British tech news site, TechRadar, is the latest in a string of websites coming forward to admit they were hacked and user’s email addresses, usernames, encrypted passwords and dates of birth were accessed by criminals.
It appears the theft was either self-discovered by TechRadar or disclosed privately, as the notices were sent out to users of its forums without it having been leaked publicly.
This does bring up an important issue though. Is it really a good idea to share your date of birth with a random tech forum?
Why do so many websites, grocery stores, hotels and other establishments think it is appropriate to ask for something so important to our identities?
When asked to share your birth date, postal code or any other personal information ask yourself… Is there a legal reason they need to know, or is it just a nice-to-have?
TechRadar says that the passwords were “encrypted”. I am not sure how to take that.
Were they hashed? Were they salted? How many rounds? Saying “encrypted” raises more questions than answers.
TechRadar does share some good advice with its users. Don’t use the same password on more than one site and if you did, change them all immediately.
The forums at TechRadar are still offline while it investigates the incident and I do applaud them for coming forward about this situation.
Rather than debate the correct way to hash/salt/store passwords, I would like to suggest preventing your database from being compromised should be the first priority.