Ho ricevuto la seguente email da un forum a cui ero iscritto:
It is our duty to inform you that there has been a security breach on the server that Doom10 was being hosted on. It doesn't seem like the person(s) doing the breach were after private information (mostly just spam added to the pages that were shown to Google's crawlers), but as always, one should always expect the worst. They had file system access, thus it was possible to gain access to the database containing user information (user name/hashed password/e-mail).
Passwords were/are hashed and salted in the database, but we still urge that those who have reused their password change it on the other services; and if you wish to keep using the Doom10 forum, that you change it locally as well.
You can find more information on the intrusion at: http://doom10.org/index.php?topic=2333.0
We are highly sorry for any trouble that you might experience because of this.
Regards, The Doom10 Forum: Digital Video Discussion Team.
Uso password diverse su siti diversi, quindi non sono molto preoccupato, ma solo curioso di perché un potenziale attaccante che ha accesso a password hash e salate è considerato un rischio per la sicurezza? Non credo che la password effettiva possa essere recuperata e l'aggressore non dovrebbe trovare una collisione hash per sfruttare effettivamente le informazioni?