
xkcd: 562k Accounts breached according to haveibeenpwned - phenomax
https://twitter.com/haveibeenpwned/status/1168090499271389184
======
NextHendrix
I wonder how many of those passwords are correcthorsebatterystaple

------
cristoperb
I'm one of them :/

The haveibeenpwned description says password hashes are md5, which sucks. But
phpBB has used bcrypt by default since version 3.1 (2014)... I wonder if all
the hashes are md5 or only those for older accounts?

[https://haveibeenpwned.com/PwnedWebsites#XKCD](https://haveibeenpwned.com/PwnedWebsites#XKCD)

~~~
lucb1e
Impacted as well, but I'm happy to be part of it. Either they'll crack an old
password or, more likely, this is a new style password and they waste a lot of
cracking time on it. Using a password manager for everything except a few
offline things and my bank account was definitely the right move.

~~~
jsjohnst
What do you use for your bank account?

~~~
lucb1e
Same as for my master password: a randomly generated, memorized password.

The trick to remembering them is to use them regularly. This is also why I
don't use a passphrase: a password is much shorter and less frequently typo'd,
thus less annoying for frequent use.

------
jasoneckert
This sucks. But on the bright side, we can expect an XKCD comic about it in
the future.

------
JoeAltmaier
Who has an 'account' with xkcd? Confused.

~~~
bhaak
Me, too. I mean, a xkcd forum is not that surprising but half a million users
while I never heard about it existing?

Could that have been a honeypot? At least partly? That's something xkcd would
do.

~~~
Tuna-Fish
No, it's real. It used to be prominently on the site sidebar, but it got very
big around the time xkcd first got popular, and the link was subsequently
removed. After that, you had to know it existed and just go directly to
forums.xkcd.com, so the only people who knew of it were generally the people
who were early xkcd readers or people invited by them. Imho it's one of the
better open "offtopic" discussion forums on the web, partly because of insular
culture trending towards thoughtfulness.

~~~
jimhefferon
I ran into it by Googling, so it was not hidden well.

