They won't be hashed with a custom algorithm, that's not practical or necessary. The correct question is, are they salted?
Are they hashed with a custom algorithm, or a well known one that can be reversed with an already existing rainbow table?
They are hashed.
And the answer is yes (as per IPB documentation), so they can't be cracked with a rainbow table.
But I did just read that there was another attack in which they hacked into the login form itself and got the plaintext data from there. So I am assuming;
- They have had access to the database, thus to hashes + salted passwords (not easily reversable)
- The twitter data stored here are login hashes / oauth tokens, no passwords - just reset the login tokens for twitter
- There is 0 connection between this forum and other parts of YoYoGames (as it should!
) which contains personal information (such as the marketplace / licensing servers)
- They have had access to the login form, thus they have the plain text password of anyone who has logged in while the hack was there
So if you were logged in automatically (by cookie / session) you should be OK and damage is minimal.
This is based on assumption and I hope one of the forum administrators can acknowledge these statements.
Also a good idea to use tools like passwordmanagers that create a random password for each website. This prevents a whole lot of trouble (rainbow tables, shared passwords over different websites etc.)