By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Website Topics - VGChartz got attacked [IMPORTANT]

trunkswd on 02 October 2022
VAMatt said:

I assume this is why I don't appear to have supporter status. Is that correct?

Correct. Once we figure everything out we will give everyone who has paid for supporter your supporter status back. 



VGChartz Sales Analyst and Writer - William D'Angelo - I stream on Twitch and have my own YouTubeFollow me on Bluesky and Threads.

I post and adjust the VGChartz hardware estimates, with help from Machina.

Writer of the Sales Comparison | Monthly Hardware Breakdown Monthly Sales Analysis | Marketshare Features, as well as daily news on the Video Game Industry.

Around the Network
VAMatt on 02 October 2022

Thanks for your hard work everybody!



EpicRandy on 02 October 2022
Captain_Yuri said:

Idk how hard it would be to implement 2FA on this site but if it hasn't been done already for Admins and such... I'd highly recommend getting that implemented for those that have that level of control.

That depends on how the security is done. Usualy for a 2FA you will rely on a federation (Google, facebook, microsoft etc.) or create your own through such tools as active directory (ADFS from Microsoft) or equivalent. If your users registration is simply a database table with hashed password it would need a security overhaul.



trunkswd on 02 October 2022
EpicRandy said:
Captain_Yuri said:

Idk how hard it would be to implement 2FA on this site but if it hasn't been done already for Admins and such... I'd highly recommend getting that implemented for those that have that level of control.

That depends on how the security is done. Usualy for a 2FA you will rely on a federation (Google, facebook, microsoft etc.) or create your own through such tools as active directory (ADFS from Microsoft) or equivalent. If your users registration is simply a database table with hashed password it would need a security overhaul.

Passwords are all encrypted. But yes, we will look into adding 2FA. 



VGChartz Sales Analyst and Writer - William D'Angelo - I stream on Twitch and have my own YouTubeFollow me on Bluesky and Threads.

I post and adjust the VGChartz hardware estimates, with help from Machina.

Writer of the Sales Comparison | Monthly Hardware Breakdown Monthly Sales Analysis | Marketshare Features, as well as daily news on the Video Game Industry.

Imaginedvl on 02 October 2022
trunkswd said:
EpicRandy said:

That depends on how the security is done. Usualy for a 2FA you will rely on a federation (Google, facebook, microsoft etc.) or create your own through such tools as active directory (ADFS from Microsoft) or equivalent. If your users registration is simply a database table with hashed password it would need a security overhaul.

Passwords are all encrypted. But yes, we will look into adding 2FA. 

Passwords are encrypted or you are saving just a hash (so people cannot reverse it back to the actual password even if they have access to the database)? 

Encyrpting passwords are not really safe... Most website, servers are not doing that anymore which is the reason why you cannot really "receive" your password but just reset it.

And on VGChartz, there is really no reason to need to have our password encrypted instead of just the hash.



Around the Network
Zkuq on 02 October 2022
trunkswd said:
EpicRandy said:

That depends on how the security is done. Usualy for a 2FA you will rely on a federation (Google, facebook, microsoft etc.) or create your own through such tools as active directory (ADFS from Microsoft) or equivalent. If your users registration is simply a database table with hashed password it would need a security overhaul.

Passwords are all encrypted. But yes, we will look into adding 2FA. 

I hope what you really mean is hashed instead of encrypted, but either way, at least it's not plain text.

Anyway, thanks for working to sort this out! I imagine this is a bit of a sticky situation and this is probably all (or mostly?) essentially volunteer work, so I really appreciate the work put into fixing things.



Barozi on 02 October 2022

I was just getting used to seeing all those black dicks on the home page.



trunkswd on 02 October 2022
Imaginedvl said:
trunkswd said:

Passwords are all encrypted. But yes, we will look into adding 2FA. 

Passwords are encrypted or you are saving just a hash (so people cannot reverse it back to the actual password even if they have access to the database)? 

Encyrpting passwords are not really safe... Most website, servers are not doing that anymore which is the reason why you cannot really "receive" your password but just reset it.

And on VGChartz, there is really no reason to need to have our password encrypted instead of just the hash.

Zkuq said:
trunkswd said:

Passwords are all encrypted. But yes, we will look into adding 2FA. 

I hope what you really mean is hashed instead of encrypted, but either way, at least it's not plain text.

Anyway, thanks for working to sort this out! I imagine this is a bit of a sticky situation and this is probably all (or mostly?) essentially volunteer work, so I really appreciate the work put into fixing things.

I just asked as I am not sure about how this whole thing works. JLauro says the passwords are hashed and not encrypted. 



VGChartz Sales Analyst and Writer - William D'Angelo - I stream on Twitch and have my own YouTubeFollow me on Bluesky and Threads.

I post and adjust the VGChartz hardware estimates, with help from Machina.

Writer of the Sales Comparison | Monthly Hardware Breakdown Monthly Sales Analysis | Marketshare Features, as well as daily news on the Video Game Industry.

Imaginedvl on 02 October 2022
trunkswd said:
Imaginedvl said:

Passwords are encrypted or you are saving just a hash (so people cannot reverse it back to the actual password even if they have access to the database)? 

Encyrpting passwords are not really safe... Most website, servers are not doing that anymore which is the reason why you cannot really "receive" your password but just reset it.

And on VGChartz, there is really no reason to need to have our password encrypted instead of just the hash.

Zkuq said:

I hope what you really mean is hashed instead of encrypted, but either way, at least it's not plain text.

Anyway, thanks for working to sort this out! I imagine this is a bit of a sticky situation and this is probably all (or mostly?) essentially volunteer work, so I really appreciate the work put into fixing things.

I just asked as I am not sure about how this whole thing works. JLauro says the passwords are hashed and not encrypted. 

Great :) TY for confirming.



trunkswd on 02 October 2022
Imaginedvl said:
trunkswd said:

Zkuq said:

I hope what you really mean is hashed instead of encrypted, but either way, at least it's not plain text.

Anyway, thanks for working to sort this out! I imagine this is a bit of a sticky situation and this is probably all (or mostly?) essentially volunteer work, so I really appreciate the work put into fixing things.

I just asked as I am not sure about how this whole thing works. JLauro says the passwords are hashed and not encrypted. 

Great :) TY for confirming.

No problem! I used the wrong wording lol. Sorry to scare anyone. 



VGChartz Sales Analyst and Writer - William D'Angelo - I stream on Twitch and have my own YouTubeFollow me on Bluesky and Threads.

I post and adjust the VGChartz hardware estimates, with help from Machina.

Writer of the Sales Comparison | Monthly Hardware Breakdown Monthly Sales Analysis | Marketshare Features, as well as daily news on the Video Game Industry.