Meta-PokéBase Q&A
0 votes
582 views
by
There's almost always a risk of getting your account hacked, but the risk is almost always miniscule.
To be honest, I don’t think there are a whole lot of people looking to hack into a Pokémon fan site. AFAIK, it’s never happened in the q&a’s entire 11-year history.

1 Answer

7 votes
 
Best answer

Firstly, what do you mean by "hacked"? I'm going to assume this means you are worried about people gaining your password + email for this website (and possibly using your PokeBase account).

In general, you should not worry about having your login details accessed by some other person. The biggest risks for having your account "hacked" in this way (very much a misnomer!) are:

  • you are using a rubbish password like 123456 or qwerty that will be cracked instantly by any human or script that cares. (PokeBase may not even allow you to use passwords like that.)
  • you are using a password that your brother could guess.
  • you have given your login details to somebody else (or put them somewhere other people could find them). Be careful with "remember my password" features on computers that other people are using -- they can go into the browser settings and see your passwords.
  • your login credentials on PokeBase match those you've use on another service that has suffered a data breach (notably, Smogon is among those).

...However, I can tell you there that is basically zero motivation for any person you don't know to access your PokeBase account. Nobody can gain anything from hacking your account here in comparison to something like Apple's official Twitter account. Nobody will be trying to login into your account, let alone doing so successfully.

There is the possibility that PokeBase itself will suffer a data breach. However, in order for that to happen, there must exist a) vulnerability that somebody can exploit, and b) motivation. Since Pokemaster is a professional who controls PokeBase's database, web server, and even the software it runs on, you can expect he has a pretty good grip on keeping the service secure. Furthermore, I don't imagine 78,000 emails + hashed passwords from a Pokemon fansite would be a person's #1 target to attack. (Worth mentioning that Smogon's forums were hacked out of spite IIRC -- I don't think the same motivation exists for hacking PokemonDB.)

With all of that said though, nothing is beyond the realm of possibility; and generally, if you use lots of different services on the internet, then I'd say it's likely your email and other info will be compromised someplace, sometime. (It may already have been -- try putting your email into haveibeenpwned, which has a collection of emails that are known to appear in data breaches.)

If that's concerning to you, then consider using computer generated passwords for each website you use. These passwords are basically impossible to crack with brute force (because they are long and utterly random), and since they are unique for each website you use, then they can't be used for credential stuffing even if they're decrypted. There are lots of password managers out there which will do this for you (though many are monetised), and Google Chrome has an in-built function for it as well.

I'll also mention in case it wasn't clear: even if PokeBase suffered a data breach, all the passwords in the database are encrypted using a hashing algorithm (and this is standard practice for all websites). It is very easy to test common passwords like qwerty against the hashes in a compromised database and get some "confirmed" records, but if you have a good password, then encryption is very likely to protect you if your data is compromised.

A long answer for a relatively simple question: but in short, as long as you know basic internet security practices, you don't have much to worry about.

by
selected by
fizz's password is poop12 and his email is [email protected]
oh okay.