Hey all,

I just wanted to let you know that the passwords on newgrounds.com are not encrypted / hashed and are simply stored in plain text in the database. This is a major security issue, any web developer that attended security 101 will tell you that.

This means that if you used your newgrounds password on other sites, anyone with admin access to newgrounds could log in into those accounts. Let's say some guy you don't like does an internship over there and he wants to get your password? He'll most likely be able to get it. Same thing for any hacker that manage to get into Newgrounds' servers - no server is safe from a clever exploit. Once the person has your email+password combo, he could log into your bank account, email, amazon, paypal... anything using the same credentials really.

You can easily check this issue for yourself, simply use the "forgot password" feature and be amazed when you receive your email sent in plain text.

To the NG staff: please fix this issue as soon as possible
To the users: change your password to one you will only use on newgrounds

Thanks