Not a word still from server-side Admin.
I am emailing the site-owner directly.
Whether wholesale changes of changes of passwords are wise/necessary I do not know.
In particular, whether alleged site vulnerabilities make the entry of new passwords of value nor not. As it happens, I asked IT yesterday how "all members" can be contacted.
I'll keep pressing. I'm reluctant to make any specific recommendations on something where my knowledge level is so low.
@smithyy166 - I will reply to your email shortly.
David
Noted David - I'll keep an eye on my inbox.
Personally, in this situation, I'd say resetting everyones password is a very, VERY good idea. From what's been reported, ShipSpotting.com encrypts passwords with MD5, without a salt. This basically means that the encryption is pretty easy to break; less than 10 seconds on an old fashioned clunky laptop. See (
https://medium.com/@svanas/why-an-unsalted-md5-hash-is-bad-practice-6a0d7d017856)
[Note - Their advice about using a password manager of some sort is a SUPER good idea]...
This means it's sadly only a matter of time before the passwords are broken into. I doubt they'd be used on here though; they'd either be used to try and get into someone's social media, paypal/banking etc., or the passwords would be ignored altogether and the e-mail addresses dumped into a spam-mailer. I would suggest the moderators, admins etc. change their passwords if they can.
What can everyone do? Well, until the site owner/IT get back to David, there's not a *huge* amount anyone can do about shipspotting.com, BUT you can;
- Use a password manager (Most antiviruses come with one, if not there's some good free ones around for chrome, firefox, android etc. )
- Never use the same password twice, ESPECIALLY not for banking, paypal etc.,
- Change your password here (if that's working...),
- Change your password on any other site that uses the same e-mail address that you use for shipspotting, ESPECIALLY if the password is the same.
- Use two factor authentication whenever you can,
- Don't using words from the dictionary in your passwords - Replace "o" with "0", "s" with "5" etc,
- Follow the advice here -> https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/