Can anyone please report it?

[Eri]

I know they've been on the web for some time and most people have probably changed passwords since then, but this angers me every time I do a ego-search on Google. And I get some technical problems while trying to report it. I guess I'm not the only one who feels bad about that page - many people came here form TWG.

http://pastebin.com/fYdHt3ni (all users + password hashes from Time Waster's Guide)

[darniil]

Fortunately, it's not the actual passwords. Depending on what the TWG admins used to encrypt the passwords, odds are nobody has anything to worry about regarding password security.

Though, I guess it could mean an influx of spam for those email addresses.

What do you mean by "technical problems"?

[Joe ST]

the passwords are most likely MD5 hashed, thinking back to how SMF (the forum software used by TWG) did it at least 5 years ago >.>

[Eri]

MD5 hashes can be broken. (Google for "md5 rainbow tables".) Even salted passwords may be broken, with some luck and a good computer.

And most people often use similar passwords.

[Alliare]

Oh, hell, now that explains why I started getting strange spam in that e-mail account in the first place. I never used that account beside a couple of posts, so I had forgotten about it.

This is annoying.

[Eerongal]

we have a topic about it here from a few months ago. This is basically the reason that TWG was shut down, once spriggan found out. What exactly are you wanting done? Best we could do is have everyone click the "report abuse" button on pastebin, but even if it gets taken down, the person behind it is likely to throw it up somewhere else.

[Eri]

I don't care if it's posted on some deep, secret, 1337 hax0r site. But this is a public place, indexed by Google. I have two problems with that:

- Every user's neighbour / ex-girlfriend / dog / whoever can easily find and possibly decode their TWG password with no IT knowledge needed, except how to use Google. And I do not believe that noone uses the same password everywhere and unchanged since then. In fact, I think many people do.

- The fact that when one googles on my email, one of two results is a leaked password makes me look like an idiot. Even though it's not my fault at all.

[Eerongal]

I don't care if it's posted on some deep, secret, 1337 hax0r site. But this is a public place, indexed by Google. I have two problems with that:

- Every user's neighbour / ex-girlfriend / dog / whoever can easily find and possibly decode their TWG password with no IT knowledge needed, except how to use Google. And I do not believe that noone uses the same password everywhere and unchanged since then. In fact, I think many people do.

- The fact that when one googles on my email, one of two results is a leaked password makes me look like an idiot. Even though it's not my fault at all.

well, first off, the passwords are supposedly salted anyways. MD5 on its own is easy to break due to rainbow tables, as you mentioned, but salting makes it impossible for rainbow tables to break it. In fact, that's the point of salting an MD5 hash is so that you can't use this method to crack it (because a hash of "random128characters.password" likely won't exist in the prehashed rainbow table, generally). With a sufficiently long salt, brute force attacks are basically a waste of time. Granted, I can't vouch for anything on the security side of TWG outside of what spriggan said in that topic.

Also, like i said, there's kinda nothing we can do about it outside of clicking the "report abuse" link on the pastebin. It's not like we have some sort of in connection to pastebin to get it taken off. Also, since it's all ready been indexed by google, it's likely too late to get it removed from google results anyways.Afterall, as they say, once it's on the internet, it's there forever.