Technology @lemmy.world Dot. @feddit.org 2d ago

The Club Penguin Experience got breached.

Source.

24 comments

Pretty good disclosure text. There are much bigger companies that don't manage to be this clear.

The only nitpick I have is saying "encypted" with bcrypt, even though they clearly know that bcrypt only hashes things.
- I'm willing to give him a pass on that one since they're probably worried that their General audience will understand the word encrypted but not understand the word hashed
But didn't club penguin close doors ?
- This is a clone version.
obligatory bcrypt is not encryption
- Correct but you also dont want an encrypted password. You want a hashed password.
  
  this is true, and the name bcrypt can be misleading to non experts. i don’t blame them for getting this wrong in a pr statement 🤷‍♀️
What the hell is Club Penguin?
- Habbo hotel for the little, little ones I think?
- I guess you were born in the 2000s.....
  
  I guess you were born in the 1950s, kids these days just don't know...
  
  Hey, I was born in the early 2000s and Club Penguin was huge when I was a kid! Everyone my age knows about it.
  
  I was born in the late 1980s, can I know what it is?
  
  Edit: Looks like a game. Are we assuming everyone in a technology community cares about video games? I’m a programmer but can’t get into video games at all.
bcrypt... with how many iterations? seems like an important detail
- I don’t think I’d make that information public were I in their shoes. Wouldn’t that be a hint for anyone attempting to crack them?
  
  no, it’s (usually) stored as a part of the hash
So what password hashing mechanism upgrades they implemented?

24 comments