What is a database leak?
All website data is stored in MySQL databases. These are like huge tables of information, recording IP addresses, times, passwords, usernames, posts, everything like that. This forum runs on a MySQL database. Almost every website utilizes them.
A database breach is when the database leaks, whether this be through MySQL injection, Social Engineering, or simply hacking or bruteforcing the administrator's account that has access to the database, and is posted online or given to people with a malicious intent.
All the information in the spoiler is something you could know, and could be useful and interesting knowledge, but isn't necessary to get my point across. Read if you would like!
Spoiler: Show More
Alright, so what is the risk if I am compromised in such a breach?
Anyone who has that database can and will try to steal accounts on other websites. The majority of people use the same password across multiple websites, and these hackers realize this. They will test your password on other websites such as paypal, netflix, hulu, etc.. And sell or steal from your accounts, or simply highjack them as their own.
How can I check to see if I have been compromised in a breach?
There's no sure fire-way to know if you haven't been compromised. Many people register on a lot of low-profile websites, and when their database leak, they don't notify their customers or anyone else of the compromise. However, we can check if we have been compromised in known database leaks through the website http://haveibeenpwned.com/ If we go here, and insert usernames and emails, it will search database breaches and tell us which ones we have been compromised in.
Are there any breaches you think I should know about?
There's only one database breach that directly relates to the PB2 community at this time. This is the Xat database breach. In October 2015, the Xat owner was social engineered and eventually accidentally gave database access to a malicious hacker. He dumped it, and now somewhere on the internet, the Xat database is floating around. This means, you Xat account username, password, IP address, and other information is in hacker's hands.
Spoiler: Show More
What's the best way to protect myself from these risks?
Pretty simple-I would recommend using a Password Manager, and having a new password on every account you use. Additionally, I recommend using 2 Facto Authorization on every website that offers it. Google Authy is the app for that. Me personally, I randomly generate every one of my passwords, and save them in a password manager called Lastpass. It is very high quality and would recommend it to everyone.
Are there any additional threats that can come from database breaches?
There are, through breaches, people will jack your accounts and impersonate you. But if you stay safe, you still are at risk. If your address leaks in a database leak, people will send you pizzas, harrass you anyway they can, even can lead to swatting. This is why I recommend never entering your actual address on the web.
Is every website vulnerable to a leak?
I would say so. Even this forum, even though it is separate from the PlazmaBurst2 website, relies on phpBB, and usually once or twice a year a vulnerability in these forums is leaked. Should one come out for this forum, hackers could potentially acquire access to the entire PB2 website databases, because this forum and the PB2 database appear to be linked somehow.
I'll have to let this tutorial churn in my mind a bit. There's definitely more to be said about the topic, but I'm not sure what's necessary to bring to the table.