> The system was not breached, no passwords were compromised (they are salte... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jart on Jan 11, 2013 \| parent \| context \| favorite \| on: Bitcoin exchange hacked via Rails exploit, funds s... > The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways) When they say "multiple times" I hope that means they're using PBKDF2 or bcrypt, because if they were simply using SHA1 then their users are even more doomed.

Xylakant on Jan 11, 2013 [–]

Given that this is a Remote Code Execution vulnerability I'd be very careful about the "not breached" as well. For all we know, the attacker could still have a shell or a rootkit on the server.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact