Tianya Hacked, 4 Million Passwords Published



The series of mega-hacks is continuing in China, with gigantic BBS community Tianya the latest in a series of high-profile hacking cases that has affected numerous internet services and revealed the passwords of millions of internet users.

The good — well, kinda good — news for Tianya users among the 4 million whose usernames and passwords were published online is that the data the hackers published is reportedly from a backup database made before 2009. Since an upgrade in 2010, Tianya has stored users passwords in an encrypted format, so anyone who has changed their password since 2009 shouldn’t have much to worry about (unless they still use the old username/password combination for other sites). Tianya currently has over 20 million registered users.

Of course, that raises a pretty obvious follow-up question: so Tianya’s password database wasn’t encrypted until 2010? Apparently at least some of them weren’t, with passwords stored in plain text in a database. In its statement about the hacking, Tianya says there are “historical reasons” for this, but declined to elaborate any further.

In any event, as if it wasn’t clear enough already, users of internet services in China should be very careful about the passwords they’re using. If you’re not sure whether your password is safe or not, we offer some tips to keeping your accounts and personal information secure at the end of this post.

[Sina Tech]

(And yes, we're serious about ethics and transparency. More information here.)

Read More