Be Proactive

Database leaks are almost always going to happen, I am not saying you can prevent them. However, if you guys are not storing passwords properly right now, please take this recent database leak as a chance to be proactive and make things right before it happens again. Your users should not have to worry and experience global password changes such as this for security reasons.

Look into best practices for storing passwords securely. Once you start using a strong, unbroken hash algorithm with a random salt for each user's password then database leaks shouldn't really result in compromised accounts. The exception to this might be those who use really simple passwords which you can also remedy by enforcing a certain strength of passwords on accounts (if you don't already).

I have heard good things about the phpass library which basically does all the heavy lifting for you. (see quote and article below)

 

I'm not 100% sure as to the hashing/salting algorithm that the site uses, but I can guarantee you that they are hashed and salted. We do our best to ensure the safety of your personal data, be it passwords or otherwise.

 

Trust me, if Sythe and Matthew didn't know what they were doing, these leaks would have happened years ago and with an alarming frequency. I recall even Sony--who can pay an actual salary to dozens of IT professionals--having their own database compromised last year.

 

If that's the case I would be interested in knowing what strategies they currently have in place since they still feel the need to tell users to change their passwords.

I specifically said I am not bitter about the leak; these things happen. They do a good job of minimizing them. My issue is with storing passwords insecurely so I am waiting to hear from staff in that regard.

 

Passwords are stored very securely. Nothing is unhackable though if you try hard and long enough. Tons of websites have global pass resets anyways.

The right people are "in the know" on this situation and further improvements are to come.