Compromised websites

Lately, I am beginning to see more communities that I belong to being hacked. It first started with SRL forums a couple of weeks ago. Its quite an irony since it is a hacking forum, albeit one targeted at game hacks. Fortunately, the admin team was very efficient and sent out an email to everyone warning them of the compromise. According to them, an imposter had got hold of another admin's old email account and convinced them to reset his password, he gained access to the databases through an exploit after logging in.

Just earlier, ubuntu forums was hacked, salted and hashed passwords were leaked out. I must say that it is rather unexpected especially since linux is touted as one of the most secure OS, its support forums should be reasonably secure. Anyway no details regarding the loophole has been released.

For both the websites as well as all other forums/non critical websites, I have used "throw away" passwords. Even if this password is released, I wont bother to change my passwords simply because I have too many of these accounts all over the place.

My next tier of passwords are used for my email, facebook account and so far have been uncompromised in any attacks. The final tier of passwords are used for financial services. Rather than a separate password for every account that experts often advocate, I use just 3 unique passwords for different tiers and it is serving me well so far. This might actually be safer in my opinion since memorising 3 passwords is feasible unlike memorising 50+ unique passwords for different sites, people might eventually end up writing or storing these passwords somewhere which would compromise the security of their accounts.