Trading Paints Credentials Leaked - CHANGE PASSWORDS

3 years ago by BURN to c/simracing

Hadn't seen this posted, but for anyone who uses Trading Paints in conjunction with iRacing you need to go in and change passwords NOW!

There was a leak of 270,000 accounts with emails/passwords in md5 format (easily reversible to plaintext)

If you use the service make sure to reset your passwords asap and if you use the password shared on other services you should make sure to change it as well

load all comments

safesyrup 4 points 3 years ago

fucking md5. which one of the devs thought this would be a good idea?

save

path: 0 2920858, hotness: undefined, score: 4, children: 7

BURN 3 points 3 years ago

Seriously. MD5 is in no way secure. At the very minimum it should have been encrypted with an algo that isn't already broken. Pretty disappointed in the TP devs TBH. That's not an oversight, that's a complete and utter disregard for the safety of their users information

save

path: 0 2920858 2925368, hotness: undefined, score: 3, children: 6

jamesrylandmiller 2 points 3 years ago

@BURN they should at least use bcrypt

save

path: 0 2920858 2925368 2927213, hotness: undefined, score: 2, children: 2

BURN 2 points 3 years ago

That’s my go-to for any password encoding

Hopefully this gets iRacing to open up their oAuth portal to external apps and someone can develop something more secure.

It really shouldn’t be that hard. It’s an account management and CDN software, it honestly can’t be that hard to build a properly hardened version

save

path: 0 2920858 2925368 2927213 2927595, hotness: undefined, score: 2, children: 1

jamesrylandmiller 2 points 3 years ago

@BURN yeah. MD5 for as long as I can remember is compromised.

save

path: 0 2920858 2925368 2927213 2927595 2933915, hotness: undefined, score: 2, children: 0

simracing

@lemmy.ml

Discussing all things Sim Racing

go to feed...

simracing

@lemmy.ml

Discussing all things Sim Racing

go to feed...