339 million Accounts Hacked From Adult Dating Site

Forum Moderators: open

Message Too Old, No Replies

339 million Accounts Hacked From Adult Dating Site

engine

11:47 am on Nov 14, 2016 (gmt 0)

A significant data breach is being reported having hit 339 million accounts on an adult dating site, and some of it's other properties, including records going back a number of years.
Sensitive data may be within the database and offers thieves the opportunity of abusing the information to the extent of identity theft.
Every time these reports come through it amplifies the need to have unique passwords for each and every service.

The three largest site's SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn't cryptographically as secure as newer algorithms.

LeakedSource said it was able to crack 99 percent of all the passwords from the databases. 339 million Accounts Hacked From Adult Dating Site [zdnet.com]

lammert

3:00 pm on Nov 14, 2016 (gmt 0)

That 99% crack rate has not much to do with the insecure SHA-1 algorithm. Even with modern computers it is not feasible to perform a brute force attack on 339 million hashed passwords in a decent amount of time on hashes created with SHA-1. That 99% is caused by reuse of passwords and the large list of passwords and hash combinations floating around the internet. A first line of defense would be using random salts which causes passwords to generate different hash values depending on the random salt, but reading that part of the passwords were stored in plain text, I assume that they didn't take that measure.