For now. Let's throw some money their way to make search by phone number happen? I have donated just last week and I will do that again next month.

A less virtuous person would just pay criminals a hundred bucks or some other trivial fee to have direct access to the data that's being collected (and mishandled) about him. The song and dance required to keep these leaks out of public sight only enables victimizers, and there would be a magnet link in this very thread if they didn't have deep pockets and a vested interest in relegating this news to a one-and-half-page internet news blurb.

It was still reported to HIBP, its probably a worthwhile search.

Off topic, but I'm amused to see xkcd was hacked. And that its database used MD5 for hashing emails, passwords, and IP addresses!

Hashing an IP address (or phone number) doesn't add much security because such hashes are easy to reverse. Better idea is to delete IP address after some short time. You might keep it for a week on month to prevent mass registration, but after that time you don't need it.

> Hashing an IP address (or phone number) doesn't add much security because such hashes are easy to reverse.

Only if they hashed them separately.

Really it was their PHPBB forum heh. MD5 is so lame for passwords tho.