or more likely the database is sharded and they just compromised those physical machines.
link
0x0 4892 days ago
That sounds odd, 250k out of 500m sounds like way too little data for even a single shard, no? And why would only a single shard be vulnerable?
link