If you ever held an account on Xbox360ISO.com or PSPISO.com, now’s the time to reset your password. Both sites were hacked by an unknown attacker in late 2015, with the details of those affected splashed on the Internet late this weekend.
The details encompass an incredible 2.5 million users, and include email addresses, IP addresses, usernames and passwords. It seems that the operator of these sites did nothing to protect the latter, as all passwords were ‘protected’ using the MD5 hashing system, which is trivially easy to overcome. For reference, that’s the same hashing system used by LinkedIn. And we all know how that turned out.
As the names of these sites imply, they were used to share pirated copies of games for Microsoft and Sony’s gaming platforms. They also both have a thriving community where people discussed a variety of tech-related topics, including gaming news and software development.
If you think you might have had an account on these sites at one point, and want to check if you were affected, you can visit Troy Hunt’s Have I Been Pwned. If you have, it’s worth emphasizing that anyone who gained access to that site, and anyone who has since downloaded the data dump, will be able to discern your password. If you’ve used it on another website or platform, you should change it.