SoFurry hacked; users advised to change passwords
Toumal admitted the site had been vulnerable for the past eighteen months, but said the "security hole" had been fixed. New passwords will be salted to reduce the damage of any future breach. He also cautioned against using the same password on different sites.
While a hash does not contain the password, it is possible to deduce commonly-used passwords by comparing against a list of pre-made hashes. Salting adds an extra component to the password, rendering this so-called "rainbow table" technique infeasible.
The reporter of the security vulnerability has not publicly distributed the hashes, and is currently assisting with a review of the site's security. According to Toumal, this is the second time in as many years that a third-party has "helped" in this fashion.
Online multiplayer social game Furcadia suffered a similar security breach last October.