News:Furcadia suffers security breach

October Furcadia players logged-in early this morning were surprised to find a list of usernames, emails and passwords arriving through the online news channel.

The person behind the attack - who identified himself as "Uildiar" - claimed to have root access to the server on which Furcadia runs, and access to the game source code, though a subsequent post by Felorin suggested otherwise. He also claimed being behind past attacks on Fur Affinity.

The attacker's statements indicate that passwords were stored as the output of a SHA hash function with no salt. While this format does not grant immediate access, it is vulnerable to a precomputation attack. Reportedly many accounts using short or dictionary words as passwords - including some forum moderator and Dragon's Eye Productions staff accounts - were compromised, although some had already been changed.

Related news

 * (April 6, 2007)
 * (March 2, 2008)