Seals With Clubs Hacked - Warning

For anyone not already aware of it the login credentials of over 42,000 users has been leaked onto the interwebs.

Full details here http://arstechnica.com/security/201...-user-credentials-after-42000-passwords-leak/

With the price of bitcoins these days I'm not surprised it would be a place to attack, aint read the article but probably will this evening maybe.

just binked some high stakes accounts

gg life

SealsWithClubs Database Likely Compromised

SealsWithClubs poker site advised it's users that their database had likely been compromised.

This is the site that uses bitcoins only for transactions.

They issued a mandatory password re-set and advised users to re-set their passwords at other sites if they had used the same one there.

Posted on their site:

Manditory Password Reset

The datacenter that we employed up to November permitted unauthorized access to a database server and our database containing user credentials was likely compromised. Passwords were salted and hashed per user, but to be safe every user MUST change their password when they next log in. Please do so at your earliest opportunity. If your Seals password was used for any other purpose you should reset those passwords too as a precaution.

As a response to this occurrence, a top priority is to further put user’s security into their own hands beyond offering two-factor authentication. This includes the ability to permanently lock withdrawal address, locking out the transfer feature, and locking out account access except for a set of IPs (at least one of which must be the currently used IP). Expect to see these features in the near future.

Transfers may be disabled for a short period of time. Thank you very much for your understanding and support during this rough time. We sincerely apologize for any inconvenience or concern this may cause our players.

Seems like someone has it in for swc's, they have also had a DDoS attack last year.

If you want to check if any of your details have been leaked, at any time, not just from this exploit just enter any email address you use into this site: http://haveibeenpwned.com/

It searches all of the known leaked info and tells you if you're there. If it says that you have been pwned, you might consider changing the passwords you use on anything using that email address.

wow that's pretty scary

This incident demonstrates once two problems that exist at the moment, owners of online services: first - weak passwords, the second - not using reliable methods of data encryption.

horizon12 said:

This incident demonstrates once two problems that exist at the moment, owners of online services: first - weak passwords, the second - not using reliable methods of data encryption.

Click to expand...

If passwords were salted per user as they claim, that's about as reliable as one can get for passwords. Especially if they used a SHA hash instead of MD5. Hashes are non-reversible, and if uniquely salted can never be compared with the same password found elsewhere, even if the same hash algorithm is used.

The issue is how the information was accessed in the first place. They claim their datacenter "permitted unauthorized access" to their server. Could be just a decoy to shift blame from themselves, but if true it's not something they have control over. When you use the services of a third-party datacenter, you have to accept the staff as trustworthy. They manage your servers and have physical access to them. It's very rare that a datacenter insider steals user info, but it's not unheard of either. The vast majority of sites (or other businesses for that matter) can't afford to setup and run their own datacenters, which is why 3rd party datacenters are typically used.

They were salted SHA1. So they have all been cracked by now.

Seals is a good site run by honorable folks who work hard to keep it safe. I have made a fortune playing on SwC...

This event sucks, but the site owners are legit. I vouch for them.